gnu: openssl: Replace with 1.0.2h [security fixes].

Fixes CVE-2016-{2105,2106,2107,2109,2176}. * gnu/packages/tls.scm (openssl)[replacement]: New field. (openssl/fixed): New variable.
2016-05-03 13:06:00 -04:00 · 2016-05-03 13:06:00 -04:00 · 3c1d2981ff
parent e760ec4187
commit 3c1d2981ff
1 changed files with 20 additions and 0 deletions
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@ -198,6 +198,7 @@ required structures.")
  (package
   (name "openssl")
   (version "1.0.2g")
+   (replacement openssl/fixed)
   (source (origin
             (method url-fetch)
             (uri (list (string-append "ftp://ftp.openssl.org/source/"
@ -298,6 +299,25 @@ required structures.")
   (license license:openssl)
   (home-page "http://www.openssl.org/")))

+(define openssl/fixed
+  (package
+    (inherit openssl)
+    (source
+     (let ((name "openssl")
+           (version "1.0.2h"))
+       (origin
+         (method url-fetch)
+         (uri (list (string-append "ftp://ftp.openssl.org/source/"
+                                   name "-" version ".tar.gz")
+                    (string-append "ftp://ftp.openssl.org/source/old/"
+                                   (string-trim-right version char-set:letter)
+                                   "/" name "-" version ".tar.gz")))
+         (sha256
+          (base32
+           "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x"))
+         (patches (search-patches "openssl-runpath.patch"
+                                  "openssl-c-rehash-in.patch")))))))
+
 (define-public libressl
  (package
    (name "libressl")