diff options
author | Ludovic Courtès <ludo@gnu.org> | 2016-03-01 15:57:37 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2016-03-01 16:00:46 +0100 |
commit | caeadfddb01d2cda19d2f761ba9906ef8f162173 (patch) | |
tree | 35809fd6d97c5975948e3cb76c69a150cb8a2f82 /gnu/packages/patches/openssl-c-rehash-in.patch | |
parent | c22a1324e64d6906be5e9a8e64b8716ad763434a (diff) | |
download | guix-caeadfddb01d2cda19d2f761ba9906ef8f162173.tar guix-caeadfddb01d2cda19d2f761ba9906ef8f162173.tar.gz |
gnu: openssl: Replace with 1.0.2g [fixes CVE-2016-{0800,0705,0798,0797,0799,0702,0703,0704}].
See <http://openssl.org/news/secadv/20160301.txt>.
Also fixes <http://bugs.gnu.org/22831>.
* gnu/packages/patches/openssl-c-rehash-in.patch: New file.
* gnu/packages/tls.scm (openssl)[replacement]: New field.
(openssl-1.0.2g): New variable.
Diffstat (limited to 'gnu/packages/patches/openssl-c-rehash-in.patch')
-rw-r--r-- | gnu/packages/patches/openssl-c-rehash-in.patch | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/gnu/packages/patches/openssl-c-rehash-in.patch b/gnu/packages/patches/openssl-c-rehash-in.patch new file mode 100644 index 0000000000..bd3d3178f1 --- /dev/null +++ b/gnu/packages/patches/openssl-c-rehash-in.patch @@ -0,0 +1,17 @@ +This patch removes the explicit reference to the 'perl' binary, +such that OpenSSL does not retain a reference to Perl. + +The 'c_rehash' program is seldom used, but it is used nonetheless +to create symbolic links to certificates, for instance in the 'nss-certs' +package. + +--- openssl-1.0.2g/tools/c_rehash.in 2015-09-09 18:36:07.313316482 +0200 ++++ openssl-1.0.2g/tools/c_rehash.in 2015-09-09 18:36:28.965458458 +0200 +@@ -1,4 +1,6 @@ +-#!/usr/local/bin/perl ++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}' ++ & eval 'exec perl -wS "$0" $argv:q' ++ if 0; + + # Perl c_rehash script, scan all files in a directory + # and add symbolic links to their hash values. |