guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: openssl: Update to 1.0.2g [fixes CVE-2016-{0800, 0705, 0798,


From: Mark H. Weaver
Subject: 01/01: gnu: openssl: Update to 1.0.2g [fixes CVE-2016-{0800, 0705, 0798, 0797, 0799, 0702, 0703, 0704}].
Date: Wed, 02 Mar 2016 00:26:06 +0000

mhw pushed a commit to branch security-updates
in repository guix.

commit b2e300c1401f045af97549295048f91a8092d2f8
Author: Mark H Weaver <address@hidden>
Date:   Tue Mar 1 19:14:20 2016 -0500

    gnu: openssl: Update to 1.0.2g [fixes 
CVE-2016-{0800,0705,0798,0797,0799,0702,0703,0704}].
    
    * gnu/packages/patches/openssl-c-rehash.patch: Delete file.
    * gnu-system.am (dist_patch_DATA): Remove it.
    * gnu/packages/tls.scm (openssl): Update to 1.0.2g.
---
 gnu-system.am                               |    1 -
 gnu/packages/patches/openssl-c-rehash.patch |   17 -----------------
 gnu/packages/tls.scm                        |   27 +++------------------------
 3 files changed, 3 insertions(+), 42 deletions(-)

diff --git a/gnu-system.am b/gnu-system.am
index 7cfc485..d2735db 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -630,7 +630,6 @@ dist_patch_DATA =                                           
\
   gnu/packages/patches/openjpeg-CVE-2015-6581.patch            \
   gnu/packages/patches/openjpeg-use-after-free-fix.patch       \
   gnu/packages/patches/openssl-runpath.patch                   \
-  gnu/packages/patches/openssl-c-rehash.patch                  \
   gnu/packages/patches/openssl-c-rehash-in.patch               \
   gnu/packages/patches/orpheus-cast-errors-and-includes.patch  \
   gnu/packages/patches/ots-no-include-missing-file.patch       \
diff --git a/gnu/packages/patches/openssl-c-rehash.patch 
b/gnu/packages/patches/openssl-c-rehash.patch
deleted file mode 100644
index f873a9a..0000000
--- a/gnu/packages/patches/openssl-c-rehash.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-This patch removes the explicit reference to the 'perl' binary,
-such that OpenSSL does not retain a reference to Perl.
-
-The 'c_rehash' program is seldom used, but it is used nonetheless
-to create symbolic links to certificates, for instance in the 'nss-certs'
-package.
-
---- openssl-1.0.2d/tools/c_rehash      2015-09-09 18:36:07.313316482 +0200
-+++ openssl-1.0.2d/tools/c_rehash      2015-09-09 18:36:28.965458458 +0200
-@@ -1,4 +1,6 @@
--#!/usr/bin/perl
-+eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
-+  & eval 'exec perl -wS "$0" $argv:q'
-+    if 0;
- 
- # Perl c_rehash script, scan all files in a directory
- # and add symbolic links to their hash values.
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 11a59db..9a72bec 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -179,9 +179,8 @@ required structures.")
 
 (define-public openssl
   (package
-   (replacement openssl-1.0.2g)
    (name "openssl")
-   (version "1.0.2f")
+   (version "1.0.2g")
    (source (origin
             (method url-fetch)
             (uri (list (string-append "ftp://ftp.openssl.org/source/";
@@ -191,10 +190,10 @@ required structures.")
                                       "/" name "-" version ".tar.gz")))
             (sha256
              (base32
-              "171fkdg9v6j29d962nh6kb79kfm8kkhy7n9makw39d7jvvj4wawk"))
+              "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p"))
             (patches (map search-patch
                           '("openssl-runpath.patch"
-                            "openssl-c-rehash.patch")))))
+                            "openssl-c-rehash-in.patch")))))
    (build-system gnu-build-system)
    (native-inputs `(("perl" ,perl)))
    (arguments
@@ -283,26 +282,6 @@ required structures.")
    (license license:openssl)
    (home-page "http://www.openssl.org/";)))
 
-(define openssl-1.0.2g
-  (package
-    (inherit openssl)
-    (replacement #f)
-    (source
-     (let ((name "openssl") (version "1.0.2g"))
-       (origin
-         (method url-fetch)
-         (uri (list (string-append "ftp://ftp.openssl.org/source/";
-                                   name "-" version ".tar.gz")
-                    (string-append "ftp://ftp.openssl.org/source/old/";
-                                   (string-trim-right version char-set:letter)
-                                   "/" name "-" version ".tar.gz")))
-         (sha256
-          (base32
-           "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p"))
-         (patches (map search-patch
-                       '("openssl-runpath.patch"
-                         "openssl-c-rehash-in.patch"))))))))
-
 (define-public libressl
   (package
     (name "libressl")



reply via email to

[Prev in Thread] Current Thread [Next in Thread]