--- Begin Message ---
Subject: |
OpenSSL should not depend on Perl |
Date: |
Sat, 27 Feb 2016 18:05:29 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Commit 784d6e91 changed OpenSSL such that it does not depend on Perl,
but one of the subsequent upgrades broke it:
--8<---------------cut here---------------start------------->8---
$ guix build perl
/gnu/store/x2p2biyybcb2wac77qz9468asc5fm48i-perl-5.22.1
$ grep -r x2p2biyybcb2wac77qz9468asc5fm48i $(guix build openssl)
/gnu/store/qvx4q6lbwi4s3cwr8wqaa7kcva0a5c4b-openssl-1.0.2f/bin/c_rehash:#!/gnu/store/x2p2biyybcb2wac77qz9468asc5fm48i-perl-5.22.1/bin/perl
--8<---------------cut here---------------end--------------->8---
Somehow ‘openssl-c-rehash.patch’ seems to no longer have the desired
effect.
Ludo’.
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#22831: OpenSSL should not depend on Perl |
Date: |
Tue, 01 Mar 2016 18:24:15 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
address@hidden (Ludovic Courtès) skribis:
> Leo Famulari <address@hidden> skribis:
>
>> On Sun, Feb 28, 2016 at 02:35:12PM +0100, Ludovic Courtès wrote:
>>> Leo Famulari <address@hidden> skribis:
>>>
>>> > On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Courtès wrote:
>>> >> Commit 784d6e91 changed OpenSSL such that it does not depend on Perl,
>>> >> but one of the subsequent upgrades broke it:
>>> >
>>> > Bisecting, I narrowed it down to:
>>> > 86c8f1daf8ed10f13f2b1e973a28845629b8ce47
>>> > (gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].).
>>> >
>>> > I'll get the openssl sources corresponding to the good and bad commmits
>>> > and try to figure out what changed that pulled perl back in.
>>>
>>> Awesome. Hopefully we can apply the fix when we upgrade OpenSSL this
>>> Tuesday.
>>
>> 'openssl-c-rehash.patch' is being applied, but at some point in the
>> build process the change is reverted.
>
> In the source, I see:
>
> $ find -name c_rehash\*
> ./tools/c_rehash
> ./tools/c_rehash.in
> ./doc/apps/c_rehash.pod
>
> Could it be that the unpatched one ends up being installed or something?
Indeed. Fixed in caeadfd, though without #:allowed-references—it’ll be
more convenient to use #:disallowed-references when it’s implemented.
Ludo’.
--- End Message ---