* [bug#30966] [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739].
@ 2018-03-27 22:44 Leo Famulari
2018-03-28 15:05 ` Ludovic Courtès
0 siblings, 1 reply; 3+ messages in thread
From: Leo Famulari @ 2018-03-27 22:44 UTC (permalink / raw)
To: 30966
* gnu/packages/tls.scm (openssl)[replacement]: New field.
(openssl-1.0.2o): New variable.
---
gnu/packages/tls.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 74843c0a9..3f317aa00 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -255,6 +255,7 @@ required structures.")
(define-public openssl
(package
(name "openssl")
+ (replacement openssl-1.0.2o)
(version "1.0.2n")
(source (origin
(method url-fetch)
@@ -399,6 +400,29 @@ required structures.")
(license license:openssl)
(home-page "https://www.openssl.org/")))
+(define-public openssl-1.0.2o
+ (package
+ (inherit openssl)
+ (name "openssl")
+ (version "1.0.2o")
+ (source (origin
+ (inherit (package-source openssl))
+ (uri (list (string-append "https://www.openssl.org/source/openssl-"
+ version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/"
+ name "-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version char-set:letter)
+ "/" name "-" version ".tar.gz")))
+ (sha256
+ (base32
+ "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"))
+ ;; Erase the inherited snippet, which isn't applicable to
+ ;; OpenSSL 1.0.2o.
+ (snippet
+ '(begin
+ #t))))))
+
(define-public openssl-next
(package
(inherit openssl)
--
2.16.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [bug#30966] [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739].
2018-03-27 22:44 [bug#30966] [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739] Leo Famulari
@ 2018-03-28 15:05 ` Ludovic Courtès
2018-03-28 18:11 ` bug#30966: " Leo Famulari
0 siblings, 1 reply; 3+ messages in thread
From: Ludovic Courtès @ 2018-03-28 15:05 UTC (permalink / raw)
To: Leo Famulari; +Cc: 30966
Hi Leo,
Leo Famulari <leo@famulari.name> skribis:
> * gnu/packages/tls.scm (openssl)[replacement]: New field.
> (openssl-1.0.2o): New variable.
[...]
> + (uri (list (string-append "https://www.openssl.org/source/openssl-"
> + version ".tar.gz")
> + (string-append "ftp://ftp.openssl.org/source/"
> + name "-" version ".tar.gz")
> + (string-append "ftp://ftp.openssl.org/source/old/"
> + (string-trim-right version char-set:letter)
> + "/" name "-" version ".tar.gz")))
Eventually we should factorize this in an ‘openssl-source-url’ procedure.
> + (sha256
> + (base32
> + "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"))
> + ;; Erase the inherited snippet, which isn't applicable to
> + ;; OpenSSL 1.0.2o.
> + (snippet
> + '(begin
> + #t))))))
Use (snippet #f) to really annihilate the snippet, otherwise you create
a snippet that does nothing, yet entails and unpack-and-repack step.
OK with this change, thank you!
Ludo’.
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#30966: [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739].
2018-03-28 15:05 ` Ludovic Courtès
@ 2018-03-28 18:11 ` Leo Famulari
0 siblings, 0 replies; 3+ messages in thread
From: Leo Famulari @ 2018-03-28 18:11 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 30966-done
[-- Attachment #1: Type: text/plain, Size: 1475 bytes --]
On Wed, Mar 28, 2018 at 05:05:37PM +0200, Ludovic Courtès wrote:
> Hi Leo,
>
> Leo Famulari <leo@famulari.name> skribis:
>
> > * gnu/packages/tls.scm (openssl)[replacement]: New field.
> > (openssl-1.0.2o): New variable.
>
> [...]
>
> > + (uri (list (string-append "https://www.openssl.org/source/openssl-"
> > + version ".tar.gz")
> > + (string-append "ftp://ftp.openssl.org/source/"
> > + name "-" version ".tar.gz")
> > + (string-append "ftp://ftp.openssl.org/source/old/"
> > + (string-trim-right version char-set:letter)
> > + "/" name "-" version ".tar.gz")))
>
> Eventually we should factorize this in an ‘openssl-source-url’ procedure.
Yup :)
> > + (sha256
> > + (base32
> > + "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"))
> > + ;; Erase the inherited snippet, which isn't applicable to
> > + ;; OpenSSL 1.0.2o.
> > + (snippet
> > + '(begin
> > + #t))))))
>
> Use (snippet #f) to really annihilate the snippet, otherwise you create
> a snippet that does nothing, yet entails and unpack-and-repack step.
Oh, right :p
Thanks! Pushed as 590bdc149b28e03cfd1668e8026919e89e61f00f
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-03-28 18:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-03-27 22:44 [bug#30966] [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739] Leo Famulari
2018-03-28 15:05 ` Ludovic Courtès
2018-03-28 18:11 ` bug#30966: " Leo Famulari
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).