summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2016-05-03 13:06:00 -0400
committerMark H Weaver <mhw@netris.org>2016-05-03 13:31:50 -0400
commit3c1d2981ff0cc63c74d10e78fe9e2b056e9f4ac0 (patch)
treec4df997faababe5a79f3c5a3eccd9e8388aad341
parente760ec4187244c0960f21803abef1849c97a8203 (diff)
gnu: openssl: Replace with 1.0.2h [security fixes].
Fixes CVE-2016-{2105,2106,2107,2109,2176}. * gnu/packages/tls.scm (openssl)[replacement]: New field. (openssl/fixed): New variable.
-rw-r--r--gnu/packages/tls.scm20
1 files changed, 20 insertions, 0 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 0f4441d70c..6685ee0349 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -198,6 +198,7 @@ required structures.")
(package
(name "openssl")
(version "1.0.2g")
+ (replacement openssl/fixed)
(source (origin
(method url-fetch)
(uri (list (string-append "ftp://ftp.openssl.org/source/"
@@ -298,6 +299,25 @@ required structures.")
(license license:openssl)
(home-page "http://www.openssl.org/")))
+(define openssl/fixed
+ (package
+ (inherit openssl)
+ (source
+ (let ((name "openssl")
+ (version "1.0.2h"))
+ (origin
+ (method url-fetch)
+ (uri (list (string-append "ftp://ftp.openssl.org/source/"
+ name "-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version char-set:letter)
+ "/" name "-" version ".tar.gz")))
+ (sha256
+ (base32
+ "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x"))
+ (patches (search-patches "openssl-runpath.patch"
+ "openssl-c-rehash-in.patch")))))))
+
(define-public libressl
(package
(name "libressl")