[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/03: gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193, 3194, 3195}
From: |
Mark H. Weaver |
Subject: |
01/03: gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193, 3194, 3195}]. |
Date: |
Mon, 07 Dec 2015 14:54:16 +0000 |
mhw pushed a commit to branch master
in repository guix.
commit 86c8f1daf8ed10f13f2b1e973a28845629b8ce47
Author: Mark H Weaver <address@hidden>
Date: Thu Dec 3 16:22:39 2015 -0500
gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].
* gnu/packages/tls.scm (openssl): Update to 1.0.2e.
[arguments]: Rename 'fix-man-dir' phase to 'patch-Makefile.org',
and patch SHELL in Makefile.org. Add 'fix-broken-symlinks' phase.
Return #t from 'patch-tests' phase.
---
gnu/packages/tls.scm | 31 +++++++++++++++++++++++++++----
1 files changed, 27 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index fc0b6e8..e539686 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -192,14 +192,14 @@ required structures.")
(define-public openssl
(package
(name "openssl")
- (version "1.0.2d")
+ (version "1.0.2e")
(source (origin
(method url-fetch)
(uri (string-append "ftp://ftp.openssl.org/source/openssl-" version
".tar.gz"))
(sha256
(base32
- "1j58r7rdj9fz2lanir8ajbx4bspb5jnm5ikl6dq8lql5fx43c737"))
+ "1zqb1rff1wikc62a7vj5qxd1k191m8qif5d05mwdxz2wnzywlg72"))
(patches (map search-patch
'("openssl-runpath.patch"
"openssl-c-rehash.patch")))))
@@ -212,10 +212,11 @@ required structures.")
#:phases
(modify-phases %standard-phases
(add-before
- 'configure 'fix-man-dir
+ 'configure 'patch-Makefile.org
(lambda* (#:key outputs #:allow-other-keys)
;; The default MANDIR is some unusual place. Fix that.
(let ((out (assoc-ref outputs "out")))
+ (patch-makefile-SHELL "Makefile.org")
(substitute* "Makefile.org"
(("^MANDIR[[:blank:]]*=.*$")
(string-append "MANDIR = " out "/share/man\n")))
@@ -254,6 +255,27 @@ required structures.")
(find-files (string-append out "/lib")
"\\.so"))
#t)))
+ (add-after
+ 'unpack 'fix-broken-symlinks
+ (lambda _
+ ;; Repair the broken symlinks in the openssl-1.0.2e tarball.
+ (let* ((link-prefix "openssl-1.0.2e/")
+ (link-prefix-length (string-length link-prefix))
+ (broken-links
+ (find-files "." (lambda (file stat)
+ (and (eq? 'symlink (stat:type stat))
+ (string-prefix? link-prefix
+ (readlink file)))))))
+ (when (null? broken-links)
+ (error "The 'fix-broken-symlinks' phase is obsolete; remove
it"))
+ (for-each (lambda (file)
+ (let* ((old-target (readlink file))
+ (new-target (string-drop old-target
+ link-prefix-length)))
+ (delete-file file)
+ (symlink new-target file)))
+ broken-links)
+ #t)))
(add-before
'patch-source-shebangs 'patch-tests
(lambda* (#:key inputs native-inputs #:allow-other-keys)
@@ -262,7 +284,8 @@ required structures.")
(("/bin/sh")
(string-append bash "/bin/bash"))
(("/bin/rm")
- "rm")))))
+ "rm"))
+ #t)))
(add-after
'install 'remove-miscellany
(lambda* (#:key outputs #:allow-other-keys)