From unknown Thu Aug 14 17:28:52 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#22831 <22831@debbugs.gnu.org>
To: bug#22831 <22831@debbugs.gnu.org>
Subject: Status: OpenSSL should not depend on Perl
Reply-To: bug#22831 <22831@debbugs.gnu.org>
Date: Fri, 15 Aug 2025 00:28:52 +0000

retitle 22831 OpenSSL should not depend on Perl
reassign 22831 guix
submitter 22831 ludo@gnu.org (Ludovic Court=C3=A8s)
severity 22831 normal

thanks


From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 27 12:05:45 2016
Received: (at submit) by debbugs.gnu.org; 27 Feb 2016 17:05:45 +0000
Received: from localhost ([127.0.0.1]:49032 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aZiJN-0000re-6Z
	for submit@debbugs.gnu.org; Sat, 27 Feb 2016 12:05:45 -0500
Received: from eggs.gnu.org ([208.118.235.92]:48899)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <ludo@gnu.org>) id 1aZiJL-0000rS-MV
 for submit@debbugs.gnu.org; Sat, 27 Feb 2016 12:05:43 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1aZiJF-0004bN-Oz
 for submit@debbugs.gnu.org; Sat, 27 Feb 2016 12:05:38 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:55943)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1aZiJF-0004bJ-LC
 for submit@debbugs.gnu.org; Sat, 27 Feb 2016 12:05:37 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:39864)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1aZiJE-0003yr-Gm
 for bug-guix@gnu.org; Sat, 27 Feb 2016 12:05:37 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1aZiJB-0004ah-6s
 for bug-guix@gnu.org; Sat, 27 Feb 2016 12:05:36 -0500
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:47558)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1aZiJB-0004aX-1R
 for bug-guix@gnu.org; Sat, 27 Feb 2016 12:05:33 -0500
Received: from reverse-83.fdn.fr ([80.67.176.83]:35230 helo=pluto)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.82) (envelope-from <ludo@gnu.org>) id 1aZiJA-0003IF-83
 for bug-guix@gnu.org; Sat, 27 Feb 2016 12:05:32 -0500
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: bug-guix@gnu.org
Subject: OpenSSL should not depend on Perl
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 9 =?utf-8?Q?Vent=C3=B4se?= an 224 de la =?utf-8?Q?R?=
 =?utf-8?Q?=C3=A9volution?=
X-PGP-Key-ID: 0x3D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Sat, 27 Feb 2016 18:05:29 +0100
Message-ID: <87lh66xew6.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Commit 784d6e91 changed OpenSSL such that it does not depend on Perl,
but one of the subsequent upgrades broke it:

--8<---------------cut here---------------start------------->8---
$ guix build perl
/gnu/store/x2p2biyybcb2wac77qz9468asc5fm48i-perl-5.22.1
$ grep -r x2p2biyybcb2wac77qz9468asc5fm48i $(guix build openssl)
/gnu/store/qvx4q6lbwi4s3cwr8wqaa7kcva0a5c4b-openssl-1.0.2f/bin/c_rehash:#!/=
gnu/store/x2p2biyybcb2wac77qz9468asc5fm48i-perl-5.22.1/bin/perl
--8<---------------cut here---------------end--------------->8---

Somehow =E2=80=98openssl-c-rehash.patch=E2=80=99 seems to no longer have th=
e desired
effect.

Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 27 20:10:30 2016
Received: (at 22831) by debbugs.gnu.org; 28 Feb 2016 01:10:30 +0000
Received: from localhost ([127.0.0.1]:49206 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aZpsU-0005uN-Lx
	for submit@debbugs.gnu.org; Sat, 27 Feb 2016 20:10:30 -0500
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:42725)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <leo@famulari.name>) id 1aZpsS-0005uF-Nn
 for 22831@debbugs.gnu.org; Sat, 27 Feb 2016 20:10:29 -0500
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.nyi.internal (Postfix) with ESMTP id 88DFA20A40;
 Sat, 27 Feb 2016 20:10:28 -0500 (EST)
Received: from frontend2 ([10.202.2.161])
 by compute3.internal (MEProxy); Sat, 27 Feb 2016 20:10:28 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h=
 cc:content-transfer-encoding:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-sasl-enc
 :x-sasl-enc; s=mesmtp; bh=xwRWvwfulbuQdSFN0D8bLBBaS7g=; b=J4okSG
 uUJMkSdq4LayjyjfQFlVT7mvHJD+WmGiMsCcIHQDA0QUX5fY52Catgo1Tb0SuPoc
 JuW/EO0CzBjzavCZm3D6w8pNc2AlA9xnbonXtEqe8jOoUOAnLoqRxl14ovGQvrec
 5F0QsQCnNsYlhR5EVd3Jfj76jCC1Q9HcKDKzY=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=xwRWvwfulbuQdSF
 N0D8bLBBaS7g=; b=RKnT3v+DwwjJOdxTTL0b6YVlqaWmrHMiSF5V642uZAeeBZQ
 +FgFuWxd5EuC2BYWPtVZv6cQzn1SfHzpLxRtfWDruSkHeFEnthJ7imxyVX2yO+QZ
 ZVGSwMD0yzcqGU1weo6qk3l05h96XRu16vJ1xYRDmJkwyeLPDqPPcUiPse9s=
X-Sasl-enc: lWRLe0MVOyF7Hs5fYLIULCqAbTutVPLLykgrpsjvrDpa 1456621828
Received: from localhost (c-71-225-1-241.hsd1.pa.comcast.net [71.225.1.241])
 by mail.messagingengine.com (Postfix) with ESMTPA id 418886800DB;
 Sat, 27 Feb 2016 20:10:28 -0500 (EST)
Date: Sat, 27 Feb 2016 20:10:27 -0500
From: Leo Famulari <leo@famulari.name>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@gnu.org>
Subject: Re: bug#22831: OpenSSL should not depend on Perl
Message-ID: <20160228011027.GC6690@jasmine>
References: <87lh66xew6.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <87lh66xew6.fsf@gnu.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 22831
Cc: 22831@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Courtès wrote:
> Commit 784d6e91 changed OpenSSL such that it does not depend on Perl,
> but one of the subsequent upgrades broke it:

Bisecting, I narrowed it down to:
86c8f1daf8ed10f13f2b1e973a28845629b8ce47
(gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].).

I'll get the openssl sources corresponding to the good and bad commmits
and try to figure out what changed that pulled perl back in.

> 
> --8<---------------cut here---------------start------------->8---
> $ guix build perl
> /gnu/store/x2p2biyybcb2wac77qz9468asc5fm48i-perl-5.22.1
> $ grep -r x2p2biyybcb2wac77qz9468asc5fm48i $(guix build openssl)
> /gnu/store/qvx4q6lbwi4s3cwr8wqaa7kcva0a5c4b-openssl-1.0.2f/bin/c_rehash:#!/gnu/store/x2p2biyybcb2wac77qz9468asc5fm48i-perl-5.22.1/bin/perl
> --8<---------------cut here---------------end--------------->8---
> 
> Somehow ‘openssl-c-rehash.patch’ seems to no longer have the desired
> effect.
> 
> Ludo’.
> 
> 
> 




From debbugs-submit-bounces@debbugs.gnu.org Sun Feb 28 08:35:30 2016
Received: (at 22831) by debbugs.gnu.org; 28 Feb 2016 13:35:30 +0000
Received: from localhost ([127.0.0.1]:49618 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aa1VS-0002bT-CQ
	for submit@debbugs.gnu.org; Sun, 28 Feb 2016 08:35:30 -0500
Received: from eggs.gnu.org ([208.118.235.92]:55036)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <ludo@gnu.org>) id 1aa1VQ-0002bC-VI
 for 22831@debbugs.gnu.org; Sun, 28 Feb 2016 08:35:29 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1aa1VH-0001RE-VU
 for 22831@debbugs.gnu.org; Sun, 28 Feb 2016 08:35:23 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:36519)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1aa1VH-0001RA-Ru; Sun, 28 Feb 2016 08:35:19 -0500
Received: from reverse-83.fdn.fr ([80.67.176.83]:55468 helo=pluto)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1aa1VC-000565-Tj; Sun, 28 Feb 2016 08:35:15 -0500
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Leo Famulari <leo@famulari.name>
Subject: Re: bug#22831: OpenSSL should not depend on Perl
References: <87lh66xew6.fsf@gnu.org> <20160228011027.GC6690@jasmine>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 10 =?utf-8?Q?Vent=C3=B4se?= an 224 de la =?utf-8?Q?R?=
 =?utf-8?Q?=C3=A9volution?=
X-PGP-Key-ID: 0x3D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Sun, 28 Feb 2016 14:35:12 +0100
In-Reply-To: <20160228011027.GC6690@jasmine> (Leo Famulari's message of "Sat, 
 27 Feb 2016 20:10:27 -0500")
Message-ID: <87povhvtyn.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 22831
Cc: 22831@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Leo Famulari <leo@famulari.name> skribis:

> On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Court=C3=A8s wrote:
>> Commit 784d6e91 changed OpenSSL such that it does not depend on Perl,
>> but one of the subsequent upgrades broke it:
>
> Bisecting, I narrowed it down to:
> 86c8f1daf8ed10f13f2b1e973a28845629b8ce47
> (gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].).
>
> I'll get the openssl sources corresponding to the good and bad commmits
> and try to figure out what changed that pulled perl back in.

Awesome.  Hopefully we can apply the fix when we upgrade OpenSSL this
Tuesday.

