gnu: OpenSSL@1.0: Replace with 1.0.2t [fixes CVE-2019-1547, CVE-2019-1563].

* gnu/packages/tls.scm (openssl-1.0.2t): New variable. (openssl-1.0)[replacement]: New field.
2019-10-13 20:50:18 +02:00 · 2019-10-13 20:50:18 +02:00 · d6718086f8
commit d6718086f8
parent 0475c88d6f
1 changed files with 22 additions and 0 deletions
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@ -392,6 +392,7 @@ required structures.")
    (inherit openssl)
    (name "openssl")
    (version "1.0.2s")
+    (replacement openssl-1.0.2t)
    (source (origin
              (method url-fetch)
              (uri (list (string-append "https://www.openssl.org/source/openssl-"
@ -473,6 +474,27 @@ required structures.")
                                                         ,version "/misc"))
                 #t)))))))))

+(define openssl-1.0.2t
+  (package
+    (inherit openssl)
+    (version "1.0.2t")
+    (source (origin
+              (inherit (package-source openssl-1.0))
+              (uri (list (string-append "https://www.openssl.org/source/openssl-"
+                                        version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/"
+                                        "openssl-" version ".tar.gz")
+                         (string-append "ftp://ftp.openssl.org/source/old/"
+                                        (string-trim-right version char-set:letter)
+                                        "/openssl-" version ".tar.gz")))
+              (sha256
+               (base32
+                "1g67ra0ph7gpz6fgvv1i96d792jmd6ymci5kk53vbikszr74djql"))))
+    (arguments
+     (substitute-keyword-arguments (package-arguments openssl-1.0)
+       ;; Parallel build is not supported in 1.0.x.
+       ((#:parallel-build? _ #f) #f)))))
+
 (define-public libressl
  (package
    (name "libressl")