aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/openssl-c-rehash-in.patch
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-03-01 15:57:37 +0100
committerLudovic Courtès <ludo@gnu.org>2016-03-01 16:00:46 +0100
commitcaeadfddb01d2cda19d2f761ba9906ef8f162173 (patch)
tree35809fd6d97c5975948e3cb76c69a150cb8a2f82 /gnu/packages/patches/openssl-c-rehash-in.patch
parentc22a1324e64d6906be5e9a8e64b8716ad763434a (diff)
downloadguix-caeadfddb01d2cda19d2f761ba9906ef8f162173.tar
guix-caeadfddb01d2cda19d2f761ba9906ef8f162173.tar.gz
gnu: openssl: Replace with 1.0.2g [fixes CVE-2016-{0800,0705,0798,0797,0799,0702,0703,0704}].
See <http://openssl.org/news/secadv/20160301.txt>. Also fixes <http://bugs.gnu.org/22831>. * gnu/packages/patches/openssl-c-rehash-in.patch: New file. * gnu/packages/tls.scm (openssl)[replacement]: New field. (openssl-1.0.2g): New variable.
Diffstat (limited to 'gnu/packages/patches/openssl-c-rehash-in.patch')
-rw-r--r--gnu/packages/patches/openssl-c-rehash-in.patch17
1 files changed, 17 insertions, 0 deletions
diff --git a/gnu/packages/patches/openssl-c-rehash-in.patch b/gnu/packages/patches/openssl-c-rehash-in.patch
new file mode 100644
index 0000000000..bd3d3178f1
--- /dev/null
+++ b/gnu/packages/patches/openssl-c-rehash-in.patch
@@ -0,0 +1,17 @@
+This patch removes the explicit reference to the 'perl' binary,
+such that OpenSSL does not retain a reference to Perl.
+
+The 'c_rehash' program is seldom used, but it is used nonetheless
+to create symbolic links to certificates, for instance in the 'nss-certs'
+package.
+
+--- openssl-1.0.2g/tools/c_rehash.in 2015-09-09 18:36:07.313316482 +0200
++++ openssl-1.0.2g/tools/c_rehash.in 2015-09-09 18:36:28.965458458 +0200
+@@ -1,4 +1,6 @@
+-#!/usr/local/bin/perl
++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
++ & eval 'exec perl -wS "$0" $argv:q'
++ if 0;
+
+ # Perl c_rehash script, scan all files in a directory
+ # and add symbolic links to their hash values.