guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: perl-io-socket-ssl: Add workaround for OpenSSL-1.0.2f.


From: Mark H. Weaver
Subject: 01/01: gnu: perl-io-socket-ssl: Add workaround for OpenSSL-1.0.2f.
Date: Sun, 31 Jan 2016 20:24:01 +0000

mhw pushed a commit to branch security-updates
in repository guix.

commit f6d49e2d4dc24660b86a6deb06ecf283534a853e
Author: Mark H Weaver <address@hidden>
Date:   Sun Jan 31 15:22:17 2016 -0500

    gnu: perl-io-socket-ssl: Add workaround for OpenSSL-1.0.2f.
    
    * gnu/packages/patches/perl-io-socket-ssl-openssl-1.0.2f-fix.patch: New 
file.
    * gnu-system.am (dist_patch_DATA): Add it.
    * gnu/packages/web.scm (perl-io-socket-ssl)[source]: Add patch.
---
 gnu-system.am                                      |    1 +
 .../perl-io-socket-ssl-openssl-1.0.2f-fix.patch    |   33 ++++++++++++++++++++
 gnu/packages/web.scm                               |    7 +++-
 3 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/gnu-system.am b/gnu-system.am
index ac38635..4764a16 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -647,6 +647,7 @@ dist_patch_DATA =                                           
\
   gnu/packages/patches/perl-deterministic-ordering.patch       \
   gnu/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
   gnu/packages/patches/perl-gd-options-passthrough-and-fontconfig.patch \
+  gnu/packages/patches/perl-io-socket-ssl-openssl-1.0.2f-fix.patch \
   gnu/packages/patches/perl-net-amazon-s3-moose-warning.patch  \
   gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch  \
   gnu/packages/patches/perl-no-build-time.patch                        \
diff --git a/gnu/packages/patches/perl-io-socket-ssl-openssl-1.0.2f-fix.patch 
b/gnu/packages/patches/perl-io-socket-ssl-openssl-1.0.2f-fix.patch
new file mode 100644
index 0000000..f2166ae
--- /dev/null
+++ b/gnu/packages/patches/perl-io-socket-ssl-openssl-1.0.2f-fix.patch
@@ -0,0 +1,33 @@
+Work around a problem arising from the update to OpenSSL 1.0.2f, based on the
+following upstream commit:
+
+  
https://github.com/noxxi/p5-io-socket-ssl/commit/6e23ee4a433f83f1065bd2467255eba5ee9b1ddd
+
+Attempting to update to IO-Socket-SSL-2.023, which includes this commit,
+caused other test failures.  See:
+
+  https://lists.gnu.org/archive/html/guix-devel/2016-01/msg01032.html
+
+Description from the upstream commit:
+
+  OpenSSL 1.0.2f changed the behavior of SSL shutdown in case the TLS 
connection
+  was not fully established (commit: f73c737c7ac908c5d6407c419769123392a3b0a9).
+  This somehow resulted in Net::SSLeay::shutdown returning 0 (i.e. keep trying)
+  which caused an endless loop. It will now ignore this result in case the TLS
+  connection was not yet established and consider the TLS connection closed
+  instead.
+
+--- IO-Socket-SSL-2.002/lib/IO/Socket/SSL.pm.orig      2014-10-21 
16:51:16.000000000 -0400
++++ IO-Socket-SSL-2.002/lib/IO/Socket/SSL.pm   2016-01-31 15:07:14.971099894 
-0500
+@@ -1213,6 +1213,11 @@
+                   # shutdown complete
+                   last;
+               }
++              if ((${*$self}{'_SSL_opened'}||0) <= 0) {
++                  # not really open, thus don't expect shutdown to return
++                  # something meaningful
++                  last;
++              }
+ 
+               # initiate or complete shutdown
+               local $SIG{PIPE} = 'IGNORE';
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index a4f4c02..516e623 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013, 2015 Andreas Enge <address@hidden>
 ;;; Copyright © 2013 Aljosha Papsch <address@hidden>
 ;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <address@hidden>
-;;; Copyright © 2014, 2015 Mark H Weaver <address@hidden>
+;;; Copyright © 2014, 2015, 2016 Mark H Weaver <address@hidden>
 ;;; Copyright © 2015 Ricardo Wurmus <address@hidden>
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <address@hidden>
 ;;; Copyright © 2015, 2016 Eric Bavier <address@hidden>
@@ -2292,7 +2292,10 @@ and IPv6 sockets, intended as a replacement for 
IO::Socket::INET.")
                                   "IO-Socket-SSL-" version ".tar.gz"))
               (sha256
                (base32
-                "1mph52lw6x5v44wf8mw00llzi8pp6k5c4jnrnrvlacrlfv260jb8"))))
+                "1mph52lw6x5v44wf8mw00llzi8pp6k5c4jnrnrvlacrlfv260jb8"))
+              (patches
+               (list
+                (search-patch 
"perl-io-socket-ssl-openssl-1.0.2f-fix.patch")))))
     (build-system perl-build-system)
     (propagated-inputs `(("perl-net-ssleay" ,perl-net-ssleay)))
     (synopsis "Nearly transparent SSL encapsulation for IO::Socket::INET")



reply via email to

[Prev in Thread] Current Thread [Next in Thread]