Thanks,
Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Sun Feb 28 08:38:10 2016
Received: (at 22831) by debbugs.gnu.org; 28 Feb 2016 13:38:10 +0000
Received: from localhost ([127.0.0.1]:49622 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aa1Y1-0002fe-QU
	for submit@debbugs.gnu.org; Sun, 28 Feb 2016 08:38:10 -0500
Received: from eggs.gnu.org ([208.118.235.92]:55495)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <ludo@gnu.org>) id 1aa1Xz-0002fO-Fd
 for 22831@debbugs.gnu.org; Sun, 28 Feb 2016 08:38:07 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1aa1Xp-0001x1-B3
 for 22831@debbugs.gnu.org; Sun, 28 Feb 2016 08:38:02 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:36536)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1aa1Xp-0001ww-7F; Sun, 28 Feb 2016 08:37:57 -0500
Received: from reverse-83.fdn.fr ([80.67.176.83]:55604 helo=pluto)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1aa1Xo-000336-K4; Sun, 28 Feb 2016 08:37:57 -0500
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Leo Famulari <leo@famulari.name>
Subject: Re: bug#22831: OpenSSL should not depend on Perl
References: <87lh66xew6.fsf@gnu.org> <20160228011027.GC6690@jasmine>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 10 =?utf-8?Q?Vent=C3=B4se?= an 224 de la =?utf-8?Q?R?=
 =?utf-8?Q?=C3=A9volution?=
X-PGP-Key-ID: 0x3D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Sun, 28 Feb 2016 14:37:54 +0100
In-Reply-To: <20160228011027.GC6690@jasmine> (Leo Famulari's message of "Sat, 
 27 Feb 2016 20:10:27 -0500")
Message-ID: <87lh65vtu5.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 22831
Cc: 22831@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Leo Famulari <leo@famulari.name> skribis:

> On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Court=C3=A8s wrote:
>> Commit 784d6e91 changed OpenSSL such that it does not depend on Perl,
>> but one of the subsequent upgrades broke it:
>
> Bisecting, I narrowed it down to:
> 86c8f1daf8ed10f13f2b1e973a28845629b8ce47
> (gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].).
>
> I'll get the openssl sources corresponding to the good and bad commmits
> and try to figure out what changed that pulled perl back in.

Also we should add something like:

  #:allowed-references (list (canonical-package glibc)
                             (list (canonical-package gcc) "lib")
                             "out")

to avoid regressions.

(A case where #:disallowed-references would be more convenient, but it=E2=
=80=99s
not yet implemented.  :-))

Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 29 03:47:41 2016
Received: (at 22831) by debbugs.gnu.org; 29 Feb 2016 08:47:41 +0000
Received: from localhost ([127.0.0.1]:51839 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aaJUS-0006Ha-Ub
	for submit@debbugs.gnu.org; Mon, 29 Feb 2016 03:47:41 -0500
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:42018)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <leo@famulari.name>) id 1aaJUQ-0006HS-RM
 for 22831@debbugs.gnu.org; Mon, 29 Feb 2016 03:47:39 -0500
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
 by mailout.nyi.internal (Postfix) with ESMTP id 9EF5120776;
 Mon, 29 Feb 2016 03:47:38 -0500 (EST)
Received: from frontend2 ([10.202.2.161])
 by compute1.internal (MEProxy); Mon, 29 Feb 2016 03:47:38 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h=
 cc:content-transfer-encoding:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-sasl-enc
 :x-sasl-enc; s=mesmtp; bh=ndaf6ipjOim5kp0GFyLkabJAl0o=; b=lEEoNb
 W+R63tAAGHj4OZ1uch2aMMciOMsEoPsbj5Hj7igt4zuj+j4nuDfm+6KdWWRJcxEa
 EDQiGnovRUHLCQWsXysM+TFs0W8rZXOIM6vYmWBKGQPzKDVuChTFxIGwOLcDFHox
 euNYSrTKJXJiO1ST+PZVJCbJWaj5rKGKL2stU=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=ndaf6ipjOim5kp0
 GFyLkabJAl0o=; b=LD7Kkq6EUURHjHv83yTgaxr0Got7Qi1pzOGS0PZYG2FWNCt
 Gif01Jw04UtCR18zR8gKRfOHxsAMwKwL3p/SPodzFnZQP/ZNW5bLu9DHUyfKJuAB
 egrA37ocoLCyuDAP8df8kIbhBUw+x75PCur5kUZGm+GcI1vYlfCt4eFjw0Xo=
X-Sasl-enc: scYdsFBBf3HL5k+bX/yqEJqNvBm6OaEwg+qGK9B2AbbD 1456735658
Received: from localhost (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231])
 by mail.messagingengine.com (Postfix) with ESMTPA id 5DDD76801A3;
 Mon, 29 Feb 2016 03:47:38 -0500 (EST)
Date: Mon, 29 Feb 2016 03:47:38 -0500
From: Leo Famulari <leo@famulari.name>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@gnu.org>
Subject: Re: bug#22831: OpenSSL should not depend on Perl
Message-ID: <20160229084738.GB18766@jasmine>
References: <87lh66xew6.fsf@gnu.org> <20160228011027.GC6690@jasmine>
 <87povhvtyn.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <87povhvtyn.fsf@gnu.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 22831
Cc: 22831@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

On Sun, Feb 28, 2016 at 02:35:12PM +0100, Ludovic Courtès wrote:
> Leo Famulari <leo@famulari.name> skribis:
> 
> > On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Courtès wrote:
> >> Commit 784d6e91 changed OpenSSL such that it does not depend on Perl,
> >> but one of the subsequent upgrades broke it:
> >
> > Bisecting, I narrowed it down to:
> > 86c8f1daf8ed10f13f2b1e973a28845629b8ce47
> > (gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].).
> >
> > I'll get the openssl sources corresponding to the good and bad commmits
> > and try to figure out what changed that pulled perl back in.
> 
> Awesome.  Hopefully we can apply the fix when we upgrade OpenSSL this
> Tuesday.

'openssl-c-rehash.patch' is being applied, but at some point in the
build process the change is reverted.

I haven't figured out why yet. Ludo is right, it would be really good to
only change our OpenSSL package one day this week.

So, I'm asking for help with this problem!

I will spend some time on it tomorrow, but I really don't have any
promising leads. My plan is to step through the build process and learn
when the shebang is recreated. Hopefully then I will get some
inspiration.

I suppose a nasty short term fix would be to patch the file after
installing it. I will submit that patch if it seems there is no other
option in time for the security update.




From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 29 03:48:16 2016
Received: (at 22831) by debbugs.gnu.org; 29 Feb 2016 08:48:16 +0000
Received: from localhost ([127.0.0.1]:51843 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aaJV2-0006Io-80
	for submit@debbugs.gnu.org; Mon, 29 Feb 2016 03:48:16 -0500
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:36206)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <leo@famulari.name>) id 1aaJV1-0006Ig-Kq
 for 22831@debbugs.gnu.org; Mon, 29 Feb 2016 03:48:15 -0500
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.nyi.internal (Postfix) with ESMTP id 6F82620B86;
 Mon, 29 Feb 2016 03:48:15 -0500 (EST)
Received: from frontend2 ([10.202.2.161])
 by compute5.internal (MEProxy); Mon, 29 Feb 2016 03:48:15 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h=
 cc:content-transfer-encoding:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-sasl-enc
 :x-sasl-enc; s=mesmtp; bh=KzxX1uR7NiD0bXofU7q6z88Xi60=; b=hYsvLs
 uI/F+N1jg9CHArHWV6ROAHEzPgL0vvTcp/YFpN/SbZRXtC3FXbea8mkjW8Srrwr7
 3+JsTQtD6ZWelPqCHNgn/iJ0I3VGf6S85qWBdSH6+0k1BWaoZFv7u4pD2n7PBGMw
 uG0rVynlsT+yVwNunDgC1nPwEclUppWJYjy7c=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=KzxX1uR7NiD0bXo
 fU7q6z88Xi60=; b=M7y+pACxNMln+W/z9Gn4CJHHy3fFM/PpHS+/XUyRiERd7HL
 4kSvG/9RkHttiec10U2LdqvIvORhH15vCN3PxrHGpndjdqdIqKMLyfuEe7neAaMg
 lLjmQ8JF4IVbOuCycj80zMlnTqW9YT6/X837zAAzA2reDfKVqgnazOcF5sPQ=
X-Sasl-enc: 9RF1Fxl01sq4/RL0qYH1jO6oCRze5ARIXykp4sAd20D8 1456735695
Received: from localhost (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231])
 by mail.messagingengine.com (Postfix) with ESMTPA id 276336801CC;
 Mon, 29 Feb 2016 03:48:15 -0500 (EST)
Date: Mon, 29 Feb 2016 03:48:15 -0500
From: Leo Famulari <leo@famulari.name>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@gnu.org>
Subject: Re: bug#22831: OpenSSL should not depend on Perl
Message-ID: <20160229084815.GC18766@jasmine>
References: <87lh66xew6.fsf@gnu.org> <20160228011027.GC6690@jasmine>
 <87lh65vtu5.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <87lh65vtu5.fsf@gnu.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 22831
Cc: 22831@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

On Sun, Feb 28, 2016 at 02:37:54PM +0100, Ludovic Courtès wrote:
> Leo Famulari <leo@famulari.name> skribis:
> 
> > On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Courtès wrote:
> >> Commit 784d6e91 changed OpenSSL such that it does not depend on Perl,
> >> but one of the subsequent upgrades broke it:
> >
> > Bisecting, I narrowed it down to:
> > 86c8f1daf8ed10f13f2b1e973a28845629b8ce47
> > (gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].).
> >
> > I'll get the openssl sources corresponding to the good and bad commmits
> > and try to figure out what changed that pulled perl back in.
> 
> Also we should add something like:
> 
>   #:allowed-references (list (canonical-package glibc)
>                              (list (canonical-package gcc) "lib")
>                              "out")
> 
> to avoid regressions.

