From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36667) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f1FYJ-0006AI-R7 for guix-patches@gnu.org; Wed, 28 Mar 2018 14:12:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1f1FYI-0003Xd-NY for guix-patches@gnu.org; Wed, 28 Mar 2018 14:12:03 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:49676) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1f1FYI-0003XS-Js for guix-patches@gnu.org; Wed, 28 Mar 2018 14:12:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1f1FYI-0001zy-F5 for guix-patches@gnu.org; Wed, 28 Mar 2018 14:12:02 -0400 Subject: bug#30966: [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739]. Resent-To: guix-patches@gnu.org Resent-Message-ID: Date: Wed, 28 Mar 2018 14:11:54 -0400 From: Leo Famulari Message-ID: <20180328181154.GA16088@jasmine.lan> References: <97a98c7fe0dfe6f98839e9cabf8e0022d7d2a8c8.1522190671.git.leo@famulari.name> <87efk4tf3y.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="MGYHOYXEY6WxJCY8" Content-Disposition: inline In-Reply-To: <87efk4tf3y.fsf@gnu.org> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 30966-done@debbugs.gnu.org --MGYHOYXEY6WxJCY8 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 28, 2018 at 05:05:37PM +0200, Ludovic Court=C3=A8s wrote: > Hi Leo, >=20 > Leo Famulari skribis: >=20 > > * gnu/packages/tls.scm (openssl)[replacement]: New field. > > (openssl-1.0.2o): New variable. >=20 > [...] >=20 > > + (uri (list (string-append "https://www.openssl.org/sourc= e/openssl-" > > + version ".tar.gz") > > + (string-append "ftp://ftp.openssl.org/source/" > > + name "-" version ".tar.gz") > > + (string-append "ftp://ftp.openssl.org/source/= old/" > > + (string-trim-right version cha= r-set:letter) > > + "/" name "-" version ".tar.gz"= ))) >=20 > Eventually we should factorize this in an =E2=80=98openssl-source-url=E2= =80=99 procedure. Yup :) > > + (sha256 > > + (base32 > > + "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"= )) > > + ;; Erase the inherited snippet, which isn't applicable to > > + ;; OpenSSL 1.0.2o. > > + (snippet > > + '(begin > > + #t)))))) >=20 > Use (snippet #f) to really annihilate the snippet, otherwise you create > a snippet that does nothing, yet entails and unpack-and-repack step. Oh, right :p Thanks! Pushed as 590bdc149b28e03cfd1668e8026919e89e61f00f --MGYHOYXEY6WxJCY8 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlq72uoACgkQJkb6MLrK fwjVBg//dww7gVJfnfAL7+edm6oGVzC7itpcQi/v3Fx++ytltAVqo04Sd46zNTDk JG8M33qma2cSyED8Hb3rBDxR0db6pwaDJQQfxqs8ihXOPPoRIiBDh7J7GUrF7YQ9 HNIRR0wYi2dxxIh+9X0/AhrQZcopYVz9mU7buQrqcgeQvrF/WBRz4Ml8D6I5+5bo fKiJxKmREovQ0FW/CRyL3izy8wPsa35ODpIpkEx3bn2VFperZayk6b29LuYUZJAE fCd4HtKaOzGGi8w5FZ7DTvrMGT83GFfYEQqSRCq0e1I1rTZgHizPunPj0SEYdY7r 1V/Us6OhGHPJnGL2netTTReNd+1xVvJxdI0ld3gWx+8PptkzXEvzhnGMB5PL/5SJ 3bu/P3h2s3wH4jiLwXk2lR2nIWqgWFK3NgVDDEEdH1AbTTt9IVsF5nE0ia2h7awQ ugzF2jST77cwGF1ziXsuA1E3w1sC4Xq33vJB6fHezeYDTkWLVFryd6rOaVyjqzie yiRXES0OvBSHUpcxGfSGdf0DrZPMn2K4AD28rFtdfFePNqgMfYJpa+j1U4kY/DiU D/qAHxCVlEAlN8wQuB+QxR2GAO6Cp3rAgiDgP5R2CVVTflFB9Y6pzfhGskrnoURc j5tKySiChuwa3zKSLPFaygh/hf4tN3RZz26DOp7CgNa27zC4+Rg= =8Han -----END PGP SIGNATURE----- --MGYHOYXEY6WxJCY8--