[git.ipfire.org] IPFire 2.x development tree branch, master, updated. 353e08cd7778f2070469842ebe0f553e648f79d4

[git.ipfire.org] IPFire 2.x development tree branch, master, updated. 353e08cd7778f2070469842ebe0f553e648f79d4

[git]

[-- Attachment #1: Type: text/plain, Size: 5865 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, master has been updated
       via  353e08cd7778f2070469842ebe0f553e648f79d4 (commit)
       via  5d95fd5af11e8631cbaed1e5f8c914facd0b2125 (commit)
      from  ac385b2f17ef142101165bdd9b31206bd86998dc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 353e08cd7778f2070469842ebe0f553e648f79d4
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date:   Wed Mar 2 21:31:07 2016 +0100

    openssl: compile with sslv2 support but disable
    
    the new default breaks the ABI so we need to compile in but
    disable it with a patch.

commit 5d95fd5af11e8631cbaed1e5f8c914facd0b2125
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date:   Wed Mar 2 21:13:31 2016 +0100

    Revert "python-m2crypto: remove SSLv2_method"
    
    This reverts commit d86a24928625c47d46d17daad18f159d28678ee4.

-----------------------------------------------------------------------

Summary of changes:
 lfs/openssl                                           |  2 +-
 lfs/python-m2crypto                                   |  1 -
 src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch | 12 ------------
 src/patches/openssl-1.0.2g-disable-sslv2v3.patch      | 18 ++++++++++++++++++
 src/patches/openssl-disable-sslv2-sslv3.patch         | 12 ------------
 5 files changed, 19 insertions(+), 26 deletions(-)
 delete mode 100644 src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch
 create mode 100644 src/patches/openssl-1.0.2g-disable-sslv2v3.patch
 delete mode 100644 src/patches/openssl-disable-sslv2-sslv3.patch

Difference in files:
diff --git a/lfs/openssl b/lfs/openssl
index c68cf29..f45295e 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -119,7 +119,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
 
 	# i586 specific patches
 ifeq "$(MACHINE)" "i586"
diff --git a/lfs/python-m2crypto b/lfs/python-m2crypto
index 69c070b..536380c 100644
--- a/lfs/python-m2crypto
+++ b/lfs/python-m2crypto
@@ -77,7 +77,6 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch
 	cd $(DIR_APP) && python setup.py install
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)
diff --git a/src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch b/src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch
deleted file mode 100644
index 24195fb..0000000
--- a/src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -Naur M2Crypto-0.21.1.org/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i
---- M2Crypto-0.21.1.org/SWIG/_ssl.i	2011-01-15 20:10:06.000000000 +0100
-+++ M2Crypto-0.21.1/SWIG/_ssl.i	2016-03-01 22:12:16.387266258 +0100
-@@ -48,8 +48,6 @@
- %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long;
- extern const char *SSL_alert_desc_string_long(int);
- 
--%rename(sslv2_method) SSLv2_method;
--extern SSL_METHOD *SSLv2_method(void);
- %rename(sslv3_method) SSLv3_method;
- extern SSL_METHOD *SSLv3_method(void);
- %rename(sslv23_method) SSLv23_method;
diff --git a/src/patches/openssl-1.0.2g-disable-sslv2v3.patch b/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
new file mode 100644
index 0000000..06f5132
--- /dev/null
+++ b/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
@@ -0,0 +1,18 @@
+diff -up openssl-1.0.2g/ssl/ssl_lib.c.v2v3 openssl-1.0.2g/ssl/ssl_lib.c
+--- openssl-1.0.2g/ssl/ssl_lib.c.v2v3	2016-03-01 16:38:26.879142021 +0100
++++ openssl-1.0.2g/ssl/ssl_lib.c	2016-03-01 16:41:32.977353769 +0100
+@@ -2055,11 +2055,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+     ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+ 
+     /*
+-     * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
+-     * explicitly clear this option via either of SSL_CTX_clear_options() or
++     * Disable SSLv2 and SSLv3 by default, callers that want to enable these will have to
++     * explicitly clear these options via either of SSL_CTX_clear_options() or
+      * SSL_clear_options().
+      */
+-    ret->options |= SSL_OP_NO_SSLv2;
++    ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+ 
+     return (ret);
+  err:
diff --git a/src/patches/openssl-disable-sslv2-sslv3.patch b/src/patches/openssl-disable-sslv2-sslv3.patch
deleted file mode 100644
index e42dfac..0000000
--- a/src/patches/openssl-disable-sslv2-sslv3.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- openssl-1.0.1m/ssl/ssl_lib.c.old	2015-03-19 15:56:40.966287977 +0100
-+++ openssl-1.0.1m/ssl/ssl_lib.c	2015-03-19 15:57:07.976160846 +0100
-@@ -1892,6 +1892,9 @@
-      */
-     ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
- 
-+    /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */
-+    ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
-+
-     return (ret);
-  err:
-     SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);


hooks/post-receive
--
IPFire 2.x development tree