From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: OpenSSL should not depend on Perl Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sat, 27 Feb 2016 17:06:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 22831@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.14565927453330 (code B ref -1); Sat, 27 Feb 2016 17:06:02 +0000 Received: (at submit) by debbugs.gnu.org; 27 Feb 2016 17:05:45 +0000 Received: from localhost ([127.0.0.1]:49032 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aZiJN-0000re-6Z for submit@debbugs.gnu.org; Sat, 27 Feb 2016 12:05:45 -0500 Received: from eggs.gnu.org ([208.118.235.92]:48899) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aZiJL-0000rS-MV for submit@debbugs.gnu.org; Sat, 27 Feb 2016 12:05:43 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aZiJF-0004bN-Oz for submit@debbugs.gnu.org; Sat, 27 Feb 2016 12:05:38 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:55943) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aZiJF-0004bJ-LC for submit@debbugs.gnu.org; Sat, 27 Feb 2016 12:05:37 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:39864) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aZiJE-0003yr-Gm for bug-guix@gnu.org; Sat, 27 Feb 2016 12:05:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aZiJB-0004ah-6s for bug-guix@gnu.org; Sat, 27 Feb 2016 12:05:36 -0500 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:47558) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aZiJB-0004aX-1R for bug-guix@gnu.org; Sat, 27 Feb 2016 12:05:33 -0500 Received: from reverse-83.fdn.fr ([80.67.176.83]:35230 helo=pluto) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1aZiJA-0003IF-83 for bug-guix@gnu.org; Sat, 27 Feb 2016 12:05:32 -0500 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 9 =?UTF-8?Q?Vent=C3=B4se?= an 224 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x3D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Sat, 27 Feb 2016 18:05:29 +0100 Message-ID: <87lh66xew6.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Commit 784d6e91 changed OpenSSL such that it does not depend on Perl, but one of the subsequent upgrades broke it: --8<---------------cut here---------------start------------->8--- $ guix build perl /gnu/store/x2p2biyybcb2wac77qz9468asc5fm48i-perl-5.22.1 $ grep -r x2p2biyybcb2wac77qz9468asc5fm48i $(guix build openssl) /gnu/store/qvx4q6lbwi4s3cwr8wqaa7kcva0a5c4b-openssl-1.0.2f/bin/c_rehash:#!/= gnu/store/x2p2biyybcb2wac77qz9468asc5fm48i-perl-5.22.1/bin/perl --8<---------------cut here---------------end--------------->8--- Somehow =E2=80=98openssl-c-rehash.patch=E2=80=99 seems to no longer have th= e desired effect. Ludo=E2=80=99. From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: OpenSSL should not depend on Perl Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 28 Feb 2016 01:11:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.145662183022719 (code B ref 22831); Sun, 28 Feb 2016 01:11:01 +0000 Received: (at 22831) by debbugs.gnu.org; 28 Feb 2016 01:10:30 +0000 Received: from localhost ([127.0.0.1]:49206 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aZpsU-0005uN-Lx for submit@debbugs.gnu.org; Sat, 27 Feb 2016 20:10:30 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:42725) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aZpsS-0005uF-Nn for 22831@debbugs.gnu.org; Sat, 27 Feb 2016 20:10:29 -0500 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 88DFA20A40; Sat, 27 Feb 2016 20:10:28 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute3.internal (MEProxy); Sat, 27 Feb 2016 20:10:28 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=xwRWvwfulbuQdSFN0D8bLBBaS7g=; b=J4okSG uUJMkSdq4LayjyjfQFlVT7mvHJD+WmGiMsCcIHQDA0QUX5fY52Catgo1Tb0SuPoc JuW/EO0CzBjzavCZm3D6w8pNc2AlA9xnbonXtEqe8jOoUOAnLoqRxl14ovGQvrec 5F0QsQCnNsYlhR5EVd3Jfj76jCC1Q9HcKDKzY= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=xwRWvwfulbuQdSF N0D8bLBBaS7g=; b=RKnT3v+DwwjJOdxTTL0b6YVlqaWmrHMiSF5V642uZAeeBZQ +FgFuWxd5EuC2BYWPtVZv6cQzn1SfHzpLxRtfWDruSkHeFEnthJ7imxyVX2yO+QZ ZVGSwMD0yzcqGU1weo6qk3l05h96XRu16vJ1xYRDmJkwyeLPDqPPcUiPse9s= X-Sasl-enc: lWRLe0MVOyF7Hs5fYLIULCqAbTutVPLLykgrpsjvrDpa 1456621828 Received: from localhost (c-71-225-1-241.hsd1.pa.comcast.net [71.225.1.241]) by mail.messagingengine.com (Postfix) with ESMTPA id 418886800DB; Sat, 27 Feb 2016 20:10:28 -0500 (EST) Date: Sat, 27 Feb 2016 20:10:27 -0500 From: Leo Famulari Message-ID: <20160228011027.GC6690@jasmine> References: <87lh66xew6.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87lh66xew6.fsf@gnu.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Courtès wrote: > Commit 784d6e91 changed OpenSSL such that it does not depend on Perl, > but one of the subsequent upgrades broke it: Bisecting, I narrowed it down to: 86c8f1daf8ed10f13f2b1e973a28845629b8ce47 (gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].). I'll get the openssl sources corresponding to the good and bad commmits and try to figure out what changed that pulled perl back in. > > --8<---------------cut here---------------start------------->8--- > $ guix build perl > /gnu/store/x2p2biyybcb2wac77qz9468asc5fm48i-perl-5.22.1 > $ grep -r x2p2biyybcb2wac77qz9468asc5fm48i $(guix build openssl) > /gnu/store/qvx4q6lbwi4s3cwr8wqaa7kcva0a5c4b-openssl-1.0.2f/bin/c_rehash:#!/gnu/store/x2p2biyybcb2wac77qz9468asc5fm48i-perl-5.22.1/bin/perl > --8<---------------cut here---------------end--------------->8--- > > Somehow ‘openssl-c-rehash.patch’ seems to no longer have the desired > effect. > > Ludo’. > > > From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: OpenSSL should not depend on Perl Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 28 Feb 2016 13:36:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Famulari Cc: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.145666653010015 (code B ref 22831); Sun, 28 Feb 2016 13:36:02 +0000 Received: (at 22831) by debbugs.gnu.org; 28 Feb 2016 13:35:30 +0000 Received: from localhost ([127.0.0.1]:49618 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aa1VS-0002bT-CQ for submit@debbugs.gnu.org; Sun, 28 Feb 2016 08:35:30 -0500 Received: from eggs.gnu.org ([208.118.235.92]:55036) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aa1VQ-0002bC-VI for 22831@debbugs.gnu.org; Sun, 28 Feb 2016 08:35:29 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aa1VH-0001RE-VU for 22831@debbugs.gnu.org; Sun, 28 Feb 2016 08:35:23 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:36519) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aa1VH-0001RA-Ru; Sun, 28 Feb 2016 08:35:19 -0500 Received: from reverse-83.fdn.fr ([80.67.176.83]:55468 helo=pluto) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1aa1VC-000565-Tj; Sun, 28 Feb 2016 08:35:15 -0500 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <87lh66xew6.fsf@gnu.org> <20160228011027.GC6690@jasmine> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 10 =?UTF-8?Q?Vent=C3=B4se?= an 224 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x3D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Sun, 28 Feb 2016 14:35:12 +0100 In-Reply-To: <20160228011027.GC6690@jasmine> (Leo Famulari's message of "Sat, 27 Feb 2016 20:10:27 -0500") Message-ID: <87povhvtyn.