[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/02: gnu: openssl: Replace with 1.0.2g [fixes CVE-2016-{0800, 0705, 0
From: |
Ludovic Courtès |
Subject: |
02/02: gnu: openssl: Replace with 1.0.2g [fixes CVE-2016-{0800, 0705, 0798, 0797, 0799, 0702, 0703, 0704}]. |
Date: |
Tue, 01 Mar 2016 15:01:15 +0000 |
civodul pushed a commit to branch master
in repository guix.
commit caeadfddb01d2cda19d2f761ba9906ef8f162173
Author: Ludovic Courtès <address@hidden>
Date: Tue Mar 1 15:57:37 2016 +0100
gnu: openssl: Replace with 1.0.2g [fixes
CVE-2016-{0800,0705,0798,0797,0799,0702,0703,0704}].
See <http://openssl.org/news/secadv/20160301.txt>.
Also fixes <http://bugs.gnu.org/22831>.
* gnu/packages/patches/openssl-c-rehash-in.patch: New file.
* gnu/packages/tls.scm (openssl)[replacement]: New field.
(openssl-1.0.2g): New variable.
---
gnu-system.am | 1 +
gnu/packages/patches/openssl-c-rehash-in.patch | 17 +++++++++++++++++
gnu/packages/tls.scm | 23 ++++++++++++++++++++++-
3 files changed, 40 insertions(+), 1 deletions(-)
diff --git a/gnu-system.am b/gnu-system.am
index 9cf67f3..7cfc485 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -631,6 +631,7 @@ dist_patch_DATA =
\
gnu/packages/patches/openjpeg-use-after-free-fix.patch \
gnu/packages/patches/openssl-runpath.patch \
gnu/packages/patches/openssl-c-rehash.patch \
+ gnu/packages/patches/openssl-c-rehash-in.patch \
gnu/packages/patches/orpheus-cast-errors-and-includes.patch \
gnu/packages/patches/ots-no-include-missing-file.patch \
gnu/packages/patches/patchelf-page-size.patch \
diff --git a/gnu/packages/patches/openssl-c-rehash-in.patch
b/gnu/packages/patches/openssl-c-rehash-in.patch
new file mode 100644
index 0000000..bd3d317
--- /dev/null
+++ b/gnu/packages/patches/openssl-c-rehash-in.patch
@@ -0,0 +1,17 @@
+This patch removes the explicit reference to the 'perl' binary,
+such that OpenSSL does not retain a reference to Perl.
+
+The 'c_rehash' program is seldom used, but it is used nonetheless
+to create symbolic links to certificates, for instance in the 'nss-certs'
+package.
+
+--- openssl-1.0.2g/tools/c_rehash.in 2015-09-09 18:36:07.313316482 +0200
++++ openssl-1.0.2g/tools/c_rehash.in 2015-09-09 18:36:28.965458458 +0200
+@@ -1,4 +1,6 @@
+-#!/usr/local/bin/perl
++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
++ & eval 'exec perl -wS "$0" $argv:q'
++ if 0;
+
+ # Perl c_rehash script, scan all files in a directory
+ # and add symbolic links to their hash values.
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 57f0ca1..dc27366 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <address@hidden>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <address@hidden>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <address@hidden>
;;; Copyright © 2014 Ian Denhardt <address@hidden>
;;; Copyright © 2013, 2015 Andreas Enge <address@hidden>
@@ -179,6 +179,7 @@ required structures.")
(define-public openssl
(package
+ (replacement openssl-1.0.2g)
(name "openssl")
(version "1.0.2f")
(source (origin
@@ -282,6 +283,26 @@ required structures.")
(license license:openssl)
(home-page "http://www.openssl.org/")))
+(define openssl-1.0.2g
+ (package
+ (inherit openssl)
+ (replacement #f)
+ (source
+ (let ((name "openssl") (version "1.0.2g"))
+ (origin
+ (method url-fetch)
+ (uri (list (string-append "ftp://ftp.openssl.org/source/"
+ name "-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version char-set:letter)
+ "/" name "-" version ".tar.gz")))
+ (sha256
+ (base32
+ "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p"))
+ (patches (map search-patch
+ '("openssl-runpath.patch"
+ "openssl-c-rehash-in.patch"))))))))
+
(define-public libressl
(package
(name "libressl")
- branch master updated (d06fc00 -> caeadfd), Ludovic Courtès, 2016/03/01
- 02/02: gnu: openssl: Replace with 1.0.2g [fixes CVE-2016-{0800, 0705, 0798, 0797, 0799, 0702, 0703, 0704}].,
Ludovic Courtès <=
- 01/02: grafts: Graft recursively., Ludovic Courtès, 2016/03/01