Okay, good idea.

> 
> (A case where #:disallowed-references would be more convenient, but it’s
> not yet implemented.  :-))
> 
> Ludo’.




From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 29 19:39:58 2016
Received: (at 22831) by debbugs.gnu.org; 1 Mar 2016 00:39:59 +0000
Received: from localhost ([127.0.0.1]:54354 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aaYM2-00075t-Gc
	for submit@debbugs.gnu.org; Mon, 29 Feb 2016 19:39:58 -0500
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:42316)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <leo@famulari.name>) id 1aaYM1-00075R-1G
 for 22831@debbugs.gnu.org; Mon, 29 Feb 2016 19:39:57 -0500
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
 by mailout.nyi.internal (Postfix) with ESMTP id 5152520852;
 Mon, 29 Feb 2016 19:39:55 -0500 (EST)
Received: from frontend2 ([10.202.2.161])
 by compute1.internal (MEProxy); Mon, 29 Feb 2016 19:39:55 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h=
 date:from:message-id:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp;
 bh=MEf2AOlqLv+LdldLwhG0ApqjMGM=; b=dKsu+CQz6IYH7H+p24f7O57VGdDe
 XEk/NsfCdMjM4LM518S6LgwxYVX7i6NcLYHnmacXS+tmAaDTKxD0M4j0BLuzmOJK
 SIA0u8DhNdy4gH6owFe72b6vLSfrfNN+XU4glXTUCKIvuVk4QSHxTKqlrnD+59hD
 H1S2TYUK+/h1Hd8=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=date:from:message-id:subject:to
 :x-sasl-enc:x-sasl-enc; s=smtpout; bh=MEf2AOlqLv+LdldLwhG0ApqjMG
 M=; b=deaDfHN8qt/I3474ZmDiUtkEXZl9i5JZWlhC886/fO4HBd5NVQvsjQNUab
 mOjNLFjqZY5B42sLGvo9qCppIRjGR6eUFSB0x8Sa2HnlGB+QFs4W0eWQ1MFFPk8K
 zkaRkO0bl4ZCAjTAxkw128bAU7my0vF80vx0iVPz4x7dhEIfk=
X-Sasl-enc: 85QNWSZIDis4ZISMyGIdX+iuEW7+9JVxqYeDGgmS/14p 1456792795
Received: from jasmine.lan (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231])
 by mail.messagingengine.com (Postfix) with ESMTPA id 06FE66801CC
 for <22831@debbugs.gnu.org>; Mon, 29 Feb 2016 19:39:55 -0500 (EST)
From: Leo Famulari <leo@famulari.name>
To: 22831@debbugs.gnu.org
Subject: [PATCH 0/2] OpenSSL / Perl run-time dependency
Date: Mon, 29 Feb 2016 19:39:51 -0500
Message-Id: <cover.1456792742.git.leo@famulari.name>
X-Mailer: git-send-email 2.7.1
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 22831
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

Patch 1/2 updates the patch we use to keep Perl from becoming a
registered run-time dependency of OpenSSL.

Patch 2/2 is an attempt to use #:allowed-references to prevent
Perl from sneaking back in again. Unfortunately, it fails when gcc is an
allowed reference. It "works" when gcc is not in the list. Here's the
backtrace:

Backtrace:
In ice-9/boot-9.scm:
 157: 19 [catch system-error #<procedure 1fc8930 at ice-9/eval.scm:416:20 ()> ...]
In ice-9/eval.scm:
 481: 18 [lp (#<fluid 1>) (absolute)]
 411: 17 [eval # #]
 481: 16 [lp (#<fluid 32>) (#t)]
In srfi/srfi-1.scm:
 646: 15 [append-map #<procedure 1fca0c0 at ice-9/eval.scm:416:20 (a)> (#)]
 578: 14 [map #<procedure 1fca0c0 at ice-9/eval.scm:416:20 (a)> (#)]
In ice-9/eval.scm:
 387: 13 [eval # #]
 411: 12 [eval # #]
In ice-9/r4rs.scm:
  39: 11 [call-with-values #<procedure 5e8f960 at ice-9/eval.scm:416:20 ()> ...]
In ice-9/eval.scm:
 411: 10 [eval # #]
 481: 9 [lp (#<fluid 24> #<fluid 25>) ("x86_64-linux" #f)]
 481: 8 [lp (#<fluid 25>) (#f)]
 411: 7 [eval # #]
 387: 6 [eval # #]
 387: 5 [eval # #]
 387: 4 [eval # #]
 387: 3 [eval # #]
 387: 2 [eval # #]
 393: 1 [eval # #]
In unknown file:
   ?: 0 [memoize-variable-access! #<memoized gcc> #<directory # 41083f0>]

ERROR: In procedure memoize-variable-access!:
ERROR: Unbound variable: gcc


Leo Famulari (2):
  gnu: openssl: Remove run-time dependency on Perl.
  WIP: gnu: openssl: Restrict allowed references for openssl.

 gnu/packages/patches/openssl-c-rehash.patch | 14 ++++++++++++++
 gnu/packages/tls.scm                        |  7 +++++++
 2 files changed, 21 insertions(+)

-- 
2.7.1





From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 29 19:39:59 2016
Received: (at 22831) by debbugs.gnu.org; 1 Mar 2016 00:39:59 +0000
Received: from localhost ([127.0.0.1]:54356 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aaYM2-00075w-Qh
	for submit@debbugs.gnu.org; Mon, 29 Feb 2016 19:39:59 -0500
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:54122)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <leo@famulari.name>) id 1aaYM1-00075a-74
 for 22831@debbugs.gnu.org; Mon, 29 Feb 2016 19:39:57 -0500
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42])
 by mailout.nyi.internal (Postfix) with ESMTP id 88EBA20909;
 Mon, 29 Feb 2016 19:39:55 -0500 (EST)
Received: from frontend2 ([10.202.2.161])
 by compute2.internal (MEProxy); Mon, 29 Feb 2016 19:39:55 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h=
 date:from:in-reply-to:in-reply-to:message-id:references
 :references:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=xQCRE
 mKGlr7yLc4gpMbK9C0dyGI=; b=K5xJXWfJT8lHBpXXZ9ENE03BAc2bAoslrLja7
 WkGtisuS7GEafc6a71iKw6GKgzqdnWyaxaq/GZ4PC6QinECLZOEQVLYZrctVaK33
 cEwrvg+G9ZPpNdMG28wUUx++1R0UUkcG9vdDbm+dcFI09x99og2qFL3D4FgY2EqB
 wSHKYQ=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=date:from:in-reply-to:in-reply-to
 :message-id:references:references:subject:to:x-sasl-enc
 :x-sasl-enc; s=smtpout; bh=xQCREmKGlr7yLc4gpMbK9C0dyGI=; b=YnMH9
 XYoT+pt/ho+q0ZQY5E3D/nRNEHVP09e5QfJyn3wSVjwI6aS4fPvCFteQwYKcFA+N
 Nsg6CZQZ6CymHtxouL0Q+gNCGEZNVYsA96qVcZEDGQ9hDeDgn1XoRDieET6Ack0N
 bPLhTuK+AiwJsPheBoN4vfevFcoCcQG2F1qMnY=
X-Sasl-enc: 85QBXSFHEys7ZJef1WIdX+iuEW7+9JVxqYeDGgmS/14p 1456792795
Received: from jasmine.lan (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231])
 by mail.messagingengine.com (Postfix) with ESMTPA id 301FB6801F3
 for <22831@debbugs.gnu.org>; Mon, 29 Feb 2016 19:39:55 -0500 (EST)
From: Leo Famulari <leo@famulari.name>
To: 22831@debbugs.gnu.org
Subject: [PATCH 1/2] gnu: openssl: Remove run-time dependency on Perl.
Date: Mon, 29 Feb 2016 19:39:52 -0500
Message-Id: <044df3e52ff32fbedc3cbb0a06667362142dd6de.1456792742.git.leo@famulari.name>
X-Mailer: git-send-email 2.7.1
In-Reply-To: <cover.1456792742.git.leo@famulari.name>
References: <cover.1456792742.git.leo@famulari.name>
In-Reply-To: <cover.1456792742.git.leo@famulari.name>
References: <cover.1456792742.git.leo@famulari.name>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 22831
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

Fixes <http://bugs.gnu.org/22831>.

* gnu/packages/patches/openssl-c-rehash.patch: Update patch to also replace the
shebang of 'c_rehash.in'.
---
 gnu/packages/patches/openssl-c-rehash.patch | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/gnu/packages/patches/openssl-c-rehash.patch b/gnu/packages/patches/openssl-c-rehash.patch
index f873a9a..62cf662 100644
--- a/gnu/packages/patches/openssl-c-rehash.patch
+++ b/gnu/packages/patches/openssl-c-rehash.patch
@@ -15,3 +15,17 @@ package.
  
