gnu: openssl: Replace with openssl-1.0.2k [security fixes].

Fix CVE-2016-7055 and CVE-2017-{3731,3732}.

* gnu/packages/tls.scm (openssl)[replacement]: New field.
(openssl-1.0.2k): New variable.
(openssl-next)[replacement]: New field.

Signed-off-by: Marius Bakke <mbakke@fastmail.com>
This commit is contained in:
Leo Famulari 2017-01-26 14:19:35 -05:00 committed by Marius Bakke
parent 264ccbb31e
commit 544db93caf
No known key found for this signature in database
GPG Key ID: A2A06DF2A33A54FA
1 changed files with 21 additions and 0 deletions

View File

@ -244,6 +244,7 @@ required structures.")
(define-public openssl (define-public openssl
(package (package
(name "openssl") (name "openssl")
(replacement openssl-1.0.2k)
(version "1.0.2j") (version "1.0.2j")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
@ -381,9 +382,29 @@ required structures.")
(license license:openssl) (license license:openssl)
(home-page "http://www.openssl.org/"))) (home-page "http://www.openssl.org/")))
(define openssl-1.0.2k
(package
(inherit openssl)
(name "openssl")
(version "1.0.2k")
(source
(origin
(method url-fetch)
(uri (list (string-append "ftp://ftp.openssl.org/source/"
name "-" version ".tar.gz")
(string-append "ftp://ftp.openssl.org/source/old/"
(string-trim-right version char-set:letter)
"/" name "-" version ".tar.gz")))
(sha256
(base32
"1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb"))
(patches (search-patches "openssl-runpath.patch"
"openssl-c-rehash-in.patch"))))))
(define-public openssl-next (define-public openssl-next
(package (package
(inherit openssl) (inherit openssl)
(replacement #f)
(name "openssl") (name "openssl")
(version "1.1.0c") (version "1.1.0c")
(source (origin (source (origin