me/guix
Archived
1
0
Fork 0
Code Activity

gnu: openssl: Replace with 1.0.2g [fixes CVE-2016-{0800,0705,0798,0797,0799,0702,0703,0704}].

Browse source 
See <http://openssl.org/news/secadv/20160301.txt>.
Also fixes <http://bugs.gnu.org/22831>.

* gnu/packages/patches/openssl-c-rehash-in.patch: New file.
* gnu/packages/tls.scm (openssl)[replacement]: New field.
(openssl-1.0.2g): New variable.
This commit is contained in:
Ludovic Courtès 2016-03-01 15:57:37 +01:00
parent c22a1324e6
commit caeadfddb0
3 changed files with 40 additions and 1 deletions

1
gnu-system.am
View file

@ -631,6 +631,7 @@ dist_patch_DATA = \
gnu/packages/patches/openjpeg-use-after-free-fix.patch \ gnu/packages/patches/openjpeg-use-after-free-fix.patch \
gnu/packages/patches/openssl-runpath.patch \ gnu/packages/patches/openssl-runpath.patch \
gnu/packages/patches/openssl-c-rehash.patch \ gnu/packages/patches/openssl-c-rehash.patch \
gnu/packages/patches/openssl-c-rehash-in.patch \
gnu/packages/patches/orpheus-cast-errors-and-includes.patch \ gnu/packages/patches/orpheus-cast-errors-and-includes.patch \
gnu/packages/patches/ots-no-include-missing-file.patch \ gnu/packages/patches/ots-no-include-missing-file.patch \
gnu/packages/patches/patchelf-page-size.patch \ gnu/packages/patches/patchelf-page-size.patch \

17
gnu/packages/patches/openssl-c-rehash-in.patch Normal file
View file

@ -0,0 +1,17 @@
This patch removes the explicit reference to the 'perl' binary,
such that OpenSSL does not retain a reference to Perl.
The 'c_rehash' program is seldom used, but it is used nonetheless
to create symbolic links to certificates, for instance in the 'nss-certs'
package.
--- openssl-1.0.2g/tools/c_rehash.in 2015-09-09 18:36:07.313316482 +0200
+++ openssl-1.0.2g/tools/c_rehash.in 2015-09-09 18:36:28.965458458 +0200
@@ -1,4 +1,6 @@
-#!/usr/local/bin/perl
+eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
+ & eval 'exec perl -wS "$0" $argv:q'
+ if 0;
# Perl c_rehash script, scan all files in a directory
# and add symbolic links to their hash values.

23
gnu/packages/tls.scm
View file

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU ;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
@ -179,6 +179,7 @@ required structures.")
(define-public openssl (define-public openssl
(package (package
(replacement openssl-1.0.2g)
(name "openssl") (name "openssl")
(version "1.0.2f") (version "1.0.2f")
(source (origin (source (origin
@ -282,6 +283,26 @@ required structures.")
(license license:openssl) (license license:openssl)
(home-page "http://www.openssl.org/"))) (home-page "http://www.openssl.org/")))
(define openssl-1.0.2g
(package
(inherit openssl)
(replacement #f)
(source
(let ((name "openssl") (version "1.0.2g"))
(origin
(method url-fetch)
(uri (list (string-append "ftp://ftp.openssl.org/source/"
name "-" version ".tar.gz")
(string-append "ftp://ftp.openssl.org/source/old/"
(string-trim-right version char-set:letter)
"/" name "-" version ".tar.gz")))
(sha256
(base32
"0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p"))
(patches (map search-patch
'("openssl-runpath.patch"
"openssl-c-rehash-in.patch"))))))))
(define-public libressl (define-public libressl
(package (package
(name "libressl") (name "libressl")