  # Perl c_rehash script, scan all files in a directory
  # and add symbolic links to their hash values.
+
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
+index b086ff9..5908a97 100644
+--- a/tools/c_rehash.in
++++ b/tools/c_rehash.in
+@@ -1,4 +1,6 @@
+-#!/usr/local/bin/perl
++eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
++  & eval 'exec perl -wS "$0" $argv:q'
++    if 0;
+ 
+ # Perl c_rehash script, scan all files in a directory
+ # and add symbolic links to their hash values.
+
-- 
2.7.1





From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 29 19:39:59 2016
Received: (at 22831) by debbugs.gnu.org; 1 Mar 2016 00:39:59 +0000
Received: from localhost ([127.0.0.1]:54358 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aaYM3-000763-6Q
	for submit@debbugs.gnu.org; Mon, 29 Feb 2016 19:39:59 -0500
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:53961)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <leo@famulari.name>) id 1aaYM1-00075b-EK
 for 22831@debbugs.gnu.org; Mon, 29 Feb 2016 19:39:57 -0500
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id BEBCA20A06;
 Mon, 29 Feb 2016 19:39:55 -0500 (EST)
Received: from frontend2 ([10.202.2.161])
 by compute4.internal (MEProxy); Mon, 29 Feb 2016 19:39:55 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h=
 date:from:in-reply-to:in-reply-to:message-id:references
 :references:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=VZx4O
 pz17q4Y6oHjjR8ON32Mr14=; b=xonaZIQRYtVNRRKmNucBXpfsmTo7vvXzL5Mpa
 aalG53Kp7gAAwF5sPaKgoq2wgbJT/Wx/t3GaAHPINY0dyUW1N6ZWkX3Ww7bjGwdn
 nqOD6K57g91FmDosjG8nVsaNSl7SDd+BydNCT54KXbIclAcy08JULE7in1EwoObM
 5fMTFc=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=date:from:in-reply-to:in-reply-to
 :message-id:references:references:subject:to:x-sasl-enc
 :x-sasl-enc; s=smtpout; bh=VZx4Opz17q4Y6oHjjR8ON32Mr14=; b=i5nor
 kN+LZWW+UygLsRQ9XiEWaoCH9VFiIqAT2IYiIxnVvI8gMf3BNvGKmUrvMDkpThGP
 ZxUvrJbuC11wFv9AsEWKjphFtHBwu+r08vRWRyGAEhSOejJDirEPbL1JHwh4ImLJ
 VkpiREtpWAow0O+tCBq0PA1XWenWJakGHRRrCw=
X-Sasl-enc: 85QHXi5VBTI7aIiAy2IdX+iuEW7+9JVxqYeDGgmS/14p 1456792795
Received: from jasmine.lan (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231])
 by mail.messagingengine.com (Postfix) with ESMTPA id 577F26801EE
 for <22831@debbugs.gnu.org>; Mon, 29 Feb 2016 19:39:55 -0500 (EST)
From: Leo Famulari <leo@famulari.name>
To: 22831@debbugs.gnu.org
Subject: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed references for
 openssl.
Date: Mon, 29 Feb 2016 19:39:53 -0500
Message-Id: <d59f912303428deb9ebbee6e3492edac988885f0.1456792742.git.leo@famulari.name>
X-Mailer: git-send-email 2.7.1
In-Reply-To: <cover.1456792742.git.leo@famulari.name>
References: <cover.1456792742.git.leo@famulari.name>
In-Reply-To: <cover.1456792742.git.leo@famulari.name>
References: <cover.1456792742.git.leo@famulari.name>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 22831
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

* gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references.
---
 gnu/packages/tls.scm | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 57f0ca1..5990413 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -200,6 +200,13 @@ required structures.")
     `(#:parallel-build? #f
       #:parallel-tests? #f
       #:test-target "test"
+
+      ;; Perl is required at build-time, but ideally not at run-time.
+      ;; OpenSSL updates tend to pull it back in. This prevents that.
+
+      #:allowed-references ,(list (canonical-package glibc)
+                                  (list (canonical-package gcc) "lib")
+                                  "out")
       #:phases
       (modify-phases %standard-phases
         (add-before
-- 
2.7.1





From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 01 02:18:44 2016
Received: (at 22831) by debbugs.gnu.org; 1 Mar 2016 07:18:44 +0000
Received: from localhost ([127.0.0.1]:54650 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aaeZw-0005Cc-Er
	for submit@debbugs.gnu.org; Tue, 01 Mar 2016 02:18:44 -0500
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:48330)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <leo@famulari.name>) id 1aaeZu-0005CU-I6
 for 22831@debbugs.gnu.org; Tue, 01 Mar 2016 02:18:42 -0500
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.nyi.internal (Postfix) with ESMTP id 4AF7720A74;
 Tue,  1 Mar 2016 02:18:42 -0500 (EST)
Received: from frontend1 ([10.202.2.160])
 by compute5.internal (MEProxy); Tue, 01 Mar 2016 02:18:42 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h=
 content-type:date:from:in-reply-to:message-id:mime-version
 :references:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=+fJyk
 DiB6ikSxiNoMALA9I/xuJM=; b=R8cDuoyK8qenwxpWzhvjw6INreR2ngyd4JARm
 /olxPXMBjdufm19yOugdYhVl4GaYPOoFzsieDnGFIOMP5ZWm0mXkC5XndpfZWvL4
 itxSe3U7U7lzKZE1oug/m2xvKZ0ycp4a0n0Y/TdL9aoISp1R2enTIzo6cwiBdl0m
 sgPAbc=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-sasl-enc
 :x-sasl-enc; s=smtpout; bh=+fJykDiB6ikSxiNoMALA9I/xuJM=; b=QWcCO
 WexjHvKeLCv0Hq5j7xXGNFesqZTcKIYbHVhSQa5sff5jo8chuvW1YhiI8o+SoDJO
 20iSnVVwU6nqbZNw2AKH8g4y+PjPvGk4oiquA4Fx0HrysKDtBcOD+j6o2jddwN2f
 xUaGyYtD4g1sLAn2UdFqNeYh2ZQJgN/whKx0v0=
X-Sasl-enc: 2onrRs7Ph30hUtwo/nhEp4Z5CG7xnvA+cG873E/X+Sjz 1456816722
Received: from localhost (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231])
 by mail.messagingengine.com (Postfix) with ESMTPA id 000D4C00018
 for <22831@debbugs.gnu.org>; Tue,  1 Mar 2016 02:18:41 -0500 (EST)
Date: Tue, 1 Mar 2016 02:18:35 -0500
From: Leo Famulari <leo@famulari.name>
To: 22831@debbugs.gnu.org
Subject: Re: bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed
 references for openssl.
Message-ID: <20160301071835.GA26683@jasmine>
References: <cover.1456792742.git.leo@famulari.name>
 <d59f912303428deb9ebbee6e3492edac988885f0.1456792742.git.leo@famulari.name>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <d59f912303428deb9ebbee6e3492edac988885f0.1456792742.git.leo@famulari.name>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 22831
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

On Mon, Feb 29, 2016 at 07:39:53PM -0500, Leo Famulari wrote:
> * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references.

I realized that it would work if I imported (gnu packages gcc) when
defining the tls module. I don't know if that's the right approach or
not, but the output now refers only to glibc, gcc:lib, and itself.

> ---
>  gnu/packages/tls.scm | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
> index 57f0ca1..5990413 100644
> --- a/gnu/packages/tls.scm
> +++ b/gnu/packages/tls.scm
> @@ -200,6 +200,13 @@ required structures.")
>      `(#:parallel-build? #f
>        #:parallel-tests? #f
>        #:test-target "test"
> +
> +      ;; Perl is required at build-time, but ideally not at run-time.
> +      ;; OpenSSL updates tend to pull it back in. This prevents that.
> +
> +      #:allowed-references ,(list (canonical-package glibc)
> +                                  (list (canonical-package gcc) "lib")
> +                                  "out")
>        #:phases
>        (modify-phases %standard-phases
>          (add-before
> -- 
> 2.7.1
> 
> 
> 
> 




From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 01 02:20:26 2016
Received: (at 22831) by debbugs.gnu.org; 1 Mar 2016 07:20:27 +0000
Received: from localhost ([127.0.0.1]:54654 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aaeba-0005FE-Pd
	for submit@debbugs.gnu.org; Tue, 01 Mar 2016 02:20:26 -0500
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:35186)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <leo@famulari.name>) id 1aaebZ-0005F6-AP
 for 22831@debbugs.gnu.org; Tue, 01 Mar 2016 02:20:25 -0500
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46])
 by mailout.nyi.internal (Postfix) with ESMTP id 2377E20CE0;
 Tue,  1 Mar 2016 02:20:25 -0500 (EST)
Received: from frontend1 ([10.202.2.160])
 by compute6.internal (MEProxy); Tue, 01 Mar 2016 02:20:25 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h=
 content-type:date:from:in-reply-to:message-id:mime-version
 :references:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=DVPJb
 PNmTE3qYhYUG43khGf7OGQ=; b=iYQVY1RgFNfE7BJuYIgIu35t5L0HASUZIj5+k
 5s3vtFNKVx8XTGnm64lHFynICgI7z4vrAAVzmPzENi84YCwQ7s/9EXtu5iDndXn+
 YjUC0XDBrrfVjQCInwlAFbhQEfEr4tzjsTuLwuz4bkMlUOHcg1QQ1iNq0BFcGvEi
 q5bHfw=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-sasl-enc
 :x-sasl-enc; s=smtpout; bh=DVPJbPNmTE3qYhYUG43khGf7OGQ=; b=eNyli
 6ickP3jE7fCqYcKLKcbxI9Zsh+NVmCXguPSIPB92f8dlA3winwxYDMQV4N1P2ylc
 rQOi7byk8fmPksfThksi9jGu4zMkJWDQJ+nbW4lN4aC/2DW57bo8maDTETd2m84E
 /a+pZxQw5B3TKS5fX6IybH9hvda0S0neblUgw4=
X-Sasl-enc: l84LH3Ed0xEeeDlLl3gBdzl6mzpAntbxJlI73ZmwZfBF 1456816824
Received: from localhost (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231])
 by mail.messagingengine.com (Postfix) with ESMTPA id D3E8CC00012
 for <22831@debbugs.gnu.org>; Tue,  1 Mar 2016 02:20:24 -0500 (EST)
Date: Tue, 1 Mar 2016 02:20:25 -0500
From: Leo Famulari <leo@famulari.name>
To: 22831@debbugs.gnu.org
Subject: Re: bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed
 references for openssl.
Message-ID: <20160301072025.GA26797@jasmine>
References: <cover.1456792742.git.leo@famulari.name>
 <d59f912303428deb9ebbee6e3492edac988885f0.1456792742.git.leo@famulari.name>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="dDRMvlgZJXvWKvBx"
Content-Disposition: inline
In-Reply-To: <d59f912303428deb9ebbee6e3492edac988885f0.1456792742.git.leo@famulari.name>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 22831
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)


--dDRMvlgZJXvWKvBx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, Feb 29, 2016 at 07:39:53PM -0500, Leo Famulari wrote:
> * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references.

