This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, fifteen has been updated via f7165e5aed61866f8d82141c9ac152468a964f4c (commit) via 33c4c29b5e32c818e1c0fc925424950f8cd613f6 (commit) from 63efc01c84a5f559858d0d46cb7c5a2212486567 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit f7165e5aed61866f8d82141c9ac152468a964f4c Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Dec 29 20:56:16 2013 +0100
openssl-compat: Enable cryptodev again.
This is compiled in and therefore not an externally loadable engine.
commit 33c4c29b5e32c818e1c0fc925424950f8cd613f6 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Dec 29 20:46:41 2013 +0100
openssl: Don't propose too weak ciphers.
-----------------------------------------------------------------------
Summary of changes: lfs/openssl | 1 + lfs/openssl-compat | 7 ++++++- src/patches/openssl-1.0.1e-weak-ciphers.patch | 12 ++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 src/patches/openssl-1.0.1e-weak-ciphers.patch
Difference in files: diff --git a/lfs/openssl b/lfs/openssl index 3452b71..e75101f 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -86,6 +86,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-cryptodev.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-fix_pod_syntax-1.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-weak-ciphers.patch
cd $(DIR_APP) && find crypto/ -name Makefile -exec \ sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} ; diff --git a/lfs/openssl-compat b/lfs/openssl-compat index 75dd4a2..d2ae6a0 100644 --- a/lfs/openssl-compat +++ b/lfs/openssl-compat @@ -71,6 +71,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-0.9.8u-cryptodev.patch + cd $(DIR_APP) && sed -i -e 's/mcpu/march/' config cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-march=i486/-march=i586/' Configure
@@ -83,7 +85,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) shared linux-elf \ zlib-dynamic \ no-engines \ - no-asm 386 + no-asm 386 \ + -DSSL_FORBID_ENULL \ + -DHAVE_CRYPTODEV \ + -DUSE_CRYPTODEV_DIGEST
cd $(DIR_APP) && make depend cd $(DIR_APP) && make diff --git a/src/patches/openssl-1.0.1e-weak-ciphers.patch b/src/patches/openssl-1.0.1e-weak-ciphers.patch new file mode 100644 index 0000000..8657345 --- /dev/null +++ b/src/patches/openssl-1.0.1e-weak-ciphers.patch @@ -0,0 +1,12 @@ +diff -up openssl-1.0.1e/ssl/ssl.h.weak-ciphers openssl-1.0.1e/ssl/ssl.h +--- openssl-1.0.1e/ssl/ssl.h.weak-ciphers 2013-12-18 15:50:40.881620314 +0100 ++++ openssl-1.0.1e/ssl/ssl.h 2013-12-18 14:25:25.596566704 +0100 +@@ -331,7 +331,7 @@ extern "C" { + /* The following cipher list is used by default. + * It also is substituted when an application-defined cipher list string + * starts with 'DEFAULT'. */ +-#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" ++#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES" + /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is + * throwing out anonymous and unencrypted ciphersuites!
hooks/post-receive -- IPFire 2.x development tree