gnu: openssl@1.0: Replace with 1.0.2m [fixes CVE-2017-3735, CVE-2017-2736].

* gnu/packages/tls.scm (openssl)[replacement]: New field. (openssl-1.0.2m): New public variable.
2024-11-07 23:46:13 -05:00 · 2017-11-02 22:11:25 +01:00 · 2017-11-02 22:11:25 +01:00 · 1df4f5c919
commit 1df4f5c919
parent 22bf67d1f4
1 changed files with 20 additions and 0 deletions
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@ -245,6 +245,7 @@ (define-public openssl
  (package
   (name "openssl")
   (version "1.0.2l")
+   (replacement openssl-1.0.2m)
   (source (origin
             (method url-fetch)
             (uri (list (string-append "ftp://ftp.openssl.org/source/"
@ -387,6 +388,25 @@ (define-public openssl
   (license license:openssl)
   (home-page "http://www.openssl.org/")))

+;; Fixes CVE-2017-3735 and CVE-2017-3736.
+;; See <https://www.openssl.org/news/cl102.txt>.
+(define-public openssl-1.0.2m
+  (package
+    (inherit openssl)
+    (version "1.0.2m")
+    (source (origin
+              (inherit (package-source openssl))
+              (uri (list (string-append "https://www.openssl.org/source/openssl-"
+                                        version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/openssl-"
+                                        version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/old/"
+                                        (string-trim-right version char-set:letter)
+                                        "/openssl-" version ".tar.gz")))
+              (sha256
+               (base32
+                "03vvlfnxx4lhxc83ikfdl6jqph4h52y7lb7li03va6dkqrgg2vwc"))))))
+
 (define-public openssl-next
  (package
    (inherit openssl)