me/guix
Archived
1
0
Fork 0
Code Activity

gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].

Browse source 
* gnu/packages/tls.scm (openssl): Update to 1.0.2e.
  [arguments]: Rename 'fix-man-dir' phase to 'patch-Makefile.org',
  and patch SHELL in Makefile.org.  Add 'fix-broken-symlinks' phase.
  Return #t from 'patch-tests' phase.
This commit is contained in:
Mark H Weaver 2015-12-03 16:22:39 -05:00
parent e5be0e01f2
commit 86c8f1daf8
1 changed files with 27 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
gnu/packages/tls.scm
View file

@ -192,14 +192,14 @@ required structures.")
(define-public openssl (define-public openssl
(package (package
(name "openssl") (name "openssl")
(version "1.0.2d") (version "1.0.2e")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append "ftp://ftp.openssl.org/source/openssl-" version (uri (string-append "ftp://ftp.openssl.org/source/openssl-" version
".tar.gz")) ".tar.gz"))
(sha256 (sha256
(base32 (base32
"1j58r7rdj9fz2lanir8ajbx4bspb5jnm5ikl6dq8lql5fx43c737")) "1zqb1rff1wikc62a7vj5qxd1k191m8qif5d05mwdxz2wnzywlg72"))
(patches (map search-patch (patches (map search-patch
'("openssl-runpath.patch" '("openssl-runpath.patch"
"openssl-c-rehash.patch"))))) "openssl-c-rehash.patch")))))
@ -212,10 +212,11 @@ required structures.")
#:phases #:phases
(modify-phases %standard-phases (modify-phases %standard-phases
(add-before (add-before
'configure 'fix-man-dir 'configure 'patch-Makefile.org
(lambda* (#:key outputs #:allow-other-keys) (lambda* (#:key outputs #:allow-other-keys)
;; The default MANDIR is some unusual place. Fix that. ;; The default MANDIR is some unusual place. Fix that.
(let ((out (assoc-ref outputs "out"))) (let ((out (assoc-ref outputs "out")))
(patch-makefile-SHELL "Makefile.org")
(substitute* "Makefile.org" (substitute* "Makefile.org"
(("^MANDIR[[:blank:]]*=.*$") (("^MANDIR[[:blank:]]*=.*$")
(string-append "MANDIR = " out "/share/man\n"))) (string-append "MANDIR = " out "/share/man\n")))
@ -254,6 +255,27 @@ required structures.")
(find-files (string-append out "/lib") (find-files (string-append out "/lib")
"\\.so")) "\\.so"))
#t))) #t)))
(add-after
'unpack 'fix-broken-symlinks
(lambda _
;; Repair the broken symlinks in the openssl-1.0.2e tarball.
(let* ((link-prefix "openssl-1.0.2e/")
(link-prefix-length (string-length link-prefix))
(broken-links
(find-files "." (lambda (file stat)
(and (eq? 'symlink (stat:type stat))
(string-prefix? link-prefix
(readlink file)))))))
(when (null? broken-links)
(error "The 'fix-broken-symlinks' phase is obsolete; remove it"))
(for-each (lambda (file)
(let* ((old-target (readlink file))
(new-target (string-drop old-target
link-prefix-length)))
(delete-file file)
(symlink new-target file)))
broken-links)
#t)))
(add-before (add-before
'patch-source-shebangs 'patch-tests 'patch-source-shebangs 'patch-tests
(lambda* (#:key inputs native-inputs #:allow-other-keys) (lambda* (#:key inputs native-inputs #:allow-other-keys)
@ -262,7 +284,8 @@ required structures.")
(("/bin/sh") (("/bin/sh")
(string-append bash "/bin/bash")) (string-append bash "/bin/bash"))
(("/bin/rm") (("/bin/rm")
"rm"))))) "rm"))
#t)))
(add-after (add-after
'install 'remove-miscellany 'install 'remove-miscellany
(lambda* (#:key outputs #:allow-other-keys) (lambda* (#:key outputs #:allow-other-keys)