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Leo Famulari skribis: > On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Court=C3=A8s wrote: >> Commit 784d6e91 changed OpenSSL such that it does not depend on Perl, >> but one of the subsequent upgrades broke it: > > Bisecting, I narrowed it down to: > 86c8f1daf8ed10f13f2b1e973a28845629b8ce47 > (gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].). > > I'll get the openssl sources corresponding to the good and bad commmits > and try to figure out what changed that pulled perl back in. Awesome. Hopefully we can apply the fix when we upgrade OpenSSL this Tuesday. Thanks, Ludo=E2=80=99. From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: OpenSSL should not depend on Perl Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 28 Feb 2016 13:39:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Famulari Cc: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.145666669010274 (code B ref 22831); Sun, 28 Feb 2016 13:39:01 +0000 Received: (at 22831) by debbugs.gnu.org; 28 Feb 2016 13:38:10 +0000 Received: from localhost ([127.0.0.1]:49622 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aa1Y1-0002fe-QU for submit@debbugs.gnu.org; Sun, 28 Feb 2016 08:38:10 -0500 Received: from eggs.gnu.org ([208.118.235.92]:55495) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aa1Xz-0002fO-Fd for 22831@debbugs.gnu.org; Sun, 28 Feb 2016 08:38:07 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aa1Xp-0001x1-B3 for 22831@debbugs.gnu.org; Sun, 28 Feb 2016 08:38:02 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:36536) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aa1Xp-0001ww-7F; Sun, 28 Feb 2016 08:37:57 -0500 Received: from reverse-83.fdn.fr ([80.67.176.83]:55604 helo=pluto) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1aa1Xo-000336-K4; Sun, 28 Feb 2016 08:37:57 -0500 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <87lh66xew6.fsf@gnu.org> <20160228011027.GC6690@jasmine> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 10 =?UTF-8?Q?Vent=C3=B4se?= an 224 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x3D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Sun, 28 Feb 2016 14:37:54 +0100 In-Reply-To: <20160228011027.GC6690@jasmine> (Leo Famulari's message of "Sat, 27 Feb 2016 20:10:27 -0500") Message-ID: <87lh65vtu5.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Leo Famulari skribis: > On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Court=C3=A8s wrote: >> Commit 784d6e91 changed OpenSSL such that it does not depend on Perl, >> but one of the subsequent upgrades broke it: > > Bisecting, I narrowed it down to: > 86c8f1daf8ed10f13f2b1e973a28845629b8ce47 > (gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].). > > I'll get the openssl sources corresponding to the good and bad commmits > and try to figure out what changed that pulled perl back in. Also we should add something like: #:allowed-references (list (canonical-package glibc) (list (canonical-package gcc) "lib") "out") to avoid regressions. (A case where #:disallowed-references would be more convenient, but it=E2= =80=99s not yet implemented. :-)) Ludo=E2=80=99. From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: OpenSSL should not depend on Perl Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 29 Feb 2016 08:48:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.145673566124158 (code B ref 22831); Mon, 29 Feb 2016 08:48:02 +0000 Received: (at 22831) by debbugs.gnu.org; 29 Feb 2016 08:47:41 +0000 Received: from localhost ([127.0.0.1]:51839 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaJUS-0006Ha-Ub for submit@debbugs.gnu.org; Mon, 29 Feb 2016 03:47:41 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:42018) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaJUQ-0006HS-RM for 22831@debbugs.gnu.org; Mon, 29 Feb 2016 03:47:39 -0500 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 9EF5120776; Mon, 29 Feb 2016 03:47:38 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute1.internal (MEProxy); Mon, 29 Feb 2016 03:47:38 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=ndaf6ipjOim5kp0GFyLkabJAl0o=; b=lEEoNb W+R63tAAGHj4OZ1uch2aMMciOMsEoPsbj5Hj7igt4zuj+j4nuDfm+6KdWWRJcxEa EDQiGnovRUHLCQWsXysM+TFs0W8rZXOIM6vYmWBKGQPzKDVuChTFxIGwOLcDFHox euNYSrTKJXJiO1ST+PZVJCbJWaj5rKGKL2stU= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=ndaf6ipjOim5kp0 GFyLkabJAl0o=; b=LD7Kkq6EUURHjHv83yTgaxr0Got7Qi1pzOGS0PZYG2FWNCt Gif01Jw04UtCR18zR8gKRfOHxsAMwKwL3p/SPodzFnZQP/ZNW5bLu9DHUyfKJuAB egrA37ocoLCyuDAP8df8kIbhBUw+x75PCur5kUZGm+GcI1vYlfCt4eFjw0Xo= X-Sasl-enc: scYdsFBBf3HL5k+bX/yqEJqNvBm6OaEwg+qGK9B2AbbD 1456735658 Received: from localhost (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231]) by mail.messagingengine.com (Postfix) with ESMTPA id 5DDD76801A3; Mon, 29 Feb 2016 03:47:38 -0500 (EST) Date: Mon, 29 Feb 2016 03:47:38 -0500 From: Leo Famulari Message-ID: <20160229084738.GB18766@jasmine> References: <87lh66xew6.fsf@gnu.org> <20160228011027.GC6690@jasmine> <87povhvtyn.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87povhvtyn.fsf@gnu.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Sun, Feb 28, 2016 at 02:35:12PM +0100, Ludovic Courtès wrote: > Leo Famulari skribis: > > > On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Courtès wrote: > >> Commit 784d6e91 changed OpenSSL such that it does not depend on Perl, > >> but one of the subsequent upgrades broke it: > > > > Bisecting, I narrowed it down to: > > 86c8f1daf8ed10f13f2b1e973a28845629b8ce47 > > (gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].). > > > > I'll get the openssl sources corresponding to the good and bad commmits > > and try to figure out what changed that pulled perl back in. > > Awesome. Hopefully we can apply the fix when we upgrade OpenSSL this > Tuesday. 'openssl-c-rehash.patch' is being applied, but at some point in the build process the change is reverted. I haven't figured out why yet. Ludo is right, it would be really good to only change our OpenSSL package one day this week. So, I'm asking for help with this problem! I will spend some time on it tomorrow, but I really don't have any promising leads. My plan is to step through the build process and learn when the shebang is recreated. Hopefully then I will get some inspiration. I suppose a nasty short term fix would be to patch the file after installing it. I will submit that patch if it seems there is no other option in time for the security update. From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: OpenSSL should not depend on Perl Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 29 Feb 2016 08:49:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.145673569624234 (code B ref 22831); Mon, 29 Feb 2016 08:49:01 +0000 Received: (at 22831) by debbugs.gnu.org; 29 Feb 2016 08:48:16 +0000 Received: from localhost ([127.0.0.1]:51843 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaJV2-0006Io-80 for submit@debbugs.gnu.org; Mon, 29 Feb 2016 03:48:16 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:36206) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaJV1-0006Ig-Kq for 22831@debbugs.gnu.org; Mon, 29 Feb 2016 03:48:15 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 6F82620B86; Mon, 29 Feb 2016 03:48:15 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Mon, 29 Feb 2016 03:48:15 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=KzxX1uR7NiD0bXofU7q6z88Xi60=; b=hYsvLs uI/F+N1jg9CHArHWV6ROAHEzPgL0vvTcp/YFpN/SbZRXtC3FXbea8mkjW8Srrwr7 3+JsTQtD6ZWelPqCHNgn/iJ0I3VGf6S85qWBdSH6+0k1BWaoZFv7u4pD2n7PBGMw uG0rVynlsT+yVwNunDgC1nPwEclUppWJYjy7c= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=KzxX1uR7NiD0bXo fU7q6z88Xi60=; b=M7y+pACxNMln+W/z9Gn4CJHHy3fFM/PpHS+/XUyRiERd7HL 4kSvG/9RkHttiec10U2LdqvIvORhH15vCN3PxrHGpndjdqdIqKMLyfuEe7neAaMg lLjmQ8JF4IVbOuCycj80zMlnTqW9YT6/X837zAAzA2reDfKVqgnazOcF5sPQ= X-Sasl-enc: 9RF1Fxl01sq4/RL0qYH1jO6oCRze5ARIXykp4sAd20D8 1456735695 Received: from localhost (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231]) by mail.messagingengine.com (Postfix) with ESMTPA id 276336801CC; Mon, 29 Feb 2016 03:48:15 -0500 (EST) Date: Mon, 29 Feb 2016 03:48:15 -0500 From: Leo Famulari Message-ID: <20160229084815.GC18766@jasmine> References: <87lh66xew6.fsf@gnu.org> <20160228011027.GC6690@jasmine> <87lh65vtu5.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87lh65vtu5.fsf@gnu.