This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 353e08cd7778f2070469842ebe0f553e648f79d4 (commit) via 5d95fd5af11e8631cbaed1e5f8c914facd0b2125 (commit) from ac385b2f17ef142101165bdd9b31206bd86998dc (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 353e08cd7778f2070469842ebe0f553e648f79d4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Mar 2 21:31:07 2016 +0100
openssl: compile with sslv2 support but disable
the new default breaks the ABI so we need to compile in but disable it with a patch.
commit 5d95fd5af11e8631cbaed1e5f8c914facd0b2125 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Mar 2 21:13:31 2016 +0100
Revert "python-m2crypto: remove SSLv2_method"
This reverts commit d86a24928625c47d46d17daad18f159d28678ee4.
-----------------------------------------------------------------------
Summary of changes: lfs/openssl | 2 +- lfs/python-m2crypto | 1 - src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch | 12 ------------ src/patches/openssl-1.0.2g-disable-sslv2v3.patch | 18 ++++++++++++++++++ src/patches/openssl-disable-sslv2-sslv3.patch | 12 ------------ 5 files changed, 19 insertions(+), 26 deletions(-) delete mode 100644 src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch create mode 100644 src/patches/openssl-1.0.2g-disable-sslv2v3.patch delete mode 100644 src/patches/openssl-disable-sslv2-sslv3.patch
Difference in files: diff --git a/lfs/openssl b/lfs/openssl index c68cf29..f45295e 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -119,7 +119,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
# i586 specific patches ifeq "$(MACHINE)" "i586" diff --git a/lfs/python-m2crypto b/lfs/python-m2crypto index 69c070b..536380c 100644 --- a/lfs/python-m2crypto +++ b/lfs/python-m2crypto @@ -77,7 +77,6 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch cd $(DIR_APP) && python setup.py install @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch b/src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch deleted file mode 100644 index 24195fb..0000000 --- a/src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur M2Crypto-0.21.1.org/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i ---- M2Crypto-0.21.1.org/SWIG/_ssl.i 2011-01-15 20:10:06.000000000 +0100 -+++ M2Crypto-0.21.1/SWIG/_ssl.i 2016-03-01 22:12:16.387266258 +0100 -@@ -48,8 +48,6 @@ - %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long; - extern const char *SSL_alert_desc_string_long(int); - --%rename(sslv2_method) SSLv2_method; --extern SSL_METHOD *SSLv2_method(void); - %rename(sslv3_method) SSLv3_method; - extern SSL_METHOD *SSLv3_method(void); - %rename(sslv23_method) SSLv23_method; diff --git a/src/patches/openssl-1.0.2g-disable-sslv2v3.patch b/src/patches/openssl-1.0.2g-disable-sslv2v3.patch new file mode 100644 index 0000000..06f5132 --- /dev/null +++ b/src/patches/openssl-1.0.2g-disable-sslv2v3.patch @@ -0,0 +1,18 @@ +diff -up openssl-1.0.2g/ssl/ssl_lib.c.v2v3 openssl-1.0.2g/ssl/ssl_lib.c +--- openssl-1.0.2g/ssl/ssl_lib.c.v2v3 2016-03-01 16:38:26.879142021 +0100 ++++ openssl-1.0.2g/ssl/ssl_lib.c 2016-03-01 16:41:32.977353769 +0100 +@@ -2055,11 +2055,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m + ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; + + /* +- * Disable SSLv2 by default, callers that want to enable SSLv2 will have to +- * explicitly clear this option via either of SSL_CTX_clear_options() or ++ * Disable SSLv2 and SSLv3 by default, callers that want to enable these will have to ++ * explicitly clear these options via either of SSL_CTX_clear_options() or + * SSL_clear_options(). + */ +- ret->options |= SSL_OP_NO_SSLv2; ++ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; + + return (ret); + err: diff --git a/src/patches/openssl-disable-sslv2-sslv3.patch b/src/patches/openssl-disable-sslv2-sslv3.patch deleted file mode 100644 index e42dfac..0000000 --- a/src/patches/openssl-disable-sslv2-sslv3.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- openssl-1.0.1m/ssl/ssl_lib.c.old 2015-03-19 15:56:40.966287977 +0100 -+++ openssl-1.0.1m/ssl/ssl_lib.c 2015-03-19 15:57:07.976160846 +0100 -@@ -1892,6 +1892,9 @@ - */ - ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; - -+ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */ -+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; -+ - return (ret); - err: - SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
hooks/post-receive -- IPFire 2.x development tree