On Sun, Feb 28, 2016 at 02:35:12PM +0100, Ludovic Courtès wrote:
> Leo Famulari <l...@famulari.name> skribis:
>
> > On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Courtès wrote:
> >> Commit 784d6e91 changed OpenSSL such that it does not depend on Perl,
> >> but one of the subsequent upgrades broke it:
> >
> > Bisecting, I narrowed it down to:
> > 86c8f1daf8ed10f13f2b1e973a28845629b8ce47
> > (gnu: openssl: Update to 1.0.2e [fixes CVE-2015-{3193,3194,3195}].).
> >
> > I'll get the openssl sources corresponding to the good and bad commmits
> > and try to figure out what changed that pulled perl back in.
>
> Awesome. Hopefully we can apply the fix when we upgrade OpenSSL this
> Tuesday.
'openssl-c-rehash.patch' is being applied, but at some point in the
build process the change is reverted.
I haven't figured out why yet. Ludo is right, it would be really good to
only change our OpenSSL package one day this week.
So, I'm asking for help with this problem!
I will spend some time on it tomorrow, but I really don't have any
promising leads. My plan is to step through the build process and learn
when the shebang is recreated. Hopefully then I will get some
inspiration.
I suppose a nasty short term fix would be to patch the file after
installing it. I will submit that patch if it seems there is no other
option in time for the security update.