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Sun, Feb 28, 2016 at 02:37:54PM +0100, Ludovic Courtès wrote: > Leo Famulari skribis: > > > On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Courtès wrote: > >> Commit 784d6e91 changed OpenSSL such that it does not depend on Perl, > >> but one of the subsequent upgrades broke it: > > > > Bisecting, I narrowed it down to: > > 86c8f1daf8ed10f13f2b1e973a28845629b8ce47 > > (gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].). > > > > I'll get the openssl sources corresponding to the good and bad commmits > > and try to figure out what changed that pulled perl back in. > > Also we should add something like: > > #:allowed-references (list (canonical-package glibc) > (list (canonical-package gcc) "lib") > "out") > > to avoid regressions. Okay, good idea. > > (A case where #:disallowed-references would be more convenient, but it’s > not yet implemented. :-)) > > Ludo’. From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: [PATCH 0/2] OpenSSL / Perl run-time dependency References: <87lh66xew6.fsf@gnu.org> In-Reply-To: <87lh66xew6.fsf@gnu.org> Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 01 Mar 2016 00:40:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.145679279927279 (code B ref 22831); Tue, 01 Mar 2016 00:40:03 +0000 Received: (at 22831) by debbugs.gnu.org; 1 Mar 2016 00:39:59 +0000 Received: from localhost ([127.0.0.1]:54354 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaYM2-00075t-Gc for submit@debbugs.gnu.org; Mon, 29 Feb 2016 19:39:58 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:42316) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaYM1-00075R-1G for 22831@debbugs.gnu.org; Mon, 29 Feb 2016 19:39:57 -0500 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 5152520852; Mon, 29 Feb 2016 19:39:55 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute1.internal (MEProxy); Mon, 29 Feb 2016 19:39:55 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h= date:from:message-id:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=MEf2AOlqLv+LdldLwhG0ApqjMGM=; b=dKsu+CQz6IYH7H+p24f7O57VGdDe XEk/NsfCdMjM4LM518S6LgwxYVX7i6NcLYHnmacXS+tmAaDTKxD0M4j0BLuzmOJK SIA0u8DhNdy4gH6owFe72b6vLSfrfNN+XU4glXTUCKIvuVk4QSHxTKqlrnD+59hD H1S2TYUK+/h1Hd8= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=date:from:message-id:subject:to :x-sasl-enc:x-sasl-enc; s=smtpout; bh=MEf2AOlqLv+LdldLwhG0ApqjMG M=; b=deaDfHN8qt/I3474ZmDiUtkEXZl9i5JZWlhC886/fO4HBd5NVQvsjQNUab mOjNLFjqZY5B42sLGvo9qCppIRjGR6eUFSB0x8Sa2HnlGB+QFs4W0eWQ1MFFPk8K zkaRkO0bl4ZCAjTAxkw128bAU7my0vF80vx0iVPz4x7dhEIfk= X-Sasl-enc: 85QNWSZIDis4ZISMyGIdX+iuEW7+9JVxqYeDGgmS/14p 1456792795 Received: from jasmine.lan (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231]) by mail.messagingengine.com (Postfix) with ESMTPA id 06FE66801CC for <22831@debbugs.gnu.org>; Mon, 29 Feb 2016 19:39:55 -0500 (EST) From: Leo Famulari Date: Mon, 29 Feb 2016 19:39:51 -0500 Message-Id: X-Mailer: git-send-email 2.7.1 X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) Patch 1/2 updates the patch we use to keep Perl from becoming a registered run-time dependency of OpenSSL. Patch 2/2 is an attempt to use #:allowed-references to prevent Perl from sneaking back in again. Unfortunately, it fails when gcc is an allowed reference. It "works" when gcc is not in the list. Here's the backtrace: Backtrace: In ice-9/boot-9.scm: 157: 19 [catch system-error # ...] In ice-9/eval.scm: 481: 18 [lp (#) (absolute)] 411: 17 [eval # #] 481: 16 [lp (#) (#t)] In srfi/srfi-1.scm: 646: 15 [append-map # (#)] 578: 14 [map # (#)] In ice-9/eval.scm: 387: 13 [eval # #] 411: 12 [eval # #] In ice-9/r4rs.scm: 39: 11 [call-with-values # ...] In ice-9/eval.scm: 411: 10 [eval # #] 481: 9 [lp (# #) ("x86_64-linux" #f)] 481: 8 [lp (#) (#f)] 411: 7 [eval # #] 387: 6 [eval # #] 387: 5 [eval # #] 387: 4 [eval # #] 387: 3 [eval # #] 387: 2 [eval # #] 393: 1 [eval # #] In unknown file: ?: 0 [memoize-variable-access! # #] ERROR: In procedure memoize-variable-access!: ERROR: Unbound variable: gcc Leo Famulari (2): gnu: openssl: Remove run-time dependency on Perl. WIP: gnu: openssl: Restrict allowed references for openssl. gnu/packages/patches/openssl-c-rehash.patch | 14 ++++++++++++++ gnu/packages/tls.scm | 7 +++++++ 2 files changed, 21 insertions(+) -- 2.7.1 From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: [PATCH 1/2] gnu: openssl: Remove run-time dependency on Perl. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 01 Mar 2016 00:40:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.145679279927286 (code B ref 22831); Tue, 01 Mar 2016 00:40:04 +0000 Received: (at 22831) by debbugs.gnu.org; 1 Mar 2016 00:39:59 +0000 Received: from localhost ([127.0.0.1]:54356 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaYM2-00075w-Qh for submit@debbugs.gnu.org; Mon, 29 Feb 2016 19:39:59 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:54122) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaYM1-00075a-74 for 22831@debbugs.gnu.org; Mon, 29 Feb 2016 19:39:57 -0500 Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 88EBA20909; Mon, 29 Feb 2016 19:39:55 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute2.internal (MEProxy); Mon, 29 Feb 2016 19:39:55 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h= date:from:in-reply-to:in-reply-to:message-id:references :references:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=xQCRE mKGlr7yLc4gpMbK9C0dyGI=; b=K5xJXWfJT8lHBpXXZ9ENE03BAc2bAoslrLja7 WkGtisuS7GEafc6a71iKw6GKgzqdnWyaxaq/GZ4PC6QinECLZOEQVLYZrctVaK33 cEwrvg+G9ZPpNdMG28wUUx++1R0UUkcG9vdDbm+dcFI09x99og2qFL3D4FgY2EqB wSHKYQ= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=date:from:in-reply-to:in-reply-to :message-id:references:references:subject:to:x-sasl-enc :x-sasl-enc; s=smtpout; bh=xQCREmKGlr7yLc4gpMbK9C0dyGI=; b=YnMH9 XYoT+pt/ho+q0ZQY5E3D/nRNEHVP09e5QfJyn3wSVjwI6aS4fPvCFteQwYKcFA+N Nsg6CZQZ6CymHtxouL0Q+gNCGEZNVYsA96qVcZEDGQ9hDeDgn1XoRDieET6Ack0N bPLhTuK+AiwJsPheBoN4vfevFcoCcQG2F1qMnY= X-Sasl-enc: 85QBXSFHEys7ZJef1WIdX+iuEW7+9JVxqYeDGgmS/14p 1456792795 Received: from jasmine.lan (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231]) by mail.messagingengine.com (Postfix) with ESMTPA id 301FB6801F3 for <22831@debbugs.gnu.org>; Mon, 29 Feb 2016 19:39:55 -0500 (EST) From: Leo Famulari Date: Mon, 29 Feb 2016 19:39:52 -0500 Message-Id: <044df3e52ff32fbedc3cbb0a06667362142dd6de.1456792742.git.leo@famulari.name> X-Mailer: git-send-email 2.7.1 In-Reply-To: References: In-Reply-To: References: X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) Fixes . * gnu/packages/patches/openssl-c-rehash.patch: Update patch to also replace the shebang of 'c_rehash.in'. --- gnu/packages/patches/openssl-c-rehash.patch | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/gnu/packages/patches/openssl-c-rehash.patch b/gnu/packages/patches/openssl-c-rehash.patch index f873a9a..62cf662 100644 --- a/gnu/packages/patches/openssl-c-rehash.patch +++ b/gnu/packages/patches/openssl-c-rehash.patch @@ -15,3 +15,17 @@ package. # Perl c_rehash script, scan all files in a directory # and add symbolic links to their hash values. + +diff --git a/tools/c_rehash.in b/tools/c_rehash.in +index b086ff9..5908a97 100644 +--- a/tools/c_rehash.in ++++ b/tools/c_rehash.in +@@ -1,4 +1,6 @@ +-#!/usr/local/bin/perl ++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}' ++ & eval 'exec perl -wS "$0" $argv:q' ++ if 0; + + # Perl c_rehash script, scan all files in a directory + # and add symbolic links to their hash values. + -- 2.7.1 From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed references for openssl. