Hello,
while trying to update entire packages in IPFire (some of them are outdated) and to fix some bugs, I ran into a couple of questions:
(a) How to update entire packages?
As far as I understood, to every package belongs a file in lfs/[package_name], containing information about how to build, apply patches to it, and so on.
It seems like packages are downloaded from https://source.ipfire.org/ , but it did not became clear to me how to upload a new version of a package to this server. Of course, the download URL can be changed manually, but that seems rather ugly to me.
Unfortunately, I was unable to find a sort of tutorial in the wiki for this issue.
(b) How to apply patches to downloaded packages with changed filenames?
As discussed in December (https://wiki.ipfire.org/devel/telco/2017-12-04), I am supposed to have a look at the DEFAULT cipher suite in OpenSSL.
To change this value, the .tar.gz file needs to be downloaded and unpacked first. After that, the file "ssl/ssl.h" needs to be changed.
The patch at src/patches/openssl-1.0.2h-weak-ciphers.patch does something similar:
diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h --- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200 +++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200 @@ -338,7 +338,7 @@ * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. */ -# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" +# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES" /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is
But where does the file openssl-[...].org came from?
(c) How to build the distribution partly?
In the past, I handed in some patches to allow remote syslogging via TCP, too. After some struggles (settings are written by a C program, not the CGI file itself), I modified syslogdctrl.c, and the changes were shipped. (See https://bugzilla.ipfire.org/show_bug.cgi?id=11540 for details.)
But since this program now crashes with a segfault on my machine (*sigh*), it seems like my patch contained some errors.
However, building the entire distribution is somewhat time-consuming and not worth the effort for a probably small error. Is there any way of just building this C program, and omit the rest?
Thanks in advance!
Best regards, Peter Müller