From 1f020e2cb580941a36aa98737cd679a8605cdc4d Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 22 Sep 2016 09:38:56 -0400 Subject: [PATCH 1/2] gnu: openssl: Replace with 1.0.2i [security fixes]. Fixes CVE-2016-{2177,2178,2179,2180,2181,2182,2183,6302,6303,6304,6306,6308}. * gnu/packages/tls.scm (openssl)[replacement]: New field. (openssl-1.0.2i): New variable. --- gnu/packages/tls.scm | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 0762703..198d298 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -229,6 +229,7 @@ required structures.") (define-public openssl (package (name "openssl") + (replacement openssl-1.0.2i) (version "1.0.2h") (source (origin (method url-fetch) @@ -367,6 +368,24 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) +(define-public openssl-1.0.2i + (package (inherit openssl) + (source + (let ((name "openssl") + (version "1.0.2i")) + (origin + (method url-fetch) + (uri (list (string-append "ftp://ftp.openssl.org/source/" + name "-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/" name "-" version ".tar.gz"))) + (sha256 + (base32 + "0vyy038676cv3m2523fi9ll9nkjxadqdnz18zdp5nm6925yli1wj")) + (patches (search-patches "openssl-runpath.patch" + "openssl-c-rehash-in.patch"))))))) + (define-public openssl-next (package (inherit openssl) -- 2.10.0