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 01 Mar 2016 00:40:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.145679279927292 (code B ref 22831); Tue, 01 Mar 2016 00:40:04 +0000 Received: (at 22831) by debbugs.gnu.org; 1 Mar 2016 00:39:59 +0000 Received: from localhost ([127.0.0.1]:54358 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaYM3-000763-6Q for submit@debbugs.gnu.org; Mon, 29 Feb 2016 19:39:59 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:53961) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaYM1-00075b-EK for 22831@debbugs.gnu.org; Mon, 29 Feb 2016 19:39:57 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id BEBCA20A06; Mon, 29 Feb 2016 19:39:55 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Mon, 29 Feb 2016 19:39:55 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h= date:from:in-reply-to:in-reply-to:message-id:references :references:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=VZx4O pz17q4Y6oHjjR8ON32Mr14=; b=xonaZIQRYtVNRRKmNucBXpfsmTo7vvXzL5Mpa aalG53Kp7gAAwF5sPaKgoq2wgbJT/Wx/t3GaAHPINY0dyUW1N6ZWkX3Ww7bjGwdn nqOD6K57g91FmDosjG8nVsaNSl7SDd+BydNCT54KXbIclAcy08JULE7in1EwoObM 5fMTFc= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=date:from:in-reply-to:in-reply-to :message-id:references:references:subject:to:x-sasl-enc :x-sasl-enc; s=smtpout; bh=VZx4Opz17q4Y6oHjjR8ON32Mr14=; b=i5nor kN+LZWW+UygLsRQ9XiEWaoCH9VFiIqAT2IYiIxnVvI8gMf3BNvGKmUrvMDkpThGP ZxUvrJbuC11wFv9AsEWKjphFtHBwu+r08vRWRyGAEhSOejJDirEPbL1JHwh4ImLJ VkpiREtpWAow0O+tCBq0PA1XWenWJakGHRRrCw= X-Sasl-enc: 85QHXi5VBTI7aIiAy2IdX+iuEW7+9JVxqYeDGgmS/14p 1456792795 Received: from jasmine.lan (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231]) by mail.messagingengine.com (Postfix) with ESMTPA id 577F26801EE for <22831@debbugs.gnu.org>; Mon, 29 Feb 2016 19:39:55 -0500 (EST) From: Leo Famulari Date: Mon, 29 Feb 2016 19:39:53 -0500 Message-Id: X-Mailer: git-send-email 2.7.1 In-Reply-To: References: In-Reply-To: References: X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references. --- gnu/packages/tls.scm | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 57f0ca1..5990413 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -200,6 +200,13 @@ required structures.") `(#:parallel-build? #f #:parallel-tests? #f #:test-target "test" + + ;; Perl is required at build-time, but ideally not at run-time. + ;; OpenSSL updates tend to pull it back in. This prevents that. + + #:allowed-references ,(list (canonical-package glibc) + (list (canonical-package gcc) "lib") + "out") #:phases (modify-phases %standard-phases (add-before -- 2.7.1 From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed references for openssl. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 01 Mar 2016 07:19:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.145681672420006 (code B ref 22831); Tue, 01 Mar 2016 07:19:02 +0000 Received: (at 22831) by debbugs.gnu.org; 1 Mar 2016 07:18:44 +0000 Received: from localhost ([127.0.0.1]:54650 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaeZw-0005Cc-Er for submit@debbugs.gnu.org; Tue, 01 Mar 2016 02:18:44 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:48330) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaeZu-0005CU-I6 for 22831@debbugs.gnu.org; Tue, 01 Mar 2016 02:18:42 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 4AF7720A74; Tue, 1 Mar 2016 02:18:42 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute5.internal (MEProxy); Tue, 01 Mar 2016 02:18:42 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h= content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=+fJyk DiB6ikSxiNoMALA9I/xuJM=; b=R8cDuoyK8qenwxpWzhvjw6INreR2ngyd4JARm /olxPXMBjdufm19yOugdYhVl4GaYPOoFzsieDnGFIOMP5ZWm0mXkC5XndpfZWvL4 itxSe3U7U7lzKZE1oug/m2xvKZ0ycp4a0n0Y/TdL9aoISp1R2enTIzo6cwiBdl0m sgPAbc= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=smtpout; bh=+fJykDiB6ikSxiNoMALA9I/xuJM=; b=QWcCO WexjHvKeLCv0Hq5j7xXGNFesqZTcKIYbHVhSQa5sff5jo8chuvW1YhiI8o+SoDJO 20iSnVVwU6nqbZNw2AKH8g4y+PjPvGk4oiquA4Fx0HrysKDtBcOD+j6o2jddwN2f xUaGyYtD4g1sLAn2UdFqNeYh2ZQJgN/whKx0v0= X-Sasl-enc: 2onrRs7Ph30hUtwo/nhEp4Z5CG7xnvA+cG873E/X+Sjz 1456816722 Received: from localhost (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231]) by mail.messagingengine.com (Postfix) with ESMTPA id 000D4C00018 for <22831@debbugs.gnu.org>; Tue, 1 Mar 2016 02:18:41 -0500 (EST) Date: Tue, 1 Mar 2016 02:18:35 -0500 From: Leo Famulari Message-ID: <20160301071835.GA26683@jasmine> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Mon, Feb 29, 2016 at 07:39:53PM -0500, Leo Famulari wrote: > * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references. I realized that it would work if I imported (gnu packages gcc) when defining the tls module. I don't know if that's the right approach or not, but the output now refers only to glibc, gcc:lib, and itself. > --- > gnu/packages/tls.scm | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm > index 57f0ca1..5990413 100644 > --- a/gnu/packages/tls.scm > +++ b/gnu/packages/tls.scm > @@ -200,6 +200,13 @@ required structures.") > `(#:parallel-build? #f > #:parallel-tests? #f > #:test-target "test" > + > + ;; Perl is required at build-time, but ideally not at run-time. > + ;; OpenSSL updates tend to pull it back in. This prevents that. > + > + #:allowed-references ,(list (canonical-package glibc) > + (list (canonical-package gcc) "lib") > + "out") > #:phases > (modify-phases %standard-phases > (add-before > -- > 2.7.1 > > > > From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed references for openssl. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 01 Mar 2016 07:21:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.145681682720168 (code B ref 22831); Tue, 01 Mar 2016 07:21:01 +0000 Received: (at 22831) by debbugs.gnu.org; 1 Mar 2016 07:20:27 +0000 Received: from localhost ([127.0.0.1]:54654 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaeba-0005FE-Pd for submit@debbugs.gnu.org; Tue, 01 Mar 2016 02:20:26 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:35186) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaebZ-0005F6-AP for 22831@debbugs.gnu.org; Tue, 01 Mar 2016 02:20:25 -0500 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 2377E20CE0; Tue, 1 Mar 2016 02:20:25 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute6.internal (MEProxy); Tue, 01 Mar 2016 02:20:25 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h= content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=DVPJb PNmTE3qYhYUG43khGf7OGQ=; b=iYQVY1RgFNfE7BJuYIgIu35t5L0HASUZIj5+k 5s3vtFNKVx8XTGnm64lHFynICgI7z4vrAAVzmPzENi84YCwQ7s/9EXtu5iDndXn+ YjUC0XDBrrfVjQCInwlAFbhQEfEr4tzjsTuLwuz4bkMlUOHcg1QQ1iNq0BFcGvEi q5bHfw= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=smtpout; bh=DVPJbPNmTE3qYhYUG43khGf7OGQ=; b=eNyli 6ickP3jE7fCqYcKLKcbxI9Zsh+NVmCXguPSIPB92f8dlA3winwxYDMQV4N1P2ylc rQOi7byk8fmPksfThksi9jGu4zMkJWDQJ+nbW4lN4aC/2DW57bo8maDTETd2m84E /a+pZxQw5B3TKS5fX6IybH9hvda0S0neblUgw4= X-Sasl-enc: l84LH3Ed0xEeeDlLl3gBdzl6mzpAntbxJlI73ZmwZfBF 1456816824 Received: from localhost (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231]) by mail.messagingengine.com (Postfix) with ESMTPA id D3E8CC00012 for <22831@debbugs.gnu.org>; Tue, 1 Mar 2016 02:20:24 -0500 (EST) Date: Tue, 1 Mar 2016 02:20:25 -0500 From: Leo Famulari Message-ID: <20160301072025.GA26797@jasmine> References: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="dDRMvlgZJXvWKvBx" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Feb 29, 2016 at 07:39:53PM -0500, Leo Famulari wrote: > * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references. Working patch attached. --dDRMvlgZJXvWKvBx Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="0001-gnu-openssl-Restrict-allowed-references-for-openssl.patch" >From 00807e4421757f8d9204f1601de9a8286a408f91 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 29 Feb 2016 19:24:20 -0500 Subject: [PATCH] gnu: openssl: Restrict allowed references for openssl. * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references. --- gnu/packages/tls.scm | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 90971f2..8c72f3b 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -32,6 +32,7 @@ #:use-module (guix build-system python) #:use-module (gnu packages compression) #:use-module (gnu packages) + #:use-module (gnu packages gcc) #:use-module (gnu packages guile) #:use-module (gnu packages libffi) #:use-module (gnu packages libidn) @@ -200,6 +201,12 @@ required structures.") `(#:parallel-build? #f #:parallel-tests? #f #:test-target "test" + + ;; We want to limit what the output of this derivation refers to. + ;; Specifically, we don't want it to refer to Perl. + #:allowed-references ,(list (canonical-package glibc) + (list (canonical-package gcc) "lib") + "out") #:phases (modify-phases %standard-phases (add-before -- 2.7.1 --dDRMvlgZJXvWKvBx-- From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: OpenSSL should not depend on Perl Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 01 Mar 