From unknown Mon Jun 23 07:48:44 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#30966 <30966@debbugs.gnu.org> To: bug#30966 <30966@debbugs.gnu.org> Subject: Status: [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739]. Reply-To: bug#30966 <30966@debbugs.gnu.org> Date: Mon, 23 Jun 2025 14:48:44 +0000 retitle 30966 [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-= 2018-0739]. reassign 30966 guix-patches submitter 30966 Leo Famulari severity 30966 normal tag 30966 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 27 18:44:49 2018 Received: (at submit) by debbugs.gnu.org; 27 Mar 2018 22:44:49 +0000 Received: from localhost ([127.0.0.1]:56355 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f0xKj-0006ZB-EQ for submit@debbugs.gnu.org; Tue, 27 Mar 2018 18:44:49 -0400 Received: from eggs.gnu.org ([208.118.235.92]:42196) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f0xKh-0006Yy-Us for submit@debbugs.gnu.org; Tue, 27 Mar 2018 18:44:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1f0xKb-00056K-LQ for submit@debbugs.gnu.org; Tue, 27 Mar 2018 18:44:42 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_20,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:33716) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1f0xKb-00056E-Id for submit@debbugs.gnu.org; Tue, 27 Mar 2018 18:44:41 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33149) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f0xKa-0000ZV-5g for guix-patches@gnu.org; Tue, 27 Mar 2018 18:44:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1f0xKW-00054X-7b for guix-patches@gnu.org; Tue, 27 Mar 2018 18:44:40 -0400 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:54465) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1f0xKW-00054I-2x for guix-patches@gnu.org; Tue, 27 Mar 2018 18:44:36 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 7551620CA4; Tue, 27 Mar 2018 18:44:35 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Tue, 27 Mar 2018 18:44:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:message-id:subject:to:x-me-sender:x-me-sender :x-sasl-enc; s=mesmtp; bh=8UDEXtkZjwhE7EbP2kakEEX21HSJmp8bEs2vEr 3c34A=; b=Mt90wrhvP99CN2PpNaKXgO4/DMSdwlDUlp3p02oLAmuGkvAgxcL43T zu34nYurtiGiKwz1oxQ5WSWfDweNN/9pXDm9aZ1+FRAhDsoKwlyC0OfbmfYe6Ny2 H61YaC3gUkkCJ+1jj84IDekVT1E9Wfg6uJGdxKBZm2qUjzQhsVp7U= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=date:from:message-id:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=8UDEXtkZjwhE7EbP2 kakEEX21HSJmp8bEs2vEr3c34A=; b=EC85vJsfeh09KGskLY/42RtumayRY04Pj 0Y7RtBN5zc4Fuew5UmgKXG3EVDx0h8VpmXw2lcF6F3M1ohLzEQoiMUq5ZXvRqQc1 HCw6Hja9iwEjjKE/8btMygzslOOoXgve14FR7L2/MGZXLr/thh+9Dn4GqCAMz/es vSPL3sMqhfrtEPcwyA81HKQVUCXVCXC+X4k6ggPOS6yHMe4u9C/zMMBuO7lHkTql WkT1MpSxa7VBDiynV8kII8VB2pPg9oyQI/mifS7cL/pg9QN38+T6LTjKJvGxibc5 HOHASOCAuVq6GQV3qMdZZ3tlgxnpPraKWt385QC93GoI/q0Xk6mLQ== X-ME-Sender: Received: from jasmine.lan (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id 2B2121026E for ; Tue, 27 Mar 2018 18:44:35 -0400 (EDT) From: Leo Famulari To: guix-patches@gnu.org Subject: [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739]. Date: Tue, 27 Mar 2018 18:44:31 -0400 Message-Id: <97a98c7fe0dfe6f98839e9cabf8e0022d7d2a8c8.1522190671.git.leo@famulari.name> X-Mailer: git-send-email 2.16.3 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.1 (----) * gnu/packages/tls.scm (openssl)[replacement]: New field. (openssl-1.0.2o): New variable. --- gnu/packages/tls.scm | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 74843c0a9..3f317aa00 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -255,6 +255,7 @@ required structures.") (define-public openssl (package (name "openssl") + (replacement openssl-1.0.2o) (version "1.0.2n") (source (origin (method url-fetch) @@ -399,6 +400,29 @@ required structures.") (license license:openssl) (home-page "https://www.openssl.org/"))) +(define-public openssl-1.0.2o + (package + (inherit openssl) + (name "openssl") + (version "1.0.2o") + (source (origin + (inherit (package-source openssl)) + (uri (list (string-append "https://www.openssl.org/source/openssl-" + version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/" + name "-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/" name "-" version ".tar.gz"))) + (sha256 + (base32 + "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc")) + ;; Erase the inherited snippet, which isn't applicable to + ;; OpenSSL 1.0.2o. + (snippet + '(begin + #t)))))) + (define-public openssl-next (package (inherit openssl) -- 2.16.3 From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 28 11:05:43 2018 Received: (at 30966) by debbugs.gnu.org; 28 Mar 2018 15:05:43 +0000 Received: from localhost ([127.0.0.1]:57500 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f1Cdz-0006C3-Fu for submit@debbugs.gnu.org; Wed, 28 Mar 2018 11:05:43 -0400 Received: from hera.aquilenet.fr ([185.233.100.1]:33988) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f1Cdw-0006Bt-NJ for 30966@debbugs.gnu.org; Wed, 28 Mar 2018 11:05:41 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id AE5B11286C; Wed, 28 Mar 2018 17:05:39 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a7nMWDb1IlAa; Wed, 28 Mar 2018 17:05:38 +0200 (CEST) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id D1803109B1; Wed, 28 Mar 2018 17:05:37 +0200 (CEST) From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Leo Famulari Subject: Re: [bug#30966] [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739]. References: <97a98c7fe0dfe6f98839e9cabf8e0022d7d2a8c8.1522190671.git.leo@famulari.name> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 8 Germinal an 226 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 28 Mar 2018 17:05:37 +0200 In-Reply-To: <97a98c7fe0dfe6f98839e9cabf8e0022d7d2a8c8.1522190671.git.leo@famulari.name> (Leo Famulari's message of "Tue, 27 Mar 2018 18:44:31 -0400") Message-ID: <87efk4tf3y.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: 30966 Cc: 30966@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) Hi Leo, Leo Famulari skribis: > * gnu/packages/tls.scm (openssl)[replacement]: New field. > (openssl-1.0.2o): New variable. [...] > + (uri (list (string-append "https://www.openssl.org/source/= openssl-" > + version ".tar.gz") > + (string-append "ftp://ftp.openssl.org/source/" > + name "-" version ".tar.gz") > + (string-append "ftp://ftp.openssl.org/source/ol= d/" > + (string-trim-right version char-= set:letter) > + "/" name "-" version ".tar.gz"))) Eventually we should factorize this in an =E2=80=98openssl-source-url=E2=80= =99 procedure. > + (sha256 > + (base32 > + "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc")) > + ;; Erase the inherited snippet, which isn't applicable to > + ;; OpenSSL 1.0.2o. > + (snippet > + '(begin > + #t)))))) Use (snippet #f) to really annihilate the snippet, otherwise you create a snippet that does nothing, yet entails and unpack-and-repack step. OK with this change, thank you! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 28 14:11:59 2018 Received: (at 30966-done) by debbugs.gnu.org; 28 Mar 2018 18:11:59 +0000 Received: from localhost ([127.0.0.1]:57571 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f1FYE-0001zc-P2 for submit@debbugs.gnu.org; Wed, 28 Mar 2018 14:11:58 -0400 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:46467) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f1FYD-0001zU-6d for 30966-done@debbugs.gnu.org; Wed, 28 Mar 2018 14:11:57 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id CAA3720CB1; Wed, 28 Mar 2018 