[xchat-gnome/f20] Do not force SSLv3, also allow TLSv1_X (#1091544)

Debarshi Ray rishi at fedoraproject.org
Wed Oct 29 11:51:53 UTC 2014 

commit d2c0b2af7b8427902b65c576c037bbd7c70e10ec
Author: Debarshi Ray <debarshir at gnome.org>
Date:   Wed Oct 29 11:58:33 2014 +0100

    Do not force SSLv3, also allow TLSv1_X (#1091544)

 0001-Don-t-force-the-use-of-SSLv3.patch |   37 +++++++++++++++++++++++++++++++
 xchat-gnome.spec                        |    8 ++++++-
 2 files changed, 44 insertions(+), 1 deletions(-)
---
diff --git a/0001-Don-t-force-the-use-of-SSLv3.patch b/0001-Don-t-force-the-use-of-SSLv3.patch
new file mode 100644
index 0000000..e0f0472
--- /dev/null
+++ b/0001-Don-t-force-the-use-of-SSLv3.patch
@@ -0,0 +1,37 @@
+From 527eb322a5bfa97d5716e7f8178e319c515065a2 Mon Sep 17 00:00:00 2001
+From: Marc Deslauriers <marc.deslauriers at ubuntu.com>
+Date: Mon, 20 Oct 2014 10:08:26 -0400
+Subject: [PATCH] Don't force the use of SSLv3.
+
+SSLv3 should no longer be used for security reasons. Let the best
+connection method be automatically determined by using SSLv23_client_method()
+and SSLv23_server_method().
+---
+ src/common/ssl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/common/ssl.c b/src/common/ssl.c
+index a18ad47..35eb237 100644
+--- a/src/common/ssl.c
++++ b/src/common/ssl.c
+@@ -70,7 +70,7 @@ _SSL_context_init (void (*info_cb_func), int server)
+ 
+ 	SSLeay_add_ssl_algorithms ();
+ 	SSL_load_error_strings ();
+-	ctx = SSL_CTX_new (server ? SSLv3_server_method() : SSLv3_client_method ());
++	ctx = SSL_CTX_new (server ? SSLv23_server_method() : SSLv23_client_method ());
+ 
+ 	SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH);
+ 	SSL_CTX_set_timeout (ctx, 300);
+@@ -281,7 +281,7 @@ _SSL_socket (SSL_CTX *ctx, int sd)
+ 		__SSL_critical_error ("SSL_new");
+ 
+ 	SSL_set_fd (ssl, sd);
+-	if (ctx->method == SSLv3_client_method())
++	if (ctx->method == SSLv23_client_method())
+ 		SSL_set_connect_state (ssl);
+ 	else
+ 	        SSL_set_accept_state(ssl);
+-- 
+2.1.0
+
diff --git a/xchat-gnome.spec b/xchat-gnome.spec
index 3d9f637..a65019c 100644
--- a/xchat-gnome.spec
+++ b/xchat-gnome.spec
@@ -2,7 +2,7 @@
 
 Name:           xchat-gnome
 Version:        0.26.2
-Release:        14.git%{gitrev}%{?dist}
+Release:        15.git%{gitrev}%{?dist}
 Summary:        GNOME front-end to xchat
 
 Group:          Applications/Internet
@@ -38,6 +38,8 @@ Patch103:	0004-Call-g_slist_remove-on-items-before-free-not-after.patch
 Patch104:	0001-Fix-crash-on-NULL-networks-hash-table.patch
 # Fix czech translation that breaks /me messages (<vondruch at redhat.com>)
 Patch105: 0001-Fix-ME-messages-in-czech-translation.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1091544
+Patch106: 0001-Don-t-force-the-use-of-SSLv3.patch
 
 BuildRequires:	openssl-devel
 Buildrequires:	libsexy-devel >= 0.1.11
@@ -87,6 +89,7 @@ common settings will be included in the main user interface. .
 %patch103 -p1 -b .free
 %patch104 -p1 -b .hash
 %patch105 -p1
+%patch106 -p1 -b .allow-tls
 
 %build
 ./autogen.sh
@@ -149,6 +152,9 @@ fi
 
 
 %changelog
+* Wed Oct 29 2014 Debarshi Ray <rishi at fedoraproject.org> - 0.26.2-15.git40c5bf988
+- Do not force SSLv3, also allow TLSv1_X (#1091544)
+
 * Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.26.2-14.git40c5bf988
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

More information about the scm-commits mailing list