2016 13:39:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Famulari Cc: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.145683949929349 (code B ref 22831); Tue, 01 Mar 2016 13:39:02 +0000 Received: (at 22831) by debbugs.gnu.org; 1 Mar 2016 13:38:19 +0000 Received: from localhost ([127.0.0.1]:54832 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aakVH-0007dJ-Gu for submit@debbugs.gnu.org; Tue, 01 Mar 2016 08:38:19 -0500 Received: from eggs.gnu.org ([208.118.235.92]:39283) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aakVG-0007d3-Iz for 22831@debbugs.gnu.org; Tue, 01 Mar 2016 08:38:18 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aakV8-0004Ya-Eo for 22831@debbugs.gnu.org; Tue, 01 Mar 2016 08:38:13 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:60187) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aakV8-0004YV-BA; Tue, 01 Mar 2016 08:38:10 -0500 Received: from pluto.bordeaux.inria.fr ([193.50.110.57]:33792 helo=pluto) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1aakV7-0001M3-FK; Tue, 01 Mar 2016 08:38:09 -0500 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <87lh66xew6.fsf@gnu.org> <20160228011027.GC6690@jasmine> <87povhvtyn.fsf@gnu.org> <20160229084738.GB18766@jasmine> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 12 =?UTF-8?Q?Vent=C3=B4se?= an 224 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x3D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Tue, 01 Mar 2016 14:38:07 +0100 In-Reply-To: <20160229084738.GB18766@jasmine> (Leo Famulari's message of "Mon, 29 Feb 2016 03:47:38 -0500") Message-ID: <8737sapbcw.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Leo Famulari skribis: > On Sun, Feb 28, 2016 at 02:35:12PM +0100, Ludovic Court=C3=A8s wrote: >> Leo Famulari skribis: >>=20 >> > On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Court=C3=A8s wrote: >> >> Commit 784d6e91 changed OpenSSL such that it does not depend on Perl, >> >> but one of the subsequent upgrades broke it: >> > >> > Bisecting, I narrowed it down to: >> > 86c8f1daf8ed10f13f2b1e973a28845629b8ce47 >> > (gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].). >> > >> > I'll get the openssl sources corresponding to the good and bad commmits >> > and try to figure out what changed that pulled perl back in. >>=20 >> Awesome. Hopefully we can apply the fix when we upgrade OpenSSL this >> Tuesday. > > 'openssl-c-rehash.patch' is being applied, but at some point in the > build process the change is reverted. In the source, I see: --8<---------------cut here---------------start------------->8--- $ find -name c_rehash\* ./tools/c_rehash ./tools/c_rehash.in ./doc/apps/c_rehash.pod --8<---------------cut here---------------end--------------->8--- Could it be that the unpatched one ends up being installed or something? Ludo=E2=80=99. From unknown Thu Aug 14 21:57:11 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Subject: bug#22831: closed (Re: bug#22831: OpenSSL should not depend on Perl) Message-ID: References: <871t7um7r4.fsf@gnu.org> <87lh66xew6.fsf@gnu.org> X-Gnu-PR-Message: they-closed 22831 X-Gnu-PR-Package: guix Reply-To: 22831@debbugs.gnu.org Date: Tue, 01 Mar 2016 17:25:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1456853102-1333-1" This is a multi-part message in MIME format... ------------=_1456853102-1333-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #22831: OpenSSL should not depend on Perl which was filed against the guix package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 22831@debbugs.gnu.org. --=20 22831: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D22831 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1456853102-1333-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 22831-done) by debbugs.gnu.org; 1 Mar 2016 17:24:29 +0000 Received: from localhost ([127.0.0.1]:56592 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aao29-0000KN-2T for submit@debbugs.gnu.org; Tue, 01 Mar 2016 12:24:29 -0500 Received: from eggs.gnu.org ([208.118.235.92]:57237) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aao27-0000K9-JZ for 22831-done@debbugs.gnu.org; Tue, 01 Mar 2016 12:24:27 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aao1y-0001JE-0J for 22831-done@debbugs.gnu.org; Tue, 01 Mar 2016 12:24:22 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:36691) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aao1x-0001JA-TE; Tue, 01 Mar 2016 12:24:17 -0500 Received: from pluto.bordeaux.inria.fr ([193.50.110.57]:44938 helo=pluto) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1aao1x-0005PG-BR; Tue, 01 Mar 2016 12:24:17 -0500 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Leo Famulari Subject: Re: bug#22831: OpenSSL should not depend on Perl References: <87lh66xew6.fsf@gnu.org> <20160228011027.GC6690@jasmine> <87povhvtyn.fsf@gnu.org> <20160229084738.GB18766@jasmine> <8737sapbcw.fsf@gnu.org> Date: Tue, 01 Mar 2016 18:24:15 +0100 In-Reply-To: <8737sapbcw.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Tue, 01 Mar 2016 14:38:07 +0100") Message-ID: <871t7um7r4.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 22831-done Cc: 22831-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) ludo@gnu.org (Ludovic Court=C3=A8s) skribis: > Leo Famulari skribis: > >> On Sun, Feb 28, 2016 at 02:35:12PM +0100, Ludovic Court=C3=A8s wrote: >>> Leo Famulari skribis: >>>=20 >>> > On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Court=C3=A8s wrote: >>> >> Commit 784d6e91 changed OpenSSL such that it does not depend on Perl, >>> >> but one of the subsequent upgrades broke it: >>> > >>> > Bisecting, I narrowed it down to: >>> > 86c8f1daf8ed10f13f2b1e973a28845629b8ce47 >>> > (gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].). >>> > >>> > I'll get the openssl sources corresponding to the good and bad commmi= ts >>> > and try to figure out what changed that pulled perl back in. >>>=20 >>> Awesome. Hopefully we can apply the fix when we upgrade OpenSSL this >>> Tuesday. >> >> 'openssl-c-rehash.patch' is being applied, but at some point in the >> build process the change is reverted. > > In the source, I see: > > $ find -name c_rehash\* > ./tools/c_rehash > ./tools/c_rehash.in > ./doc/apps/c_rehash.pod > > Could it be that the unpatched one ends up being installed or something? Indeed. Fixed in caeadfd, though without #:allowed-references=E2=80=94it= =E2=80=99ll be more convenient to use #:disallowed-references when it=E2=80=99s implemente= d. Ludo=E2=80=99. ------------=_1456853102-1333-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 27 Feb 2016 17:05:45 +0000 Received: from localhost ([127.0.0.1]:49032 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aZiJN-0000re-6Z for submit@debbugs.gnu.org; Sat, 27 Feb 2016 12:05:45 -0500 Received: from eggs.gnu.org ([208.118.235.92]:48899) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aZiJL-0000rS-MV for submit@debbugs.gnu.org; Sat, 27 Feb 2016 12:05:43 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aZiJF-0004bN-Oz for submit@debbugs.gnu.org; Sat, 27 Feb 2016 12:05:38 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:55943) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aZiJF-0004bJ-LC for submit@debbugs.gnu.org; Sat, 27 Feb 2016 12:05:37 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:39864) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aZiJE-0003yr-Gm for bug-guix@gnu.org; Sat, 27 Feb 2016 12:05:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aZiJB-0004ah-6s for bug-guix@gnu.org; Sat, 27 Feb 2016 12:05:36 -0500 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:47558) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aZiJB-0004aX-1R for bug-guix@gnu.org; Sat, 27 Feb 2016 12:05:33 -0500 Received: from reverse-83.fdn.fr ([80.67.176.83]:35230 helo=pluto) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1aZiJA-0003IF-83 for bug-guix@gnu.org; Sat, 27 Feb 2016 12:05:32 -0500 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: bug-guix@gnu.org Subject: OpenSSL should not depend on Perl X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 9 =?utf-8?Q?Vent=C3=B4se?