~ruther/guix-local

50f701d4f9b28123794888780977459eff2d8f33 — Leo Famulari 9 years ago 62d0009 
gnu: openssl: Replace with 1.0.2i [security fixes].

Fixes CVE-2016-{2177,2178,2179,2180,2181,2182,2183,6302,6303,6304,6306,6308}.

* gnu/packages/tls.scm (openssl)[replacement]: New field.
(openssl-1.0.2i): New variable.
patch browse .tar.gz 
1 files changed, 19 insertions(+), 0 deletions(-)

M gnu/packages/tls.scm

M gnu/packages/tls.scm => gnu/packages/tls.scm +19 -0
@@ 229,6 229,7 @@ required structures.")
(define-public openssl
  (package
   (name "openssl")
   (replacement openssl-1.0.2i)
   (version "1.0.2h")
   (source (origin
             (method url-fetch)


@@ 367,6 368,24 @@ required structures.")
   (license license:openssl)
   (home-page "http://www.openssl.org/")))

(define openssl-1.0.2i
  (package (inherit openssl)
    (source
      (let ((name "openssl")
            (version "1.0.2i"))
        (origin
          (method url-fetch)
          (uri (list (string-append "ftp://ftp.openssl.org/source/"
                                    name "-" version ".tar.gz")
                     (string-append "ftp://ftp.openssl.org/source/old/"
                                    (string-trim-right version char-set:letter)
                                    "/" name "-" version ".tar.gz")))
          (sha256
           (base32
            "0vyy038676cv3m2523fi9ll9nkjxadqdnz18zdp5nm6925yli1wj"))
          (patches (search-patches "openssl-runpath.patch"
                                   "openssl-c-rehash-in.patch")))))))

(define-public openssl-next
  (package
    (inherit openssl)