From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: OpenSSL updates Date: Thu, 22 Sep 2016 09:55:27 -0400 Message-ID: <20160922135527.GA13557@jasmine> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="rJwd6BRFiFCcLxzm" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:55341) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bn4Tb-000771-7r for guix-devel@gnu.org; Thu, 22 Sep 2016 09:55:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bn4TX-00044E-1o for guix-devel@gnu.org; Thu, 22 Sep 2016 09:55:46 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:54696) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bn4TV-00042F-BR for guix-devel@gnu.org; Thu, 22 Sep 2016 09:55:42 -0400 Received: from localhost (c-76-124-102-142.hsd1.pa.comcast.net [76.124.102.142]) by mail.messagingengine.com (Postfix) with ESMTPA id 87C2CCCE7E for ; Thu, 22 Sep 2016 09:55:30 -0400 (EDT) Content-Disposition: inline List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --rJwd6BRFiFCcLxzm Content-Type: multipart/mixed; boundary="WIyZ46R2i8wDzkSu" Content-Disposition: inline --WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Here are patches to replace openssl with openssl-1.0.2i and to update openssl-next to openssl@1.1.0a. --WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="0001-gnu-openssl-Replace-with-1.0.2i-security-fixes.patch" Content-Transfer-Encoding: quoted-printable =46rom 1f020e2cb580941a36aa98737cd679a8605cdc4d Mon Sep 17 00:00:00 2001 =46rom: Leo Famulari Date: Thu, 22 Sep 2016 09:38:56 -0400 Subject: [PATCH 1/2] gnu: openssl: Replace with 1.0.2i [security fixes]. Fixes CVE-2016-{2177,2178,2179,2180,2181,2182,2183,6302,6303,6304,6306,6308= }. * gnu/packages/tls.scm (openssl)[replacement]: New field. (openssl-1.0.2i): New variable. --- gnu/packages/tls.scm | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 0762703..198d298 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -229,6 +229,7 @@ required structures.") (define-public openssl (package (name "openssl") + (replacement openssl-1.0.2i) (version "1.0.2h") (source (origin (method url-fetch) @@ -367,6 +368,24 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) =20 +(define-public openssl-1.0.2i + (package (inherit openssl) + (source + (let ((name "openssl") + (version "1.0.2i")) + (origin + (method url-fetch) + (uri (list (string-append "ftp://ftp.openssl.org/source/" + name "-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:le= tter) + "/" name "-" version ".tar.gz"))) + (sha256 + (base32 + "0vyy038676cv3m2523fi9ll9nkjxadqdnz18zdp5nm6925yli1wj")) + (patches (search-patches "openssl-runpath.patch" + "openssl-c-rehash-in.patch"))))))) + (define-public openssl-next (package (inherit openssl) --=20 2.10.0 --WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="0002-gnu-openssl-next-Update-to-1.1.0a-security-fixes.patch" Content-Transfer-Encoding: quoted-printable =46rom 391b88aa981f9ae8201b6f8959bdbd6d92d6e27b Mon Sep 17 00:00:00 2001 =46rom: Leo Famulari Date: Thu, 22 Sep 2016 09:44:17 -0400 Subject: [PATCH 2/2] gnu: openssl-next: Update to 1.1.0a [security fixes]. Fixes CVE-2016-{6304,6305,6307,6308}. * gnu/packages/tls.scm (openssl-next): Update to 1.1.0a. --- gnu/packages/tls.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 198d298..45ae447 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -390,7 +390,7 @@ required structures.") (package (inherit openssl) (name "openssl") - (version "1.1.0") + (version "1.1.0a") (source (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -401,7 +401,7 @@ required structures.") (patches (search-patches "openssl-1.1.0-c-rehash-in.patch")) (sha256 (base32 - "10lcpmnxap9nw8ymdglys93cgkwd1lf1rz4fhq5whwhlmkwrzipm")))) + "0as40a1lipl9qfax7495jc1xfb049ygavkaxxk4y5kcn8birdrn2")))) (outputs '("out" "doc" ;1.3MiB of man3 pages "static")) ; 5.5MiB of .a files --=20 2.10.0 --WIyZ46R2i8wDzkSu-- --rJwd6BRFiFCcLxzm Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJX4+LLAAoJECZG+jC6yn8ItcQQANrSJ7UW/78Jxe5OCbGlQrjw 4dKN2SglLgUqxVu57kCQ77apq4rJu98d7IMfjFOQh7HktwhfoCoxV3fPQxrk5wPN 1LeYCL7DPt/pzzIYyQDp60oTI+XmQJ3hHpYGGxHSqi5/JCeJIf2iJDdUjKESp289 8GinPu/IU7AfFY38F/iWEb4XxFxwaQ6L+9EyeAwcUg+IA/y4HR27HhM3HEhBTYuk 8Kxl9YmxPsGF1aq2N0WchzzunjG23iNmFuwrYiMksNzo/OM9nNTymJESjh1mnoM3 PzerI8MznzvarYahyOL5uzfCG22b21L4ma+49dLqAM8EO+RoiHKMyofZOxdx4Wd+ MphU3YfqpamNdtUDy0aJ429M2kTn5+QVKTrjpw4LzdCG9lxlhD3Pv0bmq/lZKDiE MJdMVV9WI5Mp+yuFJ4Lok5mRa4Af2jamDbnFv8u87jeotbiPCZAWMgssopZxntLu bE3XkuxBA90ZNG2PIRav+KvnQnmdHTdVMRHS57eABRmK7YKoPuHrFcWx6iG5j/2q O/9xj8BKpSr0v79pYbSQASWRryYNGee7+s4v1vP8Xdr6vUX0wTmDRo10RyqWzyPx 2q1uimo/iyOssniNL2iYvph740xjMqoMjS72LVzIsQ+xG1kO6WPxkiKrnWXhDJY0 DkEFHjj+jKR/ozZ2eEdb =a7pC -----END PGP SIGNATURE----- --rJwd6BRFiFCcLxzm--