= an 224 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x3D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Sat, 27 Feb 2016 18:05:29 +0100 Message-ID: <87lh66xew6.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Commit 784d6e91 changed OpenSSL such that it does not depend on Perl, but one of the subsequent upgrades broke it: --8<---------------cut here---------------start------------->8--- $ guix build perl /gnu/store/x2p2biyybcb2wac77qz9468asc5fm48i-perl-5.22.1 $ grep -r x2p2biyybcb2wac77qz9468asc5fm48i $(guix build openssl) /gnu/store/qvx4q6lbwi4s3cwr8wqaa7kcva0a5c4b-openssl-1.0.2f/bin/c_rehash:#!/= gnu/store/x2p2biyybcb2wac77qz9468asc5fm48i-perl-5.22.1/bin/perl --8<---------------cut here---------------end--------------->8--- Somehow =E2=80=98openssl-c-rehash.patch=E2=80=99 seems to no longer have th= e desired effect. Ludo=E2=80=99. ------------=_1456853102-1333-1-- From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed references for openssl. Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 01 Mar 2016 20:47:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Famulari Cc: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.145686520030249 (code B ref 22831); Tue, 01 Mar 2016 20:47:02 +0000 Received: (at 22831) by debbugs.gnu.org; 1 Mar 2016 20:46:40 +0000 Received: from localhost ([127.0.0.1]:56735 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aarBo-0007rp-9O for submit@debbugs.gnu.org; Tue, 01 Mar 2016 15:46:40 -0500 Received: from eggs.gnu.org ([208.118.235.92]:33457) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aarBn-0007re-Fs for 22831@debbugs.gnu.org; Tue, 01 Mar 2016 15:46:39 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aarBd-00047S-NE for 22831@debbugs.gnu.org; Tue, 01 Mar 2016 15:46:34 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:40781) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aarBd-00047E-Jf; Tue, 01 Mar 2016 15:46:29 -0500 Received: from reverse-83.fdn.fr ([80.67.176.83]:34106 helo=pluto) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1aarBc-0004iC-6q; Tue, 01 Mar 2016 15:46:28 -0500 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <20160301072025.GA26797@jasmine> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 12 =?UTF-8?Q?Vent=C3=B4se?= an 224 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x3D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Tue, 01 Mar 2016 21:46:26 +0100 In-Reply-To: <20160301072025.GA26797@jasmine> (Leo Famulari's message of "Tue, 1 Mar 2016 02:20:25 -0500") Message-ID: <877fhmorj1.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Leo Famulari skribis: > From 00807e4421757f8d9204f1601de9a8286a408f91 Mon Sep 17 00:00:00 2001 > From: Leo Famulari > Date: Mon, 29 Feb 2016 19:24:20 -0500 > Subject: [PATCH] gnu: openssl: Restrict allowed references for openssl. > > * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references. For some reason I hadn=E2=80=99t seen it in M-x debbugs-gnu for this report today, but the patch looks good to me! If we apply it now, it won=E2=80=99t trigger a rebuild (yay!), but will sti= ll trigger a bunch of regrafting, which is slightly annoying. What about applying it in the next =E2=80=98security-updates=E2=80=99 branch? Thanks! Ludo=E2=80=99. From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed references for openssl. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 01 Mar 2016 21:05:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.145686628432627 (code B ref 22831); Tue, 01 Mar 2016 21:05:02 +0000 Received: (at 22831) by debbugs.gnu.org; 1 Mar 2016 21:04:44 +0000 Received: from localhost ([127.0.0.1]:56763 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aarTH-0008UB-QI for submit@debbugs.gnu.org; Tue, 01 Mar 2016 16:04:43 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:54992) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aarTG-0008U3-5y for 22831@debbugs.gnu.org; Tue, 01 Mar 2016 16:04:42 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id CEC8E20CFF; Tue, 1 Mar 2016 16:04:41 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Tue, 01 Mar 2016 16:04:41 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=JMc5LqkTK8Y0cTqOeUbVKXQkR+s=; b=HXn/2e 9Ko/cTGDjdKgn6IG5lG6dfVq/iGBByBqTH94WM5cwCoXciZVDCjIM6qMqa+yDGxr RnEiXsfyGQY0PY8mJVedFcwKUm247vsrWhBF7xovUCjSrOvCxX1z4h4W+YkOaOxD dIzeK9FrD2lSycRur/2dAkhytH/0x65S4+2pM= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=JMc5LqkTK8Y0cTq OeUbVKXQkR+s=; b=Gdkb+uScOoeJwg7IEMVMY8tnY2PCL+hMCN4//ymPLpiwPEl Dl3+NSrzkTEmmr1zxWL+e2PhuJGWdwyqNXBOMBhTaRNE/dkGqv/Jq5szllNhFQEU dgndwEB3b4Oh77lLaWAqhtV0Ai3CFablN1t9B8iLFsM/loj8ZfjTFSi3JKQ8= X-Sasl-enc: bCNMg+YhtrjLICDqKpTcRGSmYG5xoJOTvf3kFuXNh+yT 1456866281 Received: from localhost (unknown [172.56.2.144]) by mail.messagingengine.com (Postfix) with ESMTPA id 72A81680121; Tue, 1 Mar 2016 16:04:41 -0500 (EST) Date: Tue, 1 Mar 2016 16:04:40 -0500 From: Leo Famulari Message-ID: <20160301210440.GA18336@jasmine> References: <20160301072025.GA26797@jasmine> <877fhmorj1.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <877fhmorj1.fsf@gnu.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Tue, Mar 01, 2016 at 09:46:26PM +0100, Ludovic Courtès wrote: > Leo Famulari skribis: > > > From 00807e4421757f8d9204f1601de9a8286a408f91 Mon Sep 17 00:00:00 2001 > > From: Leo Famulari > > Date: Mon, 29 Feb 2016 19:24:20 -0500 > > Subject: [PATCH] gnu: openssl: Restrict allowed references for openssl. > > > > * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references. > > For some reason I hadn’t seen it in M-x debbugs-gnu for this report > today, but the patch looks good to me! > > If we apply it now, it won’t trigger a rebuild (yay!), but will still > trigger a bunch of regrafting, which is slightly annoying. What about > applying it in the next ‘security-updates’ branch? Sure. Is it okay if I create that branch? > > Thanks! > > Ludo’. From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed references for openssl. Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 02 Mar 2016 08:43:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Famulari Cc: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.1456908175852 (code B ref 22831); Wed, 02 Mar 2016 08:43:01 +0000 Received: (at 22831) by debbugs.gnu.org; 2 Mar 2016 08:42:55 +0000 Received: from localhost ([127.0.0.1]:56962 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1ab2Mx-0000Dg-Iy for submit@debbugs.gnu.org; Wed, 02 Mar 2016 03:42:55 -0500 Received: from eggs.gnu.org ([208.118.235.92]:33387) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1ab2Mv-0000DU-LI for 22831@debbugs.gnu.org; Wed, 02 Mar 2016 03:42:53 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ab2Mn-00053z-C3 for 22831@debbugs.gnu.org; Wed, 02 Mar 2016 03:42:48 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:54704) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ab2Mn-00053r-8G; Wed, 02 Mar 2016 03:42:45 -0500 Received: from reverse-83.fdn.fr ([80.67.176.83]:40240 helo=pluto) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1ab2Mm-000820-DG; Wed, 02 Mar 2016 03:42:44 -0500 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <20160301072025.GA26797@jasmine> <877fhmorj1.fsf@gnu.org> <20160301210440.GA18336@jasmine> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 13 =?UTF-8?Q?Vent=C3=B4se?= an 224 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x3D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Wed, 02 Mar 2016 09:42:41 +0100 In-Reply-To: <20160301210440.GA18336@jasmine> (Leo Famulari's message of "Tue, 1 Mar 2016 16:04:40 -0500") Message-ID: <877fhll18e.