emacs-bug-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#30966: closed ([PATCH] gnu: openssl: Replace with


From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#30966: closed ([PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739].)
Date: Wed, 28 Mar 2018 18:12:02 +0000

Your message dated Wed, 28 Mar 2018 14:11:54 -0400
with message-id <address@hidden>
and subject line Re: [bug#30966] [PATCH] gnu: openssl: Replace with OpenSSL 
1.0.2o [fixes CVE-2018-0739].
has caused the debbugs.gnu.org bug report #30966,
regarding [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes 
CVE-2018-0739].
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
30966: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=30966
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739]. Date: Tue, 27 Mar 2018 18:44:31 -0400
* gnu/packages/tls.scm (openssl)[replacement]: New field.
(openssl-1.0.2o): New variable.
---
 gnu/packages/tls.scm | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 74843c0a9..3f317aa00 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -255,6 +255,7 @@ required structures.")
 (define-public openssl
   (package
    (name "openssl")
+   (replacement openssl-1.0.2o)
    (version "1.0.2n")
    (source (origin
              (method url-fetch)
@@ -399,6 +400,29 @@ required structures.")
    (license license:openssl)
    (home-page "https://www.openssl.org/";)))
 
+(define-public openssl-1.0.2o
+  (package
+    (inherit openssl)
+    (name "openssl")
+    (version "1.0.2o")
+    (source (origin
+              (inherit (package-source openssl))
+              (uri (list (string-append 
"https://www.openssl.org/source/openssl-";
+                                        version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/";
+                                        name "-" version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/old/";
+                                        (string-trim-right version 
char-set:letter)
+                                        "/" name "-" version ".tar.gz")))
+              (sha256
+               (base32
+                "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"))
+              ;; Erase the inherited snippet, which isn't applicable to
+              ;; OpenSSL 1.0.2o.
+              (snippet
+               '(begin
+                  #t))))))
+
 (define-public openssl-next
   (package
     (inherit openssl)
-- 
2.16.3




--- End Message ---
--- Begin Message --- Subject: Re: [bug#30966] [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739]. Date: Wed, 28 Mar 2018 14:11:54 -0400 User-agent: Mutt/1.9.3 (2018-01-21)
On Wed, Mar 28, 2018 at 05:05:37PM +0200, Ludovic Courtès wrote:
> Hi Leo,
> 
> Leo Famulari <address@hidden> skribis:
> 
> > * gnu/packages/tls.scm (openssl)[replacement]: New field.
> > (openssl-1.0.2o): New variable.
> 
> [...]
> 
> > +              (uri (list (string-append 
> > "https://www.openssl.org/source/openssl-";
> > +                                        version ".tar.gz")
> > +                         (string-append "ftp://ftp.openssl.org/source/";
> > +                                        name "-" version ".tar.gz")
> > +                         (string-append "ftp://ftp.openssl.org/source/old/";
> > +                                        (string-trim-right version 
> > char-set:letter)
> > +                                        "/" name "-" version ".tar.gz")))
> 
> Eventually we should factorize this in an ‘openssl-source-url’ procedure.

Yup :)

> > +              (sha256
> > +               (base32
> > +                "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"))
> > +              ;; Erase the inherited snippet, which isn't applicable to
> > +              ;; OpenSSL 1.0.2o.
> > +              (snippet
> > +               '(begin
> > +                  #t))))))
> 
> Use (snippet #f) to really annihilate the snippet, otherwise you create
> a snippet that does nothing, yet entails and unpack-and-repack step.

Oh, right :p

Thanks! Pushed as 590bdc149b28e03cfd1668e8026919e89e61f00f

Attachment: signature.asc
Description: PGP signature


--- End Message ---

reply via email to

[Prev in Thread] Current Thread [Next in Thread]