[tbb-commits] [tor-browser-build/master] Bug 31844: Use DESTDIR instead of --prefix when building OpenSSL
gk at torproject.org
gk at torproject.org
Thu Sep 26 19:24:50 UTC 2019
commit abdfbfdb3f4122300c3f3f5e745af1c74a559102
Author: Nicolas Vigier <boklm at torproject.org>
Date: Wed Sep 25 12:54:00 2019 +0200
Bug 31844: Use DESTDIR instead of --prefix when building OpenSSL
This is fixing CVE-2019-1552:
http://cve.circl.lu/cve/CVE-2019-1552
In oder to avoid changing the OPENSSLDIR to a directory that might be
writable on the user system, we don't set the --prefix/--openssldir
option anymore and use DESTDIR to select the packaging installation
directory.
---
projects/openssl/build | 5 +++--
projects/openssl/config | 2 ++
projects/tor/build | 2 +-
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/projects/openssl/build b/projects/openssl/build
index 40dc526..d53185e 100644
--- a/projects/openssl/build
+++ b/projects/openssl/build
@@ -14,10 +14,11 @@ export CC='gcc -m32'
export CC="cc [% c("var/FLAGS") %]"
[% END -%]
export SOURCE_DATE_EPOCH='[% c("timestamp") %]'
-./Configure --prefix=$distdir [% c('var/configure_opts') %]
+./Configure [% c('var/configure_opts') %]
make
-make install
+make DESTDIR="$distdir" install
cd /var/tmp/dist
+ln -s '[% c("var/openssldir") %]' openssl/openssl
[% c('tar', {
tar_src => [ project ],
tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'),
diff --git a/projects/openssl/config b/projects/openssl/config
index 27b9526..f648598 100644
--- a/projects/openssl/config
+++ b/projects/openssl/config
@@ -3,6 +3,7 @@ version: 1.1.1d
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
var:
+ openssldir: 'usr/local'
container:
use_container: 1
@@ -17,6 +18,7 @@ targets:
var:
flag_mwindows: ''
configure_opts: '-shared --cross-compile-prefix=[% c("arch") %]-w64-mingw32- mingw[% IF c("var/windows-x86_64") %]64[% END %] "[% c("var/CFLAGS") %] [% c("var/LDFLAGS") %]"'
+ openssldir: 'Program Files[% IF c("var/windows-i686") %] (x86)[% END %]/OpenSSL'
osx-x86_64:
var:
configure_opts: --cross-compile-prefix=x86_64-apple-darwin11- darwin64-x86_64-cc enable-ec_nistp_64_gcc_128
diff --git a/projects/tor/build b/projects/tor/build
index 0705626..2d10fb3 100644
--- a/projects/tor/build
+++ b/projects/tor/build
@@ -30,7 +30,7 @@ tar -C /var/tmp/dist -xf [% c('input_files_by_name/libevent') %]
[% END %]
tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
libeventdir=/var/tmp/dist/libevent
-openssldir=/var/tmp/dist/openssl
+openssldir=/var/tmp/dist/openssl/openssl
[% IF c("var/windows") %]
[% IF c("var/nightly") %]
More information about the tbb-commits
mailing list