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Leo Famulari skribis: > On Tue, Mar 01, 2016 at 09:46:26PM +0100, Ludovic Court=C3=A8s wrote: >> Leo Famulari skribis: >>=20 >> > From 00807e4421757f8d9204f1601de9a8286a408f91 Mon Sep 17 00:00:00 2001 >> > From: Leo Famulari >> > Date: Mon, 29 Feb 2016 19:24:20 -0500 >> > Subject: [PATCH] gnu: openssl: Restrict allowed references for openssl. >> > >> > * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references. >>=20 >> For some reason I hadn=E2=80=99t seen it in M-x debbugs-gnu for this rep= ort >> today, but the patch looks good to me! >>=20 >> If we apply it now, it won=E2=80=99t trigger a rebuild (yay!), but will = still >> trigger a bunch of regrafting, which is slightly annoying. What about >> applying it in the next =E2=80=98security-updates=E2=80=99 branch? > > Sure. Is it okay if I create that branch? Sure, no problem. Thanks, Ludo=E2=80=99. From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed references for openssl. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 02 Mar 2016 19:21:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.145694642226672 (code B ref 22831); Wed, 02 Mar 2016 19:21:02 +0000 Received: (at 22831) by debbugs.gnu.org; 2 Mar 2016 19:20:22 +0000 Received: from localhost ([127.0.0.1]:58114 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1abCJq-0006w8-Gw for submit@debbugs.gnu.org; Wed, 02 Mar 2016 14:20:22 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:49345) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1abCJo-0006w0-UF for 22831@debbugs.gnu.org; Wed, 02 Mar 2016 14:20:21 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 8CE2720D7A; Wed, 2 Mar 2016 14:20:20 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Wed, 02 Mar 2016 14:20:20 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=2P4RSW8luyRUtA9j541s+mgxbQA=; b=aL3Gc3 0+YH1HSEA233ooARN500prhAu+vPfXVuogL0VRMhbQvez4godARjhyde2ihCFNCI 43okwedPFOTePXetQ10yWMR6kyLNnVYlhaa7PsTQKCWb+gTiF5ko3lMT9umoSaED rIKUYwUTtGAB4AGyxAHqTUH1iXZ/J0gwYUmGM= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=2P4RSW8luyRUtA9 j541s+mgxbQA=; b=bJXZp53oXwb3nZfKrDL5euBBXvc2SNrK1x6fApf8nLGOFtT 6d2K6bhW4BwvfStX1z5rbtS5QMH6Ac3i9U4nNpTWoaKrOmWFtuxt+42XbTviZ2Nu y7GLtNPGlLUaBRdAGpJwxunSVv0JK57qEx6bs0DpNdzA+0RNo4gqYLGrXfpI= X-Sasl-enc: 5JDtcF498dAUMJcqxNHo832mmCB1qCZnbjzQnMJIuaeQ 1456946420 Received: from localhost (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231]) by mail.messagingengine.com (Postfix) with ESMTPA id 48468680154; Wed, 2 Mar 2016 14:20:20 -0500 (EST) Date: Wed, 2 Mar 2016 14:20:22 -0500 From: Leo Famulari Message-ID: <20160302192022.GD15618@jasmine> References: <20160301072025.GA26797@jasmine> <877fhmorj1.fsf@gnu.org> <20160301210440.GA18336@jasmine> <877fhll18e.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <877fhll18e.fsf@gnu.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Wed, Mar 02, 2016 at 09:42:41AM +0100, Ludovic Courtès wrote: > Leo Famulari skribis: > > > On Tue, Mar 01, 2016 at 09:46:26PM +0100, Ludovic Courtès wrote: > >> Leo Famulari skribis: > >> > >> > From 00807e4421757f8d9204f1601de9a8286a408f91 Mon Sep 17 00:00:00 2001 > >> > From: Leo Famulari > >> > Date: Mon, 29 Feb 2016 19:24:20 -0500 > >> > Subject: [PATCH] gnu: openssl: Restrict allowed references for openssl. > >> > > >> > * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references. > >> > >> For some reason I hadn’t seen it in M-x debbugs-gnu for this report > >> today, but the patch looks good to me! > >> > >> If we apply it now, it won’t trigger a rebuild (yay!), but will still > >> trigger a bunch of regrafting, which is slightly annoying. What about > >> applying it in the next ‘security-updates’ branch? > > > > Sure. Is it okay if I create that branch? > > Sure, no problem. Since there was already a security-updates job started, how about putting on core-updates? > > Thanks, > Ludo’. From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed references for openssl. Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 02 Mar 2016 21:00:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Famulari Cc: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.14569523783251 (code B ref 22831); Wed, 02 Mar 2016 21:00:02 +0000 Received: (at 22831) by debbugs.gnu.org; 2 Mar 2016 20:59:38 +0000 Received: from localhost ([127.0.0.1]:58180 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1abDru-0000qM-Cl for submit@debbugs.gnu.org; Wed, 02 Mar 2016 15:59:38 -0500 Received: from eggs.gnu.org ([208.118.235.92]:49297) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1abDrt-0000qA-FC for 22831@debbugs.gnu.org; Wed, 02 Mar 2016 15:59:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1abDrl-0007e5-3L for 22831@debbugs.gnu.org; Wed, 02 Mar 2016 15:59:32 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_05,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:39187) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1abDrk-0007e1-W3; Wed, 02 Mar 2016 15:59:29 -0500 Received: from reverse-83.fdn.fr ([80.67.176.83]:43450 helo=pluto) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1abDrk-0002Kb-7A; Wed, 02 Mar 2016 15:59:28 -0500 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <20160301072025.GA26797@jasmine> <877fhmorj1.fsf@gnu.org> <20160301210440.GA18336@jasmine> <877fhll18e.fsf@gnu.org> <20160302192022.GD15618@jasmine> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 13 =?UTF-8?Q?Vent=C3=B4se?= an 224 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x3D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Wed, 02 Mar 2016 21:59:25 +0100 In-Reply-To: <20160302192022.GD15618@jasmine> (Leo Famulari's message of "Wed, 2 Mar 2016 14:20:22 -0500") Message-ID: <87wppkeguq.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Leo Famulari skribis: > On Wed, Mar 02, 2016 at 09:42:41AM +0100, Ludovic Court=C3=A8s wrote: >> Leo Famulari skribis: >>=20 >> > On Tue, Mar 01, 2016 at 09:46:26PM +0100, Ludovic Court=C3=A8s wrote: >> >> Leo Famulari skribis: >> >>=20 >> >> > From 00807e4421757f8d9204f1601de9a8286a408f91 Mon Sep 17 00:00:00 2= 001 >> >> > From: Leo Famulari >> >> > Date: Mon, 29 Feb 2016 19:24:20 -0500 >> >> > Subject: [PATCH] gnu: openssl: Restrict allowed references for open= ssl. >> >> > >> >> > * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-referenc= es. >> >>=20 >> >> For some reason I hadn=E2=80=99t seen it in M-x debbugs-gnu for this = report >> >> today, but the patch looks good to me! >> >>=20 >> >> If we apply it now, it won=E2=80=99t trigger a rebuild (yay!), but wi= ll still >> >> trigger a bunch of regrafting, which is slightly annoying. What about >> >> applying it in the next =E2=80=98security-updates=E2=80=99 branch? >> > >> > Sure. Is it okay if I create that branch? >>=20 >> Sure, no problem. > > Since there was already a security-updates job started, how about > putting on core-updates? Dunno, what does Mark think? Let=E2=80=99s check with Mark on IRC. :-) Ludo=E2=80=99. From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: [PATCH 0/1] Disallow reference to Perl from OpenSSL References: <87lh66xew6.fsf@gnu.org> In-Reply-To: <87lh66xew6.fsf@gnu.org> Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 21 Mar 2016 02:21:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.1458526817741 (code B ref 22831); Mon, 21 Mar 2016 02:21:02 +0000 Received: (at 22831) by debbugs.gnu.org; 21 Mar 2016 02:20:17 +0000 Received: from localhost ([127.0.0.1]:56067 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ahpS5-0000Bo-8u for submit@debbugs.gnu.org; Sun, 20 Mar 2016 22:20:17 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:33371) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ahpS4-0000Bf-2M for 22831@debbugs.gnu.org; Sun, 20 Mar 2016 22:20:16 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id D431420320; Sun, 20 Mar 2016 22:20:15 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Sun, 20 Mar 2016 22:20:15 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h= date:from:message-id:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=qHSHXnGjjQRFyogK/FMmNeu2gOY=; b=p5ijfYyQTn/RDZaH7SxkjY34TWjP BVhCj5/PXGXRiYLE2GC5rT0bXM7yKF7BpUPdjB5xAxIqVnaNuuk7H9IpAiYlapqL UrmzytoRmVl4J/5J302B4XYvwtmT4u8Nbk1IlKb2IhxYs8f+seDtmlNWkotk3S2X Rfkl4QEjQI4ULGI= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=date:from:message-id:subject:to :x-sasl-enc:x-sasl-enc; s=smtpout; bh=qHSHXnGjjQRFyogK/FMmNeu2gO Y=; b=DOJ2a2fI6vbqG1styA+N5d4N7YcYnKbHHK/Jsqzow2tQ6/zjLvhOTjEnDf i127lgRPHgtvkRY5GDk+hZF/KflBuX4AzGpcJ8TKyCIZoXOyUdrD2a3WqYH0hx2w JasUMUktLtIr25PtyI68XEJjiIMcqYx2PBDAIG2osHPrsKJAA= X-Sasl-enc: KJyx+R1tooHvqHcbekd9CNPC1qq6jsuTy+ITWEGlyNlJ 1458526815 Received: from localhost.localdomain (c-73-46-63-161.hsd1.fl.comcast.net [73.46.63.161]) by mail.messagingengine.com (Postfix) with ESMTPA id 6B9B0C00018 for <22831@debbugs.gnu.org>; Sun, 20 Mar 2016 22:20:15 -0400 (EDT) From: Leo Famulari Date: Sun, 20 Mar 2016 22:20:10 -0400 Message-Id: X-Mailer: git-send-email 2.7.3 X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) Now that #:disallowed-references has been implemented (thanks Ludo!), here it is applied to OpenSSL. To core-updates? Leo Famulari (1): gnu: openssl: Enforce non-reference to perl. gnu/packages/tls.scm | 4 ++++ 1 file changed, 4 insertions(+) -- 2.7.3 From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: [PATCH 1/1] gnu: openssl: Enforce non-reference to perl. