GNU bug report logs - #30966
[PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739].

Previous Next

Full log

View this message in rfc822 format

From: ludo <at> gnu.org (Ludovic Courtès)
To: Leo Famulari <leo <at> famulari.name>
Cc: 30966 <at> debbugs.gnu.org
Subject: [bug#30966] [PATCH] gnu: openssl: Replace with OpenSSL 1.0.2o [fixes CVE-2018-0739].
Date: Wed, 28 Mar 2018 17:05:37 +0200

Hi Leo,

Leo Famulari <leo <at> famulari.name> skribis:

> * gnu/packages/tls.scm (openssl)[replacement]: New field.
> (openssl-1.0.2o): New variable.

[...]

> +              (uri (list (string-append "https://www.openssl.org/source/openssl-"
> +                                        version ".tar.gz")
> +                         (string-append "ftp://ftp.openssl.org/source/"
> +                                        name "-" version ".tar.gz")
> +                         (string-append "ftp://ftp.openssl.org/source/old/"
> +                                        (string-trim-right version char-set:letter)
> +                                        "/" name "-" version ".tar.gz")))

Eventually we should factorize this in an ‘openssl-source-url’ procedure.

> +              (sha256
> +               (base32
> +                "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc"))
> +              ;; Erase the inherited snippet, which isn't applicable to
> +              ;; OpenSSL 1.0.2o.
> +              (snippet
> +               '(begin
> +                  #t))))))

Use (snippet #f) to really annihilate the snippet, otherwise you create
a snippet that does nothing, yet entails and unpack-and-repack step.

OK with this change, thank you!

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.