Working patch attached.

--dDRMvlgZJXvWKvBx
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="0001-gnu-openssl-Restrict-allowed-references-for-openssl.patch"

>From 00807e4421757f8d9204f1601de9a8286a408f91 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Mon, 29 Feb 2016 19:24:20 -0500
Subject: [PATCH] gnu: openssl: Restrict allowed references for openssl.

* gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references.
---
 gnu/packages/tls.scm | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 90971f2..8c72f3b 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -32,6 +32,7 @@
   #:use-module (guix build-system python)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages)
+  #:use-module (gnu packages gcc)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages libffi)
   #:use-module (gnu packages libidn)
@@ -200,6 +201,12 @@ required structures.")
     `(#:parallel-build? #f
       #:parallel-tests? #f
       #:test-target "test"
+
+      ;; We want to limit what the output of this derivation refers to.
+      ;; Specifically, we don't want it to refer to Perl.
+      #:allowed-references ,(list (canonical-package glibc)
+                                  (list (canonical-package gcc) "lib")
+                                  "out")
       #:phases
       (modify-phases %standard-phases
         (add-before
-- 
2.7.1


--dDRMvlgZJXvWKvBx--




From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 01 08:38:19 2016
Received: (at 22831) by debbugs.gnu.org; 1 Mar 2016 13:38:19 +0000
Received: from localhost ([127.0.0.1]:54832 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aakVH-0007dJ-Gu
	for submit@debbugs.gnu.org; Tue, 01 Mar 2016 08:38:19 -0500
Received: from eggs.gnu.org ([208.118.235.92]:39283)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <ludo@gnu.org>) id 1aakVG-0007d3-Iz
 for 22831@debbugs.gnu.org; Tue, 01 Mar 2016 08:38:18 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1aakV8-0004Ya-Eo
 for 22831@debbugs.gnu.org; Tue, 01 Mar 2016 08:38:13 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:60187)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1aakV8-0004YV-BA; Tue, 01 Mar 2016 08:38:10 -0500
Received: from pluto.bordeaux.inria.fr ([193.50.110.57]:33792 helo=pluto)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1aakV7-0001M3-FK; Tue, 01 Mar 2016 08:38:09 -0500
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Leo Famulari <leo@famulari.name>
Subject: Re: bug#22831: OpenSSL should not depend on Perl
References: <87lh66xew6.fsf@gnu.org> <20160228011027.GC6690@jasmine>
 <87povhvtyn.fsf@gnu.org> <20160229084738.GB18766@jasmine>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 12 =?utf-8?Q?Vent=C3=B4se?= an 224 de la =?utf-8?Q?R?=
 =?utf-8?Q?=C3=A9volution?=
X-PGP-Key-ID: 0x3D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Tue, 01 Mar 2016 14:38:07 +0100
In-Reply-To: <20160229084738.GB18766@jasmine> (Leo Famulari's message of "Mon, 
 29 Feb 2016 03:47:38 -0500")
Message-ID: <8737sapbcw.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 22831
Cc: 22831@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Leo Famulari <leo@famulari.name> skribis:

> On Sun, Feb 28, 2016 at 02:35:12PM +0100, Ludovic Court=C3=A8s wrote:
>> Leo Famulari <leo@famulari.name> skribis:
>>=20
>> > On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Court=C3=A8s wrote:
>> >> Commit 784d6e91 changed OpenSSL such that it does not depend on Perl,
>> >> but one of the subsequent upgrades broke it:
>> >
>> > Bisecting, I narrowed it down to:
>> > 86c8f1daf8ed10f13f2b1e973a28845629b8ce47
>> > (gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].).
>> >
>> > I'll get the openssl sources corresponding to the good and bad commmits
>> > and try to figure out what changed that pulled perl back in.
>>=20
>> Awesome.  Hopefully we can apply the fix when we upgrade OpenSSL this
>> Tuesday.
>
> 'openssl-c-rehash.patch' is being applied, but at some point in the
> build process the change is reverted.

In the source, I see:

--8<---------------cut here---------------start------------->8---
$ find -name c_rehash\*
./tools/c_rehash
./tools/c_rehash.in
./doc/apps/c_rehash.pod
--8<---------------cut here---------------end--------------->8---

Could it be that the unpatched one ends up being installed or something?

Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 01 12:24:29 2016
Received: (at 22831-done) by debbugs.gnu.org; 1 Mar 2016 17:24:29 +0000
Received: from localhost ([127.0.0.1]:56592 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aao29-0000KN-2T
	for submit@debbugs.gnu.org; Tue, 01 Mar 2016 12:24:29 -0500
Received: from eggs.gnu.org ([208.118.235.92]:57237)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <ludo@gnu.org>) id 1aao27-0000K9-JZ
 for 22831-done@debbugs.gnu.org; Tue, 01 Mar 2016 12:24:27 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1aao1y-0001JE-0J
 for 22831-done@debbugs.gnu.org; Tue, 01 Mar 2016 12:24:22 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:36691)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1aao1x-0001JA-TE; Tue, 01 Mar 2016 12:24:17 -0500
Received: from pluto.bordeaux.inria.fr ([193.50.110.57]:44938 helo=pluto)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1aao1x-0005PG-BR; Tue, 01 Mar 2016 12:24:17 -0500
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Leo Famulari <leo@famulari.name>
Subject: Re: bug#22831: OpenSSL should not depend on Perl
References: <87lh66xew6.fsf@gnu.org> <20160228011027.GC6690@jasmine>
 <87povhvtyn.fsf@gnu.org> <20160229084738.GB18766@jasmine>
 <8737sapbcw.fsf@gnu.org>
Date: Tue, 01 Mar 2016 18:24:15 +0100
In-Reply-To: <8737sapbcw.fsf@gnu.org> ("Ludovic
 \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
 \=\?utf-8\?Q\?s\?\= message of "Tue, 01 Mar 2016 14:38:07 +0100")
Message-ID: <871t7um7r4.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 22831-done
Cc: 22831-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

ludo@gnu.org (Ludovic Court=C3=A8s) skribis:

> Leo Famulari <leo@famulari.name> skribis:
>
>> On Sun, Feb 28, 2016 at 02:35:12PM +0100, Ludovic Court=C3=A8s wrote:
>>> Leo Famulari <leo@famulari.name> skribis:
>>>=20
>>> > On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Court=C3=A8s wrote:
>>> >> Commit 784d6e91 changed OpenSSL such that it does not depend on Perl,
>>> >> but one of the subsequent upgrades broke it:
>>> >
>>> > Bisecting, I narrowed it down to:
>>> > 86c8f1daf8ed10f13f2b1e973a28845629b8ce47
>>> > (gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].).
>>> >
>>> > I'll get the openssl sources corresponding to the good and bad commmi=
ts
>>> > and try to figure out what changed that pulled perl back in.
>>>=20
>>> Awesome.  Hopefully we can apply the fix when we upgrade OpenSSL this
>>> Tuesday.
>>
>> 'openssl-c-rehash.patch' is being applied, but at some point in the
>> build process the change is reverted.
>
> In the source, I see:
>
> $ find -name c_rehash\*
> ./tools/c_rehash
> ./tools/c_rehash.in
> ./doc/apps/c_rehash.pod
>
> Could it be that the unpatched one ends up being installed or something?

Indeed.  Fixed in caeadfd, though without #:allowed-references=E2=80=94it=
=E2=80=99ll be
more convenient to use #:disallowed-references when it=E2=80=99s implemente=
d.

Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 01 15:46:40 2016
Received: (at 22831) by debbugs.gnu.org; 1 Mar 2016 20:46:40 +0000
Received: from localhost ([127.0.0.1]:56735 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aarBo-0007rp-9O
	for submit@debbugs.gnu.org; Tue, 01 Mar 2016 15:46:40 -0500
Received: from eggs.gnu.org ([208.118.235.92]:33457)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <ludo@gnu.org>) id 1aarBn-0007re-Fs
 for 22831@debbugs.gnu.org; Tue, 01 Mar 2016 15:46:39 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1aarBd-00047S-NE
 for 22831@debbugs.gnu.org; Tue, 01 Mar 2016 15:46:34 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:40781)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1aarBd-00047E-Jf; Tue, 01 Mar 2016 15:46:29 -0500
Received: from reverse-83.fdn.fr ([80.67.176.83]:34106 helo=pluto)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1aarBc-0004iC-6q; Tue, 01 Mar 2016 15:46:28 -0500
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Leo Famulari <leo@famulari.name>
Subject: Re: bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed
 references for openssl.
References: <cover.1456792742.git.leo@famulari.name>
 <d59f912303428deb9ebbee6e3492edac988885f0.1456792742.git.leo@famulari.name>
 <20160301072025.GA26797@jasmine>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 12 =?utf-8?Q?Vent=C3=B4se?= an 224 de la =?utf-8?Q?R?=
 =?utf-8?Q?=C3=A9volution?=
X-PGP-Key-ID: 0x3D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Tue, 01 Mar 2016 21:46:26 +0100
In-Reply-To: <20160301072025.GA26797@jasmine> (Leo Famulari's message of "Tue, 
 1 Mar 2016 02:20:25 -0500")
Message-ID: <877fhmorj1.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 22831
Cc: 22831@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Leo Famulari <leo@famulari.name> skribis:

> From 00807e4421757f8d9204f1601de9a8286a408f91 Mon Sep 17 00:00:00 2001
> From: Leo Famulari <leo@famulari.name>
> Date: Mon, 29 Feb 2016 19:24:20 -0500
> Subject: [PATCH] gnu: openssl: Restrict allowed references for openssl.
>
> * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references.

For some reason I hadn=E2=80=99t seen it in M-x debbugs-gnu for this report
today, but the patch looks good to me!

If we apply it now, it won=E2=80=99t trigger a rebuild (yay!), but will sti=
ll
trigger a bunch of regrafting, which is slightly annoying.  What about
applying it in the next =E2=80=98security-updates=E2=80=99 branch?

Thanks!

Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 01 16:04:44 2016
Received: (at 22831) by debbugs.gnu.org; 1 Mar 2016 21:04:44 +0000
Received: from localhost ([127.0.0.1]:56763 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aarTH-0008UB-QI
	for submit@debbugs.gnu.org; Tue, 01 Mar 2016 16:04:43 -0500
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:54992)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <leo@famulari.name>) id 1aarTG-0008U3-5y
 for 22831@debbugs.gnu.org; Tue, 01 Mar 2016 16:04:42 -0500
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id CEC8E20CFF;
 Tue,  1 Mar 2016 16:04:41 -0500 (EST)
Received: from frontend2 ([10.202.2.161])
 by compute4.internal (MEProxy); Tue, 01 Mar 2016 16:04:41 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h=
 cc:content-transfer-encoding:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-sasl-enc
 :x-sasl-enc; s=mesmtp; bh=JMc5LqkTK8Y0cTqOeUbVKXQkR+s=; b=HXn/2e
 9Ko/cTGDjdKgn6IG5lG6dfVq/iGBByBqTH94WM5cwCoXciZVDCjIM6qMqa+yDGxr
 RnEiXsfyGQY0PY8mJVedFcwKUm247vsrWhBF7xovUCjSrOvCxX1z4h4W+YkOaOxD
 dIzeK9FrD2lSycRur/2dAkhytH/0x65S4+2pM=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=JMc5LqkTK8Y0cTq
 OeUbVKXQkR+s=; b=Gdkb+uScOoeJwg7IEMVMY8tnY2PCL+hMCN4//ymPLpiwPEl
 Dl3+NSrzkTEmmr1zxWL+e2PhuJGWdwyqNXBOMBhTaRNE/dkGqv/Jq5szllNhFQEU
 dgndwEB3b4Oh77lLaWAqhtV0Ai3CFablN1t9B8iLFsM/loj8ZfjTFSi3JKQ8=
X-Sasl-enc: bCNMg+YhtrjLICDqKpTcRGSmYG5xoJOTvf3kFuXNh+yT 1456866281
Received: from localhost (unknown [172.56.2.144])
 by mail.messagingengine.com (Postfix) with ESMTPA id 72A81680121;
 Tue,  1 Mar 2016 16:04:41 -0500 (EST)
Date: Tue, 1 Mar 2016 16:04:40 -0500
From: Leo Famulari <leo@famulari.name>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@gnu.org>
Subject: Re: bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed
 references for openssl.
Message-ID: <20160301210440.GA18336@jasmine>
References: <cover.1456792742.git.leo@famulari.name>
 <d59f912303428deb9ebbee6e3492edac988885f0.1456792742.git.leo@famulari.name>
 <20160301072025.GA26797@jasmine> <877fhmorj1.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <877fhmorj1.fsf@gnu.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 22831
Cc: 22831@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

On Tue, Mar 01, 2016 at 09:46:26PM +0100, Ludovic Courtès wrote:
> Leo Famulari <leo@famulari.name> skribis:
> 
> > From 00807e4421757f8d9204f1601de9a8286a408f91 Mon Sep 17 00:00:00 2001
> > From: Leo Famulari <leo@famulari.name>
> > Date: Mon, 29 Feb 2016 19:24:20 -0500
> > Subject: [PATCH] gnu: openssl: Restrict allowed references for openssl.
> >
> > * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references.
> 
> For some reason I hadn’t seen it in M-x debbugs-gnu for this report
> today, but the patch looks good to me!
> 
> If we apply it now, it won’t trigger a rebuild (yay!), but will still
> trigger a bunch of regrafting, which is slightly annoying.  What about
> applying it in the next ‘security-updates’ branch?

Sure. Is it okay if I create that branch?

> 
> Thanks!
> 
> Ludo’.




From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 02 03:42:55 2016
Received: (at 22831) by debbugs.gnu.org; 2 Mar 2016 08:42:55 +0000
Received: from localhost ([127.0.0.1]:56962 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1ab2Mx-0000Dg-Iy
	for submit@debbugs.gnu.org; Wed, 02 Mar 2016 03:42:55 -0500
Received: from eggs.gnu.org ([208.118.235.92]:33387)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <ludo@gnu.org>) id 1ab2Mv-0000DU-LI
 for 22831@debbugs.gnu.org; Wed, 02 Mar 2016 03:42:53 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1ab2Mn-00053z-C3
 for 22831@debbugs.gnu.org; Wed, 02 Mar 2016 03:42:48 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:54704)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1ab2Mn-00053r-8G; Wed, 02 Mar 2016 03:42:45 -0500
Received: from reverse-83.fdn.fr ([80.67.176.83]:40240 helo=pluto)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1ab2Mm-000820-DG; Wed, 02 Mar 2016 03:42:44 -0500
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Leo Famulari <leo@famulari.name>
Subject: Re: bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed
 references for openssl.
References: <cover.1456792742.git.leo@famulari.name>
 <d59f912303428deb9ebbee6e3492edac988885f0.1456792742.git.leo@famulari.name>
 <20160301072025.GA26797@jasmine> <877fhmorj1.fsf@gnu.org>
 <20160301210440.GA18336@jasmine>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 13 =?utf-8?Q?Vent=C3=B4se?= an 224 de la =?utf-8?Q?R?=
 =?utf-8?Q?=C3=A9volution?=
X-PGP-Key-ID: 0x3D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Wed, 02 Mar 2016 09:42:41 +0100
In-Reply-To: <20160301210440.GA18336@jasmine> (Leo Famulari's message of "Tue, 
 1 Mar 2016 16:04:40 -0500")
Message-ID: <877fhll18e.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 22831
Cc: 22831@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Leo Famulari <leo@famulari.name> skribis:

> On Tue, Mar 01, 2016 at 09:46:26PM +0100, Ludovic Court=C3=A8s wrote:
>> Leo Famulari <leo@famulari.name> skribis:
>>=20
>> > From 00807e4421757f8d9204f1601de9a8286a408f91 Mon Sep 17 00:00:00 2001
>> > From: Leo Famulari <leo@famulari.name>
>> > Date: Mon, 29 Feb 2016 19:24:20 -0500
>> > Subject: [PATCH] gnu: openssl: Restrict allowed references for openssl.
>> >
>> > * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references.
>>=20
>> For some reason I hadn=E2=80=99t seen it in M-x debbugs-gnu for this rep=
ort
>> today, but the patch looks good to me!
>>=20
>> If we apply it now, it won=E2=80=99t trigger a rebuild (yay!), but will =
still
>> trigger a bunch of regrafting, which is slightly annoying.  What about
>> applying it in the next =E2=80=98security-updates=E2=80=99 branch?
>
> Sure. Is it okay if I create that branch?

Sure, no problem.

