[nss_compat_ossl/f21] Resolves: rhbz #1099423

mharmsen mharmsen at fedoraproject.org
Sat Dec 13 01:34:41 UTC 2014 

commit 7b4cc49627dd529d0d0ca43ff628aa0dd5d74831
Author: Matthew Harmsen <mharmsen at redhat.com>
Date:   Fri Dec 12 18:34:31 2014 -0700

    Resolves: rhbz #1099423
    
    - Bugzilla Bug #1099423 - do not enable SSLv2 any more (kdudka at redhat.com)

 nss_compat_ossl-0.9.6-bz1099423.patch |   90 +++++++++++++++++++++++++++++++++
 nss_compat_ossl.spec                  |   10 +++-
 2 files changed, 99 insertions(+), 1 deletions(-)
---
diff --git a/nss_compat_ossl-0.9.6-bz1099423.patch b/nss_compat_ossl-0.9.6-bz1099423.patch
new file mode 100644
index 0000000..36465d9
--- /dev/null
+++ b/nss_compat_ossl-0.9.6-bz1099423.patch
@@ -0,0 +1,90 @@
+From d5a837df904b6f411887d93332ac4572923b92bc Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Wed, 21 May 2014 14:43:56 +0200
+Subject: [PATCH] Resolves: #1099423 - do not enable SSLv2 any more
+
+---
+ src/ssl.c | 25 +++++++++----------------
+ 1 file changed, 9 insertions(+), 16 deletions(-)
+
+diff --git a/src/ssl.c b/src/ssl.c
+index 2ebb013..b37c0f4 100644
+--- a/src/ssl.c
++++ b/src/ssl.c
+@@ -1712,8 +1712,7 @@ int SSL_write(SSL *ssl, const void *buf, int num)
+     return rv;
+ }
+ 
+-SSL_METHOD *create_context(PRBool ssl2, PRBool ssl3, PRBool tlsv1, 
+-                           PRBool server)
++SSL_METHOD *create_context(PRBool ssl3, PRBool tlsv1, PRBool server)
+ {
+     PRFileDesc *s = NULL;
+     PRFileDesc *layer;
+@@ -1754,12 +1753,6 @@ SSL_METHOD *create_context(PRBool ssl2, PRBool ssl3, PRBool tlsv1,
+     if (SSL_OptionSet(s, SSL_HANDSHAKE_AS_SERVER, server) != SECSuccess)
+         goto error;
+ 
+-    if (SSL_OptionSet(s, SSL_ENABLE_SSL2, ssl2) != SECSuccess)
+-        goto error;
+-
+-    if (SSL_OptionSet(s, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
+-        goto error;
+-
+     if (SSL_OptionSet(s, SSL_ENABLE_SSL3, ssl3)  != SECSuccess)
+         goto error;
+ 
+@@ -1816,42 +1809,42 @@ SSL_METHOD *create_context(PRBool ssl2, PRBool ssl3, PRBool tlsv1,
+ 
+ SSL_METHOD *SSLv2_client_method(void)
+ {
+-    return create_context(PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE);
++    return create_context(PR_FALSE, PR_FALSE, PR_FALSE);
+ }
+ 
+ SSL_METHOD *SSLv23_client_method(void)
+ {
+-    return create_context(PR_TRUE, PR_TRUE, PR_TRUE, PR_FALSE);
++    return create_context(PR_TRUE, PR_TRUE, PR_FALSE);
+ }
+ 
+ SSL_METHOD *SSLv3_client_method(void) 
+ {
+-    return create_context(PR_FALSE, PR_TRUE, PR_FALSE, PR_FALSE);
++    return create_context(PR_TRUE, PR_FALSE, PR_FALSE);
+ }
+ 
+ SSL_METHOD *TLSv1_client_method(void)
+ {
+-    return create_context(PR_FALSE, PR_FALSE, PR_TRUE, PR_FALSE);
++    return create_context(PR_FALSE, PR_TRUE, PR_FALSE);
+ }
+ 
+ SSL_METHOD *SSLv2_server_method(void)
+ {
+-    return create_context(PR_TRUE, PR_FALSE, PR_FALSE, PR_TRUE);
++    return create_context(PR_FALSE, PR_FALSE, PR_TRUE);
+ }
+ 
+ SSL_METHOD *SSLv23_server_method(void)
+ { 
+-    return create_context(PR_TRUE, PR_TRUE, PR_TRUE, PR_TRUE);
++    return create_context(PR_TRUE, PR_TRUE, PR_TRUE);
+ }
+ 
+ SSL_METHOD *SSLv3_server_method(void)
+ { 
+-    return create_context(PR_FALSE, PR_TRUE, PR_FALSE, PR_TRUE);
++    return create_context(PR_TRUE, PR_FALSE, PR_TRUE);
+ }
+ 
+ SSL_METHOD *TLSv1_server_method(void)
+ { 
+-    return create_context(PR_FALSE, PR_FALSE, PR_TRUE, PR_TRUE);
++    return create_context(PR_FALSE, PR_TRUE, PR_TRUE);
+ }
+ 
+ SSL_CTX *SSL_CTX_new(SSL_METHOD *passed)
+-- 
+1.8.3.1
+
diff --git a/nss_compat_ossl.spec b/nss_compat_ossl.spec
index 72d07a2..5ca98e0 100644
--- a/nss_compat_ossl.spec
+++ b/nss_compat_ossl.spec
@@ -1,6 +1,6 @@
 Name:           nss_compat_ossl
 Version:        0.9.6
-Release:        8%{?dist}
+Release:        9%{?dist}
 Summary:        Source-level compatibility library for OpenSSL to NSS porting
 
 Group:          System Environment/Libraries
@@ -13,6 +13,8 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  nss-devel > 3.11.7-7
 BuildRequires:  nspr-devel
 
+Patch0:         %{name}-%{version}-bz1099423.patch
+
 %description
 This library provides a source-level compatibility layer to aid porting
 programs that use OpenSSL to use the NSS instead.
@@ -29,6 +31,8 @@ Header and library files for doing porting work from OpenSSL to NSS.
 %prep
 %setup -q
 
+%patch0 -p1
+
 %build
 
 CFLAGS="$RPM_OPT_FLAGS -DPKCS11_PEM_MODULE"
@@ -66,6 +70,10 @@ rm -rf $RPM_BUILD_ROOT
 %postun -p /sbin/ldconfig
 
 %changelog
+* Fri Dec 12 2014 Matthew Harmsen <mharmsen at redhat.com> - 0.9.6-9
+- Bugzilla Bug #1099423 - do not enable SSLv2 any more
+  (kdudka at redhat.com)
+
 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.6-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

More information about the scm-commits mailing list