01/01: gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193, 3194, 3195}].

[Mark H. Weaver]

mhw pushed a commit to branch security-updates
in repository guix.

commit 1d65fb4c4ee25bff19906169213490b516f9f8df
Author: Mark H Weaver <address@hidden>
Date:   Thu Dec 3 16:22:39 2015 -0500

    gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].
    
    * gnu/packages/tls.scm (openssl): Update to 1.0.2e.
      [arguments]: Rename 'fix-man-dir' phase to 'patch-Makefile.org',
      and patch SHELL in Makefile.org.  Add 'fix-broken-symlinks' phase.
      Return #t from 'patch-tests' phase.
---
 gnu/packages/tls.scm |   31 +++++++++++++++++++++++++++----
 1 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 1a0eeb2..b1bc359 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -187,14 +187,14 @@ required structures.")
 (define-public openssl
   (package
    (name "openssl")
-   (version "1.0.2d")
+   (version "1.0.2e")
    (source (origin
             (method url-fetch)
             (uri (string-append "ftp://ftp.openssl.org/source/openssl-"; version
                                 ".tar.gz"))
             (sha256
              (base32
-              "1j58r7rdj9fz2lanir8ajbx4bspb5jnm5ikl6dq8lql5fx43c737"))
+              "1zqb1rff1wikc62a7vj5qxd1k191m8qif5d05mwdxz2wnzywlg72"))
             (patches (map search-patch
                           '("openssl-runpath.patch"
                             "openssl-c-rehash.patch")))))
@@ -207,10 +207,11 @@ required structures.")
       #:phases
       (modify-phases %standard-phases
         (add-before
-         'configure 'fix-man-dir
+         'configure 'patch-Makefile.org
          (lambda* (#:key outputs #:allow-other-keys)
            ;; The default MANDIR is some unusual place.  Fix that.
            (let ((out (assoc-ref outputs "out")))
+             (patch-makefile-SHELL "Makefile.org")
              (substitute* "Makefile.org"
                (("^MANDIR[[:blank:]]*=.*$")
                 (string-append "MANDIR = " out "/share/man\n")))
@@ -249,6 +250,27 @@ required structures.")
                        (find-files (string-append out "/lib")
                                    "\\.so"))
              #t)))
+        (add-after
+         'unpack 'fix-broken-symlinks
+         (lambda _
+           ;; Repair the broken symlinks in the openssl-1.0.2e tarball.
+           (let* ((link-prefix "openssl-1.0.2e/")
+                  (link-prefix-length (string-length link-prefix))
+                  (broken-links
+                   (find-files "." (lambda (file stat)
+                                     (and (eq? 'symlink (stat:type stat))
+                                          (string-prefix? link-prefix
+                                                          (readlink file)))))))
+             (when (null? broken-links)
+               (error "The 'fix-broken-symlinks' phase is obsolete; remove 
it"))
+             (for-each (lambda (file)
+                         (let* ((old-target (readlink file))
+                                (new-target (string-drop old-target
+                                                         link-prefix-length)))
+                           (delete-file file)
+                           (symlink new-target file)))
+                       broken-links)
+             #t)))
         (add-before
          'patch-source-shebangs 'patch-tests
          (lambda* (#:key inputs native-inputs #:allow-other-keys)
@@ -257,7 +279,8 @@ required structures.")
                (("/bin/sh")
                 (string-append bash "/bin/bash"))
                (("/bin/rm")
-                "rm")))))
+                "rm"))
+             #t)))
         (add-after
          'install 'remove-miscellany
          (lambda* (#:key outputs #:allow-other-keys)