Thanks,
Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 02 14:20:22 2016
Received: (at 22831) by debbugs.gnu.org; 2 Mar 2016 19:20:22 +0000
Received: from localhost ([127.0.0.1]:58114 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1abCJq-0006w8-Gw
	for submit@debbugs.gnu.org; Wed, 02 Mar 2016 14:20:22 -0500
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:49345)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <leo@famulari.name>) id 1abCJo-0006w0-UF
 for 22831@debbugs.gnu.org; Wed, 02 Mar 2016 14:20:21 -0500
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id 8CE2720D7A;
 Wed,  2 Mar 2016 14:20:20 -0500 (EST)
Received: from frontend2 ([10.202.2.161])
 by compute4.internal (MEProxy); Wed, 02 Mar 2016 14:20:20 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h=
 cc:content-transfer-encoding:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-sasl-enc
 :x-sasl-enc; s=mesmtp; bh=2P4RSW8luyRUtA9j541s+mgxbQA=; b=aL3Gc3
 0+YH1HSEA233ooARN500prhAu+vPfXVuogL0VRMhbQvez4godARjhyde2ihCFNCI
 43okwedPFOTePXetQ10yWMR6kyLNnVYlhaa7PsTQKCWb+gTiF5ko3lMT9umoSaED
 rIKUYwUTtGAB4AGyxAHqTUH1iXZ/J0gwYUmGM=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=2P4RSW8luyRUtA9
 j541s+mgxbQA=; b=bJXZp53oXwb3nZfKrDL5euBBXvc2SNrK1x6fApf8nLGOFtT
 6d2K6bhW4BwvfStX1z5rbtS5QMH6Ac3i9U4nNpTWoaKrOmWFtuxt+42XbTviZ2Nu
 y7GLtNPGlLUaBRdAGpJwxunSVv0JK57qEx6bs0DpNdzA+0RNo4gqYLGrXfpI=
X-Sasl-enc: 5JDtcF498dAUMJcqxNHo832mmCB1qCZnbjzQnMJIuaeQ 1456946420
Received: from localhost (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231])
 by mail.messagingengine.com (Postfix) with ESMTPA id 48468680154;
 Wed,  2 Mar 2016 14:20:20 -0500 (EST)
Date: Wed, 2 Mar 2016 14:20:22 -0500
From: Leo Famulari <leo@famulari.name>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@gnu.org>
Subject: Re: bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed
 references for openssl.
Message-ID: <20160302192022.GD15618@jasmine>
References: <cover.1456792742.git.leo@famulari.name>
 <d59f912303428deb9ebbee6e3492edac988885f0.1456792742.git.leo@famulari.name>
 <20160301072025.GA26797@jasmine> <877fhmorj1.fsf@gnu.org>
 <20160301210440.GA18336@jasmine> <877fhll18e.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <877fhll18e.fsf@gnu.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 22831
Cc: 22831@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

On Wed, Mar 02, 2016 at 09:42:41AM +0100, Ludovic Courtès wrote:
> Leo Famulari <leo@famulari.name> skribis:
> 
> > On Tue, Mar 01, 2016 at 09:46:26PM +0100, Ludovic Courtès wrote:
> >> Leo Famulari <leo@famulari.name> skribis:
> >> 
> >> > From 00807e4421757f8d9204f1601de9a8286a408f91 Mon Sep 17 00:00:00 2001
> >> > From: Leo Famulari <leo@famulari.name>
> >> > Date: Mon, 29 Feb 2016 19:24:20 -0500
> >> > Subject: [PATCH] gnu: openssl: Restrict allowed references for openssl.
> >> >
> >> > * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references.
> >> 
> >> For some reason I hadn’t seen it in M-x debbugs-gnu for this report
> >> today, but the patch looks good to me!
> >> 
> >> If we apply it now, it won’t trigger a rebuild (yay!), but will still
> >> trigger a bunch of regrafting, which is slightly annoying.  What about
> >> applying it in the next ‘security-updates’ branch?
> >
> > Sure. Is it okay if I create that branch?
> 
> Sure, no problem.

Since there was already a security-updates job started, how about
putting on core-updates?

> 
> Thanks,
> Ludo’.




From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 02 15:59:38 2016
Received: (at 22831) by debbugs.gnu.org; 2 Mar 2016 20:59:38 +0000
Received: from localhost ([127.0.0.1]:58180 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1abDru-0000qM-Cl
	for submit@debbugs.gnu.org; Wed, 02 Mar 2016 15:59:38 -0500
Received: from eggs.gnu.org ([208.118.235.92]:49297)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <ludo@gnu.org>) id 1abDrt-0000qA-FC
 for 22831@debbugs.gnu.org; Wed, 02 Mar 2016 15:59:37 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1abDrl-0007e5-3L
 for 22831@debbugs.gnu.org; Wed, 02 Mar 2016 15:59:32 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_05,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:39187)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1abDrk-0007e1-W3; Wed, 02 Mar 2016 15:59:29 -0500
Received: from reverse-83.fdn.fr ([80.67.176.83]:43450 helo=pluto)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1abDrk-0002Kb-7A; Wed, 02 Mar 2016 15:59:28 -0500
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Leo Famulari <leo@famulari.name>
Subject: Re: bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed
 references for openssl.
References: <cover.1456792742.git.leo@famulari.name>
 <d59f912303428deb9ebbee6e3492edac988885f0.1456792742.git.leo@famulari.name>
 <20160301072025.GA26797@jasmine> <877fhmorj1.fsf@gnu.org>
 <20160301210440.GA18336@jasmine> <877fhll18e.fsf@gnu.org>
 <20160302192022.GD15618@jasmine>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 13 =?utf-8?Q?Vent=C3=B4se?= an 224 de la =?utf-8?Q?R?=
 =?utf-8?Q?=C3=A9volution?=
X-PGP-Key-ID: 0x3D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Wed, 02 Mar 2016 21:59:25 +0100
In-Reply-To: <20160302192022.GD15618@jasmine> (Leo Famulari's message of "Wed, 
 2 Mar 2016 14:20:22 -0500")
Message-ID: <87wppkeguq.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 22831
Cc: 22831@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Leo Famulari <leo@famulari.name> skribis:

> On Wed, Mar 02, 2016 at 09:42:41AM +0100, Ludovic Court=C3=A8s wrote:
>> Leo Famulari <leo@famulari.name> skribis:
>>=20
>> > On Tue, Mar 01, 2016 at 09:46:26PM +0100, Ludovic Court=C3=A8s wrote:
>> >> Leo Famulari <leo@famulari.name> skribis:
>> >>=20
>> >> > From 00807e4421757f8d9204f1601de9a8286a408f91 Mon Sep 17 00:00:00 2=
001
>> >> > From: Leo Famulari <leo@famulari.name>
>> >> > Date: Mon, 29 Feb 2016 19:24:20 -0500
>> >> > Subject: [PATCH] gnu: openssl: Restrict allowed references for open=
ssl.
>> >> >
>> >> > * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-referenc=
es.
>> >>=20
>> >> For some reason I hadn=E2=80=99t seen it in M-x debbugs-gnu for this =
report
>> >> today, but the patch looks good to me!
>> >>=20
>> >> If we apply it now, it won=E2=80=99t trigger a rebuild (yay!), but wi=
ll still
>> >> trigger a bunch of regrafting, which is slightly annoying.  What about
>> >> applying it in the next =E2=80=98security-updates=E2=80=99 branch?
>> >
>> > Sure. Is it okay if I create that branch?
>>=20
>> Sure, no problem.
>
> Since there was already a security-updates job started, how about
> putting on core-updates?

Dunno, what does Mark think?  Let=E2=80=99s check with Mark on IRC.  :-)

Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 20 22:20:17 2016
Received: (at 22831) by debbugs.gnu.org; 21 Mar 2016 02:20:17 +0000
Received: from localhost ([127.0.0.1]:56067 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1ahpS5-0000Bo-8u
	for submit@debbugs.gnu.org; Sun, 20 Mar 2016 22:20:17 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:33371)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1ahpS4-0000Bf-2M
 for 22831@debbugs.gnu.org; Sun, 20 Mar 2016 22:20:16 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id D431420320;
 Sun, 20 Mar 2016 22:20:15 -0400 (EDT)
Received: from frontend1 ([10.202.2.160])
 by compute4.internal (MEProxy); Sun, 20 Mar 2016 22:20:15 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h=
 date:from:message-id:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp;
 bh=qHSHXnGjjQRFyogK/FMmNeu2gOY=; b=p5ijfYyQTn/RDZaH7SxkjY34TWjP
 BVhCj5/PXGXRiYLE2GC5rT0bXM7yKF7BpUPdjB5xAxIqVnaNuuk7H9IpAiYlapqL
 UrmzytoRmVl4J/5J302B4XYvwtmT4u8Nbk1IlKb2IhxYs8f+seDtmlNWkotk3S2X
 Rfkl4QEjQI4ULGI=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=date:from:message-id:subject:to
 :x-sasl-enc:x-sasl-enc; s=smtpout; bh=qHSHXnGjjQRFyogK/FMmNeu2gO
 Y=; b=DOJ2a2fI6vbqG1styA+N5d4N7YcYnKbHHK/Jsqzow2tQ6/zjLvhOTjEnDf
 i127lgRPHgtvkRY5GDk+hZF/KflBuX4AzGpcJ8TKyCIZoXOyUdrD2a3WqYH0hx2w
 JasUMUktLtIr25PtyI68XEJjiIMcqYx2PBDAIG2osHPrsKJAA=
X-Sasl-enc: KJyx+R1tooHvqHcbekd9CNPC1qq6jsuTy+ITWEGlyNlJ 1458526815
Received: from localhost.localdomain (c-73-46-63-161.hsd1.fl.comcast.net
 [73.46.63.161])
 by mail.messagingengine.com (Postfix) with ESMTPA id 6B9B0C00018
 for <22831@debbugs.gnu.org>; Sun, 20 Mar 2016 22:20:15 -0400 (EDT)
From: Leo Famulari <leo@famulari.name>
To: 22831@debbugs.gnu.org
Subject: [PATCH 0/1] Disallow reference to Perl from OpenSSL
Date: Sun, 20 Mar 2016 22:20:10 -0400
Message-Id: <cover.1458526695.git.leo@famulari.name>
X-Mailer: git-send-email 2.7.3
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 22831
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

Now that #:disallowed-references has been implemented (thanks Ludo!),
here it is applied to OpenSSL.

To core-updates?

Leo Famulari (1):
  gnu: openssl: Enforce non-reference to perl.

 gnu/packages/tls.scm | 4 ++++
 1 file changed, 4 insertions(+)

-- 
2.7.3





From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 20 22:20:19 2016
Received: (at 22831) by debbugs.gnu.org; 21 Mar 2016 02:20:19 +0000
Received: from localhost ([127.0.0.1]:56069 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1ahpS7-0000C2-FI
	for submit@debbugs.gnu.org; Sun, 20 Mar 2016 22:20:19 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:35816)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1ahpS5-0000Bn-5n
 for 22831@debbugs.gnu.org; Sun, 20 Mar 2016 22:20:17 -0400
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42])
 by mailout.nyi.internal (Postfix) with ESMTP id 6241120744;
 Sun, 20 Mar 2016 22:20:16 -0400 (EDT)
Received: from frontend1 ([10.202.2.160])
 by compute2.internal (MEProxy); Sun, 20 Mar 2016 22:20:16 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h=
 date:from:in-reply-to:in-reply-to:message-id:references
 :references:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=q4bf4
 WWpl2GY5EoS9G7p/bSP2iU=; b=aK4n1OU4gtNX5bTu7eWHHgMUYz5kALvQbcl12
 CT4P1dHuryHm7MS4WInlOfklOfh9lH1Fmi2ogpI4ZcoG6M8aYmQ7fJpinaQAj1g7
 bYRxIGTnI6MHBL5ZeL3wAsz86ZThS6BmuDcJ67kOyvz64E+M0dWKndExICVtFLRL
 bKf2es=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=date:from:in-reply-to:in-reply-to
 :message-id:references:references:subject:to:x-sasl-enc
 :x-sasl-enc; s=smtpout; bh=q4bf4WWpl2GY5EoS9G7p/bSP2iU=; b=qyyGD
 BuEBJgUwwN35WYwf9lSRQIBrrwybRhBU3rSR4GqclcV2gXcY0r0r2hRSy7P+yOu5
 tWAHd3Uu+4BBg6VCwlM4pod3z1AwkCP2osggVbjBgc83BQeWVzztXBnviL3JIPN+
 2mzddt1dzn0et1zWrOBvjGWiCr11+sMs+rAbL0=
X-Sasl-enc: KJyk4QxvppXjuW0cY0d9CNPC1qq6jsuTy+ITWEGlyNlJ 1458526815
Received: from localhost.localdomain (c-73-46-63-161.hsd1.fl.comcast.net
 [73.46.63.161])
 by mail.messagingengine.com (Postfix) with ESMTPA id CDC90C0001B
 for <22831@debbugs.gnu.org>; Sun, 20 Mar 2016 22:20:15 -0400 (EDT)
From: Leo Famulari <leo@famulari.name>
To: 22831@debbugs.gnu.org
Subject: [PATCH 1/1] gnu: openssl: Enforce non-reference to perl.
Date: Sun, 20 Mar 2016 22:20:11 -0400
Message-Id: <b4118da2898486e390f2b55cec804e60458ba9be.1458526695.git.leo@famulari.name>
X-Mailer: git-send-email 2.7.3
In-Reply-To: <cover.1458526695.git.leo@famulari.name>
References: <cover.1458526695.git.leo@famulari.name>
In-Reply-To: <cover.1458526695.git.leo@famulari.name>
References: <cover.1458526695.git.leo@famulari.name>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 22831
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

* gnu/packages/tls.scm (openssl)[arguments]: Add #:disallowed-references.
---
 gnu/packages/tls.scm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index b6bf257..28d7947 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -201,6 +201,10 @@ required structures.")
     `(#:parallel-build? #f
       #:parallel-tests? #f
       #:test-target "test"
+
+      ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
+      ;; so we explicitly disallow it here.
+      #:disallowed-references ,(list (canonical-package perl))
       #:phases
       (modify-phases %standard-phases
         (add-before
-- 
2.7.3





From debbugs-submit-bounces@debbugs.gnu.org Mon Mar 21 05:30:04 2016
Received: (at 22831) by debbugs.gnu.org; 21 Mar 2016 09:30:05 +0000
Received: from localhost ([127.0.0.1]:56226 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1ahwA0-000438-LP
	for submit@debbugs.gnu.org; Mon, 21 Mar 2016 05:30:04 -0400
Received: from eggs.gnu.org ([208.118.235.92]:38959)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1ahw9x-00040r-WB
 for 22831@debbugs.gnu.org; Mon, 21 Mar 2016 05:30:02 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1ahw9p-0006kz-Kz
 for 22831@debbugs.gnu.org; Mon, 21 Mar 2016 05:29:56 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:51630)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1ahw9p-0006kr-Hh; Mon, 21 Mar 2016 05:29:53 -0400
Received: from pluto.bordeaux.inria.fr ([193.50.110.57]:47014 helo=pluto)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1ahw9o-0007AK-TQ; Mon, 21 Mar 2016 05:29:53 -0400
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Leo Famulari <leo@famulari.name>
Subject: Re: bug#22831: [PATCH 1/1] gnu: openssl: Enforce non-reference to
 perl.
References: <cover.1458526695.git.leo@famulari.name>
 <cover.1458526695.git.leo@famulari.name>
 <b4118da2898486e390f2b55cec804e60458ba9be.1458526695.git.leo@famulari.name>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 2 Germinal an 224 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x3D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Mon, 21 Mar 2016 10:29:51 +0100
In-Reply-To: <b4118da2898486e390f2b55cec804e60458ba9be.1458526695.git.leo@famulari.name>
 (Leo Famulari's message of "Sun, 20 Mar 2016 22:20:11 -0400")
Message-ID: <87oaa89o1c.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 22831
Cc: 22831@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Leo Famulari <leo@famulari.name> skribis:

> * gnu/packages/tls.scm (openssl)[arguments]: Add #:disallowed-references.

Sounds good!  (And thanks for following commits closely.  ;-))

This should go to =E2=80=98core-updates=E2=80=99, but first, =E2=80=98maste=
r=E2=80=99 should be merged
in =E2=80=98core-updates=E2=80=99 so that #:disallowed-references is availa=
ble.

Could you do that?

Thanks!

Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Mon Mar 21 12:23:54 2016
Received: (at 22831) by debbugs.gnu.org; 21 Mar 2016 16:23:54 +0000
Received: from localhost ([127.0.0.1]:57158 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1ai2cU-0000gd-BZ
	for submit@debbugs.gnu.org; Mon, 21 Mar 2016 12:23:54 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:41342)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1ai2cS-0000gT-QD
 for 22831@debbugs.gnu.org; Mon, 21 Mar 2016 12:23:53 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id 7FBE1200D5;
 Mon, 21 Mar 2016 12:23:52 -0400 (EDT)
Received: from frontend2 ([10.202.2.161])
 by compute4.internal (MEProxy); Mon, 21 Mar 2016 12:23:52 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h=
 cc:content-transfer-encoding:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-sasl-enc
 :x-sasl-enc; s=mesmtp; bh=oZ8FJQ6p1yq5xgUf7PSKLX1ybgc=; b=kkHV5N
 GHd1Gdukp46z4D3jddtxGzaidxsP2jcSkf/ocZqeJQo/nm5T+mC19dOxNxCPSr4p
 4/oyYZlrSS5ztedKY2HhgYpi2oCyBVPwq+kwlvX+hxrFnqgEdB7I33pj26Gjgw5A
 YSU60qKysCdx9n1LBkcdPDkon1I/2C7sFYjsc=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=oZ8FJQ6p1yq5xgU
 f7PSKLX1ybgc=; b=a0MEq3K5XxPaXdA1WJkjI3ca+pSsdlLJ2Vcuh9DP5z7d+Dv
 8VMy/pSYS47I1RC1qGHKMHeCGvFOwuoi6CAv3e12vSRKaA7HZUSLEWTHCNlZxyVt
 /D3Uu6cFijavRPJEQD1qubNmRBcOkXK/ZZqIvhzZ2LEf8Hxpy+kDqpfPOcUE=
X-Sasl-enc: oVQGNj1dZAilwu4lfVDMVrUIvKz3QGX4dNfc46ns3HEu 1458577432
Received: from localhost (c-73-46-63-161.hsd1.fl.comcast.net [73.46.63.161])
 by mail.messagingengine.com (Postfix) with ESMTPA id 2FC13680205;
 Mon, 21 Mar 2016 12:23:51 -0400 (EDT)
Date: Mon, 21 Mar 2016 12:23:52 -0400
From: Leo Famulari <leo@famulari.name>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@gnu.org>
Subject: Re: bug#22831: [PATCH 1/1] gnu: openssl: Enforce non-reference to
 perl.
Message-ID: <20160321162352.GA29201@jasmine>
References: <cover.1458526695.git.leo@famulari.name>
 <cover.1458526695.git.leo@famulari.name>
 <b4118da2898486e390f2b55cec804e60458ba9be.1458526695.git.leo@famulari.name>
 <87oaa89o1c.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <87oaa89o1c.fsf@gnu.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 22831
Cc: 22831@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

On Mon, Mar 21, 2016 at 10:29:51AM +0100, Ludovic Courtès wrote:
> Leo Famulari <leo@famulari.name> skribis:
> 
> > * gnu/packages/tls.scm (openssl)[arguments]: Add #:disallowed-references.
> 
> Sounds good!  (And thanks for following commits closely.  ;-))
> 
> This should go to ‘core-updates’, but first, ‘master’ should be merged
> in ‘core-updates’ so that #:disallowed-references is available.
> 
> Could you do that?

Done!




From unknown Thu Aug 14 17:28:52 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Tue, 19 Apr 2016 11:24:03 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator