gnu: openssl@1.0: Replace with 1.0.2m [fixes CVE-2017-3735, CVE-2017-2736].

* gnu/packages/tls.scm (openssl)[replacement]: New field.
(openssl-1.0.2m): New public variable.
This commit is contained in:
Marius Bakke 2017-11-02 22:11:25 +01:00
parent 22bf67d1f4
commit 1df4f5c919
No known key found for this signature in database
GPG Key ID: A2A06DF2A33A54FA
1 changed files with 20 additions and 0 deletions

View File

@ -245,6 +245,7 @@ required structures.")
(package
(name "openssl")
(version "1.0.2l")
(replacement openssl-1.0.2m)
(source (origin
(method url-fetch)
(uri (list (string-append "ftp://ftp.openssl.org/source/"
@ -387,6 +388,25 @@ required structures.")
(license license:openssl)
(home-page "http://www.openssl.org/")))
;; Fixes CVE-2017-3735 and CVE-2017-3736.
;; See <https://www.openssl.org/news/cl102.txt>.
(define-public openssl-1.0.2m
(package
(inherit openssl)
(version "1.0.2m")
(source (origin
(inherit (package-source openssl))
(uri (list (string-append "https://www.openssl.org/source/openssl-"
version ".tar.gz")
(string-append "ftp://ftp.openssl.org/source/openssl-"
version ".tar.gz")
(string-append "ftp://ftp.openssl.org/source/old/"
(string-trim-right version char-set:letter)
"/openssl-" version ".tar.gz")))
(sha256
(base32
"03vvlfnxx4lhxc83ikfdl6jqph4h52y7lb7li03va6dkqrgg2vwc"))))))
(define-public openssl-next
(package
(inherit openssl)