From b8ea0db3aebf6ec9b1f3720759897d97bc2fcd48 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Thu, 14 Jun 2018 16:26:57 -0400
Subject: gnu: OpenSSL 1.0.2: Fix CVE-2018-{0495,0732}.

* gnu/packages/patches/openssl-1.0.2-CVE-2018-0495.patch,
gnu/packages/patches/openssl-1.0.2-CVE-2018-0732.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/tls.scm (openssl)[replacement]: New field.
(openssl/fixed): New variable.
---
 gnu/packages/tls.scm | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'gnu/packages/tls.scm')

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 35134025b8..69edd32582 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -260,6 +260,7 @@ required structures.")
 (define-public openssl
   (package
    (name "openssl")
+   (replacement openssl/fixed)
    (version "1.0.2o")
    (source (origin
              (method url-fetch)
@@ -396,6 +397,15 @@ required structures.")
    (license license:openssl)
    (home-page "https://www.openssl.org/")))
 
+(define openssl/fixed
+  (package
+    (inherit openssl)
+    (source (origin
+              (inherit (package-source openssl))
+              (patches (append (origin-patches (package-source openssl))
+                               (search-patches "openssl-1.0.2-CVE-2018-0495.patch"
+                                               "openssl-1.0.2-CVE-2018-0732.patch")))))))
+
 (define-public openssl-next
   (package
     (inherit openssl)
-- 
cgit v1.2.3