Skip to content
This repository was archived by the owner on Nov 21, 2018. It is now read-only.

Openssl 1.0.2k #151

Merged
merged 4 commits into from
Feb 1, 2017
Merged

Openssl 1.0.2k #151

merged 4 commits into from
Feb 1, 2017

Conversation

rillian
Copy link
Contributor

@rillian rillian commented Feb 1, 2017

Bump openssl, curl, and git to the latest releases.

Openssl has a fix for a medium vulnerability in Diffie-Hellman verification. Otherwise there's nothing critical for security here, it's just good to be up to date.

Be sure to build with --no-cache to pick up the Centos 5 update for CVE-2016-9147.

@rillian
openssl 1.0.2k
cacaa68
@rillian
curl 7.52.1
bc45c35
@rillian
git 2.11.0
c6e09c0
@rillian
Download gcc without tls.
e46fabc 
The new certificate for ftp.gnu.org doesn't validate on centos:5
because it thinks the hostname is alpha.gnu.org, which isn't listed
on the cert. Work around by dropping TLS protection on the download,
relying on just the checksum for validation.

Once we've bootstrapped our own openssl and curl we can download
things properly, so another fix would be to move gcc later in the
build order.
@rust-highfive
Copy link

r? @brson

(rust_highfive has picked a reviewer for you, use r? to override)

@rillian
Copy link
Contributor Author

rillian commented Feb 1, 2017

@alexcrichton How wedded are you to keeping gcc early in the build order? I had to lower security to work around a tls-incompatibility between the GNU mirrors and the stock curl.

@rillian rillian mentioned this pull request Feb 1, 2017
Merged
@alexcrichton alexcrichton merged commit e46fabc into rust-lang-deprecated:master Feb 1, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@brson brson

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rillian @rust-highfive @alexcrichton @brson