nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gnu: openssl: Replace with 1.0.2h [security fixes]. 

Fixes CVE-2016-{2105,2106,2107,2109,2176}.

* gnu/packages/tls.scm (openssl)[replacement]: New field.
(openssl/fixed): New variable.
This commit is contained in:
Mark H Weaver 2016-05-03 13:06:00 -04:00
parent e760ec4187
commit 3c1d2981ff
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
gnu/packages/tls.scm
View File

@ -198,6 +198,7 @@ required structures.")
(package (package
(name "openssl") (name "openssl")
(version "1.0.2g") (version "1.0.2g")
(replacement openssl/fixed)
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (list (string-append "ftp://ftp.openssl.org/source/" (uri (list (string-append "ftp://ftp.openssl.org/source/"
@ -298,6 +299,25 @@ required structures.")
(license license:openssl) (license license:openssl)
(home-page "http://www.openssl.org/"))) (home-page "http://www.openssl.org/")))
(define openssl/fixed
(package
(inherit openssl)
(source
(let ((name "openssl")
(version "1.0.2h"))
(origin
(method url-fetch)
(uri (list (string-append "ftp://ftp.openssl.org/source/"
name "-" version ".tar.gz")
(string-append "ftp://ftp.openssl.org/source/old/"
(string-trim-right version char-set:letter)
"/" name "-" version ".tar.gz")))
(sha256
(base32
"06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x"))
(patches (search-patches "openssl-runpath.patch"
"openssl-c-rehash-in.patch")))))))
(define-public libressl (define-public libressl
(package (package
(name "libressl") (name "libressl")