guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#30966] [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE

From: Ludovic Courtès
Subject: [bug#30966] [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739].
Date: Wed, 28 Mar 2018 17:05:37 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) 
Hi Leo,

Leo Famulari <address@hidden> skribis:

> * gnu/packages/tls.scm (openssl)[replacement]: New field.
> (openssl-1.0.2o): New variable.

[...]

> +              (uri (list (string-append 
> "https://www.openssl.org/source/openssl-";
> +                                        version ".tar.gz")
> +                         (string-append "ftp://ftp.openssl.org/source/";
> +                                        name "-" version ".tar.gz")
> +                         (string-append "ftp://ftp.openssl.org/source/old/";
> +                                        (string-trim-right version 
> char-set:letter)
> +                                        "/" name "-" version ".tar.gz")))

Eventually we should factorize this in an ‘openssl-source-url’ procedure.

> +              (sha256
> +               (base32
> +                "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"))
> +              ;; Erase the inherited snippet, which isn't applicable to
> +              ;; OpenSSL 1.0.2o.
> +              (snippet
> +               '(begin
> +                  #t))))))

Use (snippet #f) to really annihilate the snippet, otherwise you create
a snippet that does nothing, yet entails and unpack-and-repack step.

OK with this change, thank you!

Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]