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 21 Mar 2016 02:21:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.1458526819750 (code B ref 22831); Mon, 21 Mar 2016 02:21:02 +0000 Received: (at 22831) by debbugs.gnu.org; 21 Mar 2016 02:20:19 +0000 Received: from localhost ([127.0.0.1]:56069 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ahpS7-0000C2-FI for submit@debbugs.gnu.org; Sun, 20 Mar 2016 22:20:19 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:35816) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ahpS5-0000Bn-5n for 22831@debbugs.gnu.org; Sun, 20 Mar 2016 22:20:17 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 6241120744; Sun, 20 Mar 2016 22:20:16 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute2.internal (MEProxy); Sun, 20 Mar 2016 22:20:16 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h= date:from:in-reply-to:in-reply-to:message-id:references :references:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=q4bf4 WWpl2GY5EoS9G7p/bSP2iU=; b=aK4n1OU4gtNX5bTu7eWHHgMUYz5kALvQbcl12 CT4P1dHuryHm7MS4WInlOfklOfh9lH1Fmi2ogpI4ZcoG6M8aYmQ7fJpinaQAj1g7 bYRxIGTnI6MHBL5ZeL3wAsz86ZThS6BmuDcJ67kOyvz64E+M0dWKndExICVtFLRL bKf2es= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=date:from:in-reply-to:in-reply-to :message-id:references:references:subject:to:x-sasl-enc :x-sasl-enc; s=smtpout; bh=q4bf4WWpl2GY5EoS9G7p/bSP2iU=; b=qyyGD BuEBJgUwwN35WYwf9lSRQIBrrwybRhBU3rSR4GqclcV2gXcY0r0r2hRSy7P+yOu5 tWAHd3Uu+4BBg6VCwlM4pod3z1AwkCP2osggVbjBgc83BQeWVzztXBnviL3JIPN+ 2mzddt1dzn0et1zWrOBvjGWiCr11+sMs+rAbL0= X-Sasl-enc: KJyk4QxvppXjuW0cY0d9CNPC1qq6jsuTy+ITWEGlyNlJ 1458526815 Received: from localhost.localdomain (c-73-46-63-161.hsd1.fl.comcast.net [73.46.63.161]) by mail.messagingengine.com (Postfix) with ESMTPA id CDC90C0001B for <22831@debbugs.gnu.org>; Sun, 20 Mar 2016 22:20:15 -0400 (EDT) From: Leo Famulari Date: Sun, 20 Mar 2016 22:20:11 -0400 Message-Id: X-Mailer: git-send-email 2.7.3 In-Reply-To: References: In-Reply-To: References: X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) * gnu/packages/tls.scm (openssl)[arguments]: Add #:disallowed-references. --- gnu/packages/tls.scm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index b6bf257..28d7947 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -201,6 +201,10 @@ required structures.") `(#:parallel-build? #f #:parallel-tests? #f #:test-target "test" + + ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure, + ;; so we explicitly disallow it here. + #:disallowed-references ,(list (canonical-package perl)) #:phases (modify-phases %standard-phases (add-before -- 2.7.3 From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: [PATCH 1/1] gnu: openssl: Enforce non-reference to perl. Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 21 Mar 2016 09:31:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Famulari Cc: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.145855260515583 (code B ref 22831); Mon, 21 Mar 2016 09:31:01 +0000 Received: (at 22831) by debbugs.gnu.org; 21 Mar 2016 09:30:05 +0000 Received: from localhost ([127.0.0.1]:56226 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ahwA0-000438-LP for submit@debbugs.gnu.org; Mon, 21 Mar 2016 05:30:04 -0400 Received: from eggs.gnu.org ([208.118.235.92]:38959) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ahw9x-00040r-WB for 22831@debbugs.gnu.org; Mon, 21 Mar 2016 05:30:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ahw9p-0006kz-Kz for 22831@debbugs.gnu.org; Mon, 21 Mar 2016 05:29:56 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:51630) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ahw9p-0006kr-Hh; Mon, 21 Mar 2016 05:29:53 -0400 Received: from pluto.bordeaux.inria.fr ([193.50.110.57]:47014 helo=pluto) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1ahw9o-0007AK-TQ; Mon, 21 Mar 2016 05:29:53 -0400 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 2 Germinal an 224 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x3D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Mon, 21 Mar 2016 10:29:51 +0100 In-Reply-To: (Leo Famulari's message of "Sun, 20 Mar 2016 22:20:11 -0400") Message-ID: <87oaa89o1c.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Leo Famulari skribis: > * gnu/packages/tls.scm (openssl)[arguments]: Add #:disallowed-references. Sounds good! (And thanks for following commits closely. ;-)) This should go to =E2=80=98core-updates=E2=80=99, but first, =E2=80=98maste= r=E2=80=99 should be merged in =E2=80=98core-updates=E2=80=99 so that #:disallowed-references is availa= ble. Could you do that? Thanks! Ludo=E2=80=99. From unknown Thu Aug 14 21:57:11 2025 X-Loop: help-debbugs@gnu.org Subject: bug#22831: [PATCH 1/1] gnu: openssl: Enforce non-reference to perl. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 21 Mar 2016 16:24:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22831 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 22831@debbugs.gnu.org Received: via spool by 22831-submit@debbugs.gnu.org id=B22831.14585774342647 (code B ref 22831); Mon, 21 Mar 2016 16:24:02 +0000 Received: (at 22831) by debbugs.gnu.org; 21 Mar 2016 16:23:54 +0000 Received: from localhost ([127.0.0.1]:57158 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ai2cU-0000gd-BZ for submit@debbugs.gnu.org; Mon, 21 Mar 2016 12:23:54 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:41342) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ai2cS-0000gT-QD for 22831@debbugs.gnu.org; Mon, 21 Mar 2016 12:23:53 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 7FBE1200D5; Mon, 21 Mar 2016 12:23:52 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Mon, 21 Mar 2016 12:23:52 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=oZ8FJQ6p1yq5xgUf7PSKLX1ybgc=; b=kkHV5N GHd1Gdukp46z4D3jddtxGzaidxsP2jcSkf/ocZqeJQo/nm5T+mC19dOxNxCPSr4p 4/oyYZlrSS5ztedKY2HhgYpi2oCyBVPwq+kwlvX+hxrFnqgEdB7I33pj26Gjgw5A YSU60qKysCdx9n1LBkcdPDkon1I/2C7sFYjsc= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=oZ8FJQ6p1yq5xgU f7PSKLX1ybgc=; b=a0MEq3K5XxPaXdA1WJkjI3ca+pSsdlLJ2Vcuh9DP5z7d+Dv 8VMy/pSYS47I1RC1qGHKMHeCGvFOwuoi6CAv3e12vSRKaA7HZUSLEWTHCNlZxyVt /D3Uu6cFijavRPJEQD1qubNmRBcOkXK/ZZqIvhzZ2LEf8Hxpy+kDqpfPOcUE= X-Sasl-enc: oVQGNj1dZAilwu4lfVDMVrUIvKz3QGX4dNfc46ns3HEu 1458577432 Received: from localhost (c-73-46-63-161.hsd1.fl.comcast.net [73.46.63.161]) by mail.messagingengine.com (Postfix) with ESMTPA id 2FC13680205; Mon, 21 Mar 2016 12:23:51 -0400 (EDT) Date: Mon, 21 Mar 2016 12:23:52 -0400 From: Leo Famulari Message-ID: <20160321162352.GA29201@jasmine> References: <87oaa89o1c.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87oaa89o1c.fsf@gnu.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Mon, Mar 21, 2016 at 10:29:51AM +0100, Ludovic Courtès wrote: > Leo Famulari skribis: > > > * gnu/packages/tls.scm (openssl)[arguments]: Add #:disallowed-references. > > Sounds good! (And thanks for following commits closely. ;-)) > > This should go to ‘core-updates’, but first, ‘master’ should be merged > in ‘core-updates’ so that #:disallowed-references is available. > > Could you do that? Done!