diff options
| author | Mark H Weaver <mhw@netris.org> | 2014-06-05 16:36:25 -0400 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2014-06-05 16:36:25 -0400 |
| commit | 017f7415ab6eba71448215fe9bb133262680ff09 (patch) | |
| tree | 7f02e9a7c63420b2bfe60ca10d8ce5fe51221d47 | |
| parent | cc24623d7189ec03a2b31750daf784b06474cb84 (diff) | |
| download | guix-patches-017f7415ab6eba71448215fe9bb133262680ff09.tar guix-patches-017f7415ab6eba71448215fe9bb133262680ff09.tar.gz | |
gnu: openssl: Upgrade to 1.0.1h.
* gnu/packages/openssl.scm (openssl): Upgrade to 1.0.1h. Remove
patches, which are now upstream.
* gnu/packages/patches/openssl-extension-checking-fixes.patch: Remove.
* gnu/packages/patches/openssl-CVE-2010-5298.patch: Remove.
* gnu-system.am (dist_patch_DATA): Remove them.
| -rw-r--r-- | gnu-system.am | 2 | ||||
| -rw-r--r-- | gnu/packages/openssl.scm | 7 | ||||
| -rw-r--r-- | gnu/packages/patches/openssl-CVE-2010-5298.patch | 27 | ||||
| -rw-r--r-- | gnu/packages/patches/openssl-extension-checking-fixes.patch | 40 |
4 files changed, 2 insertions, 74 deletions
diff --git a/gnu-system.am b/gnu-system.am index 71af17f060..c5331fa10d 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -332,8 +332,6 @@ dist_patch_DATA = \ gnu/packages/patches/mit-krb5-init-fix.patch \ gnu/packages/patches/mpc123-initialize-ao.patch \ gnu/packages/patches/module-init-tools-moduledir.patch \ - gnu/packages/patches/openssl-CVE-2010-5298.patch \ - gnu/packages/patches/openssl-extension-checking-fixes.patch \ gnu/packages/patches/patchelf-page-size.patch \ gnu/packages/patches/patchutils-xfail-gendiff-tests.patch \ gnu/packages/patches/perl-no-sys-dirs.patch \ diff --git a/gnu/packages/openssl.scm b/gnu/packages/openssl.scm index eb03bb99c3..51caa00e68 100644 --- a/gnu/packages/openssl.scm +++ b/gnu/packages/openssl.scm @@ -28,17 +28,14 @@ (define-public openssl (package (name "openssl") - (version "1.0.1g") + (version "1.0.1h") (source (origin (method url-fetch) (uri (string-append "ftp://ftp.openssl.org/source/openssl-" version ".tar.gz")) (sha256 (base32 - "0a70qdqccg16nw4bbawa6pjvzn05vfp5wkwg6jl0grch7f683jsk")) - (patches - (list (search-patch "openssl-CVE-2010-5298.patch") - (search-patch "openssl-extension-checking-fixes.patch"))))) + "14yhsgag5as7nhxnw7f0vklwjwa3pmn1i15nmp3f4qxa6sc8l74x")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (arguments diff --git a/gnu/packages/patches/openssl-CVE-2010-5298.patch b/gnu/packages/patches/openssl-CVE-2010-5298.patch deleted file mode 100644 index 707a24dff0..0000000000 --- a/gnu/packages/patches/openssl-CVE-2010-5298.patch +++ /dev/null @@ -1,27 +0,0 @@ -From db978be7388852059cf54e42539a363d549c5bfd Mon Sep 17 00:00:00 2001 -From: Kurt Roeckx <kurt@roeckx.be> -Date: Sun, 13 Apr 2014 15:05:30 +0200 -Subject: [PATCH] Don't release the buffer when there still is data in it - -RT: 2167, 3265 ---- - ssl/s3_pkt.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c -index b9e45c7..32e9207 100644 ---- a/ssl/s3_pkt.c -+++ b/ssl/s3_pkt.c -@@ -1055,7 +1055,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) - { - s->rstate=SSL_ST_READ_HEADER; - rr->off=0; -- if (s->mode & SSL_MODE_RELEASE_BUFFERS) -+ if (s->mode & SSL_MODE_RELEASE_BUFFERS && -+ s->s3->rbuf.left == 0) - ssl3_release_read_buffer(s); - } - } --- -1.9.1 - diff --git a/gnu/packages/patches/openssl-extension-checking-fixes.patch b/gnu/packages/patches/openssl-extension-checking-fixes.patch deleted file mode 100644 index 3fdd893563..0000000000 --- a/gnu/packages/patches/openssl-extension-checking-fixes.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 300b9f0b704048f60776881f1d378c74d9c32fbd Mon Sep 17 00:00:00 2001 -From: "Dr. Stephen Henson" <steve@openssl.org> -Date: Tue, 15 Apr 2014 18:48:54 +0100 -Subject: [PATCH] Extension checking fixes. - -When looking for an extension we need to set the last found -position to -1 to properly search all extensions. - -PR#3309. ---- - crypto/x509v3/v3_purp.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c -index 6c40c7d..5f931db 100644 ---- a/crypto/x509v3/v3_purp.c -+++ b/crypto/x509v3/v3_purp.c -@@ -389,8 +389,8 @@ static void x509v3_cache_extensions(X509 *x) - /* Handle proxy certificates */ - if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) { - if (x->ex_flags & EXFLAG_CA -- || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0 -- || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) { -+ || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0 -+ || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) { - x->ex_flags |= EXFLAG_INVALID; - } - if (pci->pcPathLengthConstraint) { -@@ -670,7 +670,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, - return 0; - - /* Extended Key Usage MUST be critical */ -- i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, 0); -+ i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, -1); - if (i_ext >= 0) - { - X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext); --- -1.9.1 - |