[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#30966] [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE
From: |
Ludovic Courtès |
Subject: |
[bug#30966] [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739]. |
Date: |
Wed, 28 Mar 2018 17:05:37 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) |
Hi Leo,
Leo Famulari <address@hidden> skribis:
> * gnu/packages/tls.scm (openssl)[replacement]: New field.
> (openssl-1.0.2o): New variable.
[...]
> + (uri (list (string-append
> "https://www.openssl.org/source/openssl-"
> + version ".tar.gz")
> + (string-append "ftp://ftp.openssl.org/source/"
> + name "-" version ".tar.gz")
> + (string-append "ftp://ftp.openssl.org/source/old/"
> + (string-trim-right version
> char-set:letter)
> + "/" name "-" version ".tar.gz")))
Eventually we should factorize this in an ‘openssl-source-url’ procedure.
> + (sha256
> + (base32
> + "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"))
> + ;; Erase the inherited snippet, which isn't applicable to
> + ;; OpenSSL 1.0.2o.
> + (snippet
> + '(begin
> + #t))))))
Use (snippet #f) to really annihilate the snippet, otherwise you create
a snippet that does nothing, yet entails and unpack-and-repack step.
OK with this change, thank you!
Ludo’.