01/01: gnu: openssl: Replace with 1.0.2h [security fixes].

[Mark H. Weaver]

mhw pushed a commit to branch master
in repository guix.

commit 3c1d2981ff0cc63c74d10e78fe9e2b056e9f4ac0
Author: Mark H Weaver <address@hidden>
Date:   Tue May 3 13:06:00 2016 -0400

    gnu: openssl: Replace with 1.0.2h [security fixes].
    
    Fixes CVE-2016-{2105,2106,2107,2109,2176}.
    
    * gnu/packages/tls.scm (openssl)[replacement]: New field.
    (openssl/fixed): New variable.
---
 gnu/packages/tls.scm |   20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 0f4441d..6685ee0 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -198,6 +198,7 @@ required structures.")
   (package
    (name "openssl")
    (version "1.0.2g")
+   (replacement openssl/fixed)
    (source (origin
              (method url-fetch)
              (uri (list (string-append "ftp://ftp.openssl.org/source/";
@@ -298,6 +299,25 @@ required structures.")
    (license license:openssl)
    (home-page "http://www.openssl.org/";)))
 
+(define openssl/fixed
+  (package
+    (inherit openssl)
+    (source
+     (let ((name "openssl")
+           (version "1.0.2h"))
+       (origin
+         (method url-fetch)
+         (uri (list (string-append "ftp://ftp.openssl.org/source/";
+                                   name "-" version ".tar.gz")
+                    (string-append "ftp://ftp.openssl.org/source/old/";
+                                   (string-trim-right version char-set:letter)
+                                   "/" name "-" version ".tar.gz")))
+         (sha256
+          (base32
+           "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x"))
+         (patches (search-patches "openssl-runpath.patch"
+                                  "openssl-c-rehash-in.patch")))))))
+
 (define-public libressl
   (package
     (name "libressl")