14:11:56 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Wed, 28 Mar 2018 14:11:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= mesmtp; bh=fXtKWfhVXcprtRYbKkVO7MvzyyoR4a6RLbSA970EUjU=; b=ubXtO GUzfCZ84PmlzrX4qkMsUKHwGzetAaOlYiBkQmxQ6yOwyXvkj7sJhNINrO1oPaUVo BTM0OI883F5W82LLbCsYUGFiJlVzwGnvW5aUu8+TMZGCjq+4eb9TtorReUE1l2qk zNbZI6rSSFC5yt7KVrSavSVHZuEE+J48Ra/uN8= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=fXtKWfhVXcprtRYbKkVO7MvzyyoR4 a6RLbSA970EUjU=; b=b2WXsBJHkr+KeAxolUrLNkIQmOF16ng4IDJoIwYd8ZgmU TqjVsqqaCxX+2t3UU8bxkjsSCH4+8cCFfneCzyKaJPGRuEkWiWCka0Cgpc/Tt0+7 XUO514VBtVpnTE709C8muIyYjTgj0CB1bijIzXjoO5U267iT6cmHCB0DuM8ccXcT BJDj5Uj8bHfYWEiylgimp+aCKgxgk0KNy8GupcXOj3M5zr/DJxwY+Bh0GQivnV7x UN9QxF1RdesH8XUrBWOCC1g+OLmihhz+0NP05pAn1FwgD3N9szQtionoW0E9i/nx JLMfCtb0mHxWIgRdS6202YYWy3IWGsrK1R/gMib7A== X-ME-Sender: Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id 7A823E508D; Wed, 28 Mar 2018 14:11:56 -0400 (EDT) Date: Wed, 28 Mar 2018 14:11:54 -0400 From: Leo Famulari To: Ludovic =?iso-8859-1?Q?Court=E8s?= Subject: Re: [bug#30966] [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739]. Message-ID: <20180328181154.GA16088@jasmine.lan> References: <97a98c7fe0dfe6f98839e9cabf8e0022d7d2a8c8.1522190671.git.leo@famulari.name> <87efk4tf3y.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="MGYHOYXEY6WxJCY8" Content-Disposition: inline In-Reply-To: <87efk4tf3y.fsf@gnu.org> User-Agent: Mutt/1.9.3 (2018-01-21) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 30966-done Cc: 30966-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --MGYHOYXEY6WxJCY8 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 28, 2018 at 05:05:37PM +0200, Ludovic Court=C3=A8s wrote: > Hi Leo, >=20 > Leo Famulari skribis: >=20 > > * gnu/packages/tls.scm (openssl)[replacement]: New field. > > (openssl-1.0.2o): New variable. >=20 > [...] >=20 > > + (uri (list (string-append "https://www.openssl.org/sourc= e/openssl-" > > + version ".tar.gz") > > + (string-append "ftp://ftp.openssl.org/source/" > > + name "-" version ".tar.gz") > > + (string-append "ftp://ftp.openssl.org/source/= old/" > > + (string-trim-right version cha= r-set:letter) > > + "/" name "-" version ".tar.gz"= ))) >=20 > Eventually we should factorize this in an =E2=80=98openssl-source-url=E2= =80=99 procedure. Yup :) > > + (sha256 > > + (base32 > > + "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"= )) > > + ;; Erase the inherited snippet, which isn't applicable to > > + ;; OpenSSL 1.0.2o. > > + (snippet > > + '(begin > > + #t)))))) >=20 > Use (snippet #f) to really annihilate the snippet, otherwise you create > a snippet that does nothing, yet entails and unpack-and-repack step. Oh, right :p Thanks! Pushed as 590bdc149b28e03cfd1668e8026919e89e61f00f --MGYHOYXEY6WxJCY8 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlq72uoACgkQJkb6MLrK fwjVBg//dww7gVJfnfAL7+edm6oGVzC7itpcQi/v3Fx++ytltAVqo04Sd46zNTDk JG8M33qma2cSyED8Hb3rBDxR0db6pwaDJQQfxqs8ihXOPPoRIiBDh7J7GUrF7YQ9 HNIRR0wYi2dxxIh+9X0/AhrQZcopYVz9mU7buQrqcgeQvrF/WBRz4Ml8D6I5+5bo fKiJxKmREovQ0FW/CRyL3izy8wPsa35ODpIpkEx3bn2VFperZayk6b29LuYUZJAE fCd4HtKaOzGGi8w5FZ7DTvrMGT83GFfYEQqSRCq0e1I1rTZgHizPunPj0SEYdY7r 1V/Us6OhGHPJnGL2netTTReNd+1xVvJxdI0ld3gWx+8PptkzXEvzhnGMB5PL/5SJ 3bu/P3h2s3wH4jiLwXk2lR2nIWqgWFK3NgVDDEEdH1AbTTt9IVsF5nE0ia2h7awQ ugzF2jST77cwGF1ziXsuA1E3w1sC4Xq33vJB6fHezeYDTkWLVFryd6rOaVyjqzie yiRXES0OvBSHUpcxGfSGdf0DrZPMn2K4AD28rFtdfFePNqgMfYJpa+j1U4kY/DiU D/qAHxCVlEAlN8wQuB+QxR2GAO6Cp3rAgiDgP5R2CVVTflFB9Y6pzfhGskrnoURc j5tKySiChuwa3zKSLPFaygh/hf4tN3RZz26DOp7CgNa27zC4+Rg= =8Han -----END PGP SIGNATURE----- --MGYHOYXEY6WxJCY8-- From unknown Mon Jun 23 07:48:44 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 26 Apr 2018 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator