Unverified Commit abdfbfdb authored by boklm's avatar boklm
Browse files

Bug 31844: Use DESTDIR instead of --prefix when building OpenSSL

This is fixing CVE-2019-1552:
http://cve.circl.lu/cve/CVE-2019-1552

In oder to avoid changing the OPENSSLDIR to a directory that might be
writable on the user system, we don't set the --prefix/--openssldir
option anymore and use DESTDIR to select the packaging installation
directory.
parent cb97c6e9
......@@ -14,10 +14,11 @@ export CC='gcc -m32'
export CC="cc [% c("var/FLAGS") %]"
[% END -%]
export SOURCE_DATE_EPOCH='[% c("timestamp") %]'
./Configure --prefix=$distdir [% c('var/configure_opts') %]
./Configure [% c('var/configure_opts') %]
make
make install
make DESTDIR="$distdir" install
cd /var/tmp/dist
ln -s '[% c("var/openssldir") %]' openssl/openssl
[% c('tar', {
tar_src => [ project ],
tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'),
......
......@@ -3,6 +3,7 @@ version: 1.1.1d
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
var:
openssldir: 'usr/local'
container:
use_container: 1
......@@ -17,6 +18,7 @@ targets:
var:
flag_mwindows: ''
configure_opts: '-shared --cross-compile-prefix=[% c("arch") %]-w64-mingw32- mingw[% IF c("var/windows-x86_64") %]64[% END %] "[% c("var/CFLAGS") %] [% c("var/LDFLAGS") %]"'
openssldir: 'Program Files[% IF c("var/windows-i686") %] (x86)[% END %]/OpenSSL'
osx-x86_64:
var:
configure_opts: --cross-compile-prefix=x86_64-apple-darwin11- darwin64-x86_64-cc enable-ec_nistp_64_gcc_128
......
......@@ -30,7 +30,7 @@ tar -C /var/tmp/dist -xf [% c('input_files_by_name/libevent') %]
[% END %]
tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
libeventdir=/var/tmp/dist/libevent
openssldir=/var/tmp/dist/openssl
openssldir=/var/tmp/dist/openssl/openssl
[% IF c("var/windows") %]
[% IF c("var/nightly") %]
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment