GNU bug report logs -
#30966
[PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739].
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Tue, 27 Mar 2018 22:45:01 UTC
Severity: normal
Tags: patch
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 30966 in the body.
You can then email your comments to 30966 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#30966; Package
guix-patches.
(Tue, 27 Mar 2018 22:45:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Tue, 27 Mar 2018 22:45:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/tls.scm (openssl)[replacement]: New field.
(openssl-1.0.2o): New variable.
---
gnu/packages/tls.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 74843c0a9..3f317aa00 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -255,6 +255,7 @@ required structures.")
(define-public openssl
(package
(name "openssl")
+ (replacement openssl-1.0.2o)
(version "1.0.2n")
(source (origin
(method url-fetch)
@@ -399,6 +400,29 @@ required structures.")
(license license:openssl)
(home-page "https://www.openssl.org/")))
+(define-public openssl-1.0.2o
+ (package
+ (inherit openssl)
+ (name "openssl")
+ (version "1.0.2o")
+ (source (origin
+ (inherit (package-source openssl))
+ (uri (list (string-append "https://www.openssl.org/source/openssl-"
+ version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/"
+ name "-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version char-set:letter)
+ "/" name "-" version ".tar.gz")))
+ (sha256
+ (base32
+ "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"))
+ ;; Erase the inherited snippet, which isn't applicable to
+ ;; OpenSSL 1.0.2o.
+ (snippet
+ '(begin
+ #t))))))
+
(define-public openssl-next
(package
(inherit openssl)
--
2.16.3
Information forwarded
to
guix-patches <at> gnu.org:
bug#30966; Package
guix-patches.
(Wed, 28 Mar 2018 15:06:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 30966 <at> debbugs.gnu.org (full text, mbox):
Hi Leo,
Leo Famulari <leo <at> famulari.name> skribis:
> * gnu/packages/tls.scm (openssl)[replacement]: New field.
> (openssl-1.0.2o): New variable.
[...]
> + (uri (list (string-append "https://www.openssl.org/source/openssl-"
> + version ".tar.gz")
> + (string-append "ftp://ftp.openssl.org/source/"
> + name "-" version ".tar.gz")
> + (string-append "ftp://ftp.openssl.org/source/old/"
> + (string-trim-right version char-set:letter)
> + "/" name "-" version ".tar.gz")))
Eventually we should factorize this in an ‘openssl-source-url’ procedure.
> + (sha256
> + (base32
> + "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"))
> + ;; Erase the inherited snippet, which isn't applicable to
> + ;; OpenSSL 1.0.2o.
> + (snippet
> + '(begin
> + #t))))))
Use (snippet #f) to really annihilate the snippet, otherwise you create
a snippet that does nothing, yet entails and unpack-and-repack step.
OK with this change, thank you!
Ludo’.
Reply sent
to
Leo Famulari <leo <at> famulari.name>:
You have taken responsibility.
(Wed, 28 Mar 2018 18:12:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Leo Famulari <leo <at> famulari.name>:
bug acknowledged by developer.
(Wed, 28 Mar 2018 18:12:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 30966-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Wed, Mar 28, 2018 at 05:05:37PM +0200, Ludovic Courtès wrote:
> Hi Leo,
>
> Leo Famulari <leo <at> famulari.name> skribis:
>
> > * gnu/packages/tls.scm (openssl)[replacement]: New field.
> > (openssl-1.0.2o): New variable.
>
> [...]
>
> > + (uri (list (string-append "https://www.openssl.org/source/openssl-"
> > + version ".tar.gz")
> > + (string-append "ftp://ftp.openssl.org/source/"
> > + name "-" version ".tar.gz")
> > + (string-append "ftp://ftp.openssl.org/source/old/"
> > + (string-trim-right version char-set:letter)
> > + "/" name "-" version ".tar.gz")))
>
> Eventually we should factorize this in an ‘openssl-source-url’ procedure.
Yup :)
> > + (sha256
> > + (base32
> > + "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"))
> > + ;; Erase the inherited snippet, which isn't applicable to
> > + ;; OpenSSL 1.0.2o.
> > + (snippet
> > + '(begin
> > + #t))))))
>
> Use (snippet #f) to really annihilate the snippet, otherwise you create
> a snippet that does nothing, yet entails and unpack-and-repack step.
Oh, right :p
Thanks! Pushed as 590bdc149b28e03cfd1668e8026919e89e61f00f
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Thu, 26 Apr 2018 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 7 years and 59 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.