[nss_compat_ossl/f21] Resolves: rhbz #1099423
mharmsen
mharmsen at fedoraproject.org
Sat Dec 13 01:34:41 UTC 2014
commit 7b4cc49627dd529d0d0ca43ff628aa0dd5d74831
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Fri Dec 12 18:34:31 2014 -0700
Resolves: rhbz #1099423
- Bugzilla Bug #1099423 - do not enable SSLv2 any more (kdudka at redhat.com)
nss_compat_ossl-0.9.6-bz1099423.patch | 90 +++++++++++++++++++++++++++++++++
nss_compat_ossl.spec | 10 +++-
2 files changed, 99 insertions(+), 1 deletions(-)
---
diff --git a/nss_compat_ossl-0.9.6-bz1099423.patch b/nss_compat_ossl-0.9.6-bz1099423.patch
new file mode 100644
index 0000000..36465d9
--- /dev/null
+++ b/nss_compat_ossl-0.9.6-bz1099423.patch
@@ -0,0 +1,90 @@
+From d5a837df904b6f411887d93332ac4572923b92bc Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Wed, 21 May 2014 14:43:56 +0200
+Subject: [PATCH] Resolves: #1099423 - do not enable SSLv2 any more
+
+---
+ src/ssl.c | 25 +++++++++----------------
+ 1 file changed, 9 insertions(+), 16 deletions(-)
+
+diff --git a/src/ssl.c b/src/ssl.c
+index 2ebb013..b37c0f4 100644
+--- a/src/ssl.c
++++ b/src/ssl.c
+@@ -1712,8 +1712,7 @@ int SSL_write(SSL *ssl, const void *buf, int num)
+ return rv;
+ }
+
+-SSL_METHOD *create_context(PRBool ssl2, PRBool ssl3, PRBool tlsv1,
+- PRBool server)
++SSL_METHOD *create_context(PRBool ssl3, PRBool tlsv1, PRBool server)
+ {
+ PRFileDesc *s = NULL;
+ PRFileDesc *layer;
+@@ -1754,12 +1753,6 @@ SSL_METHOD *create_context(PRBool ssl2, PRBool ssl3, PRBool tlsv1,
+ if (SSL_OptionSet(s, SSL_HANDSHAKE_AS_SERVER, server) != SECSuccess)
+ goto error;
+
+- if (SSL_OptionSet(s, SSL_ENABLE_SSL2, ssl2) != SECSuccess)
+- goto error;
+-
+- if (SSL_OptionSet(s, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
+- goto error;
+-
+ if (SSL_OptionSet(s, SSL_ENABLE_SSL3, ssl3) != SECSuccess)
+ goto error;
+
+@@ -1816,42 +1809,42 @@ SSL_METHOD *create_context(PRBool ssl2, PRBool ssl3, PRBool tlsv1,
+
+ SSL_METHOD *SSLv2_client_method(void)
+ {
+- return create_context(PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE);
++ return create_context(PR_FALSE, PR_FALSE, PR_FALSE);
+ }
+
+ SSL_METHOD *SSLv23_client_method(void)
+ {
+- return create_context(PR_TRUE, PR_TRUE, PR_TRUE, PR_FALSE);
++ return create_context(PR_TRUE, PR_TRUE, PR_FALSE);
+ }
+
+ SSL_METHOD *SSLv3_client_method(void)
+ {
+- return create_context(PR_FALSE, PR_TRUE, PR_FALSE, PR_FALSE);
++ return create_context(PR_TRUE, PR_FALSE, PR_FALSE);
+ }
+
+ SSL_METHOD *TLSv1_client_method(void)
+ {
+- return create_context(PR_FALSE, PR_FALSE, PR_TRUE, PR_FALSE);
++ return create_context(PR_FALSE, PR_TRUE, PR_FALSE);
+ }
+
+ SSL_METHOD *SSLv2_server_method(void)
+ {
+- return create_context(PR_TRUE, PR_FALSE, PR_FALSE, PR_TRUE);
++ return create_context(PR_FALSE, PR_FALSE, PR_TRUE);
+ }
+
+ SSL_METHOD *SSLv23_server_method(void)
+ {
+- return create_context(PR_TRUE, PR_TRUE, PR_TRUE, PR_TRUE);
++ return create_context(PR_TRUE, PR_TRUE, PR_TRUE);
+ }
+
+ SSL_METHOD *SSLv3_server_method(void)
+ {
+- return create_context(PR_FALSE, PR_TRUE, PR_FALSE, PR_TRUE);
++ return create_context(PR_TRUE, PR_FALSE, PR_TRUE);
+ }
+
+ SSL_METHOD *TLSv1_server_method(void)
+ {
+- return create_context(PR_FALSE, PR_FALSE, PR_TRUE, PR_TRUE);
++ return create_context(PR_FALSE, PR_TRUE, PR_TRUE);
+ }
+
+ SSL_CTX *SSL_CTX_new(SSL_METHOD *passed)
+--
+1.8.3.1
+
diff --git a/nss_compat_ossl.spec b/nss_compat_ossl.spec
index 72d07a2..5ca98e0 100644
--- a/nss_compat_ossl.spec
+++ b/nss_compat_ossl.spec
@@ -1,6 +1,6 @@
Name: nss_compat_ossl
Version: 0.9.6
-Release: 8%{?dist}
+Release: 9%{?dist}
Summary: Source-level compatibility library for OpenSSL to NSS porting
Group: System Environment/Libraries
@@ -13,6 +13,8 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: nss-devel > 3.11.7-7
BuildRequires: nspr-devel
+Patch0: %{name}-%{version}-bz1099423.patch
+
%description
This library provides a source-level compatibility layer to aid porting
programs that use OpenSSL to use the NSS instead.
@@ -29,6 +31,8 @@ Header and library files for doing porting work from OpenSSL to NSS.
%prep
%setup -q
+%patch0 -p1
+
%build
CFLAGS="$RPM_OPT_FLAGS -DPKCS11_PEM_MODULE"
@@ -66,6 +70,10 @@ rm -rf $RPM_BUILD_ROOT
%postun -p /sbin/ldconfig
%changelog
+* Fri Dec 12 2014 Matthew Harmsen <mharmsen at redhat.com> - 0.9.6-9
+- Bugzilla Bug #1099423 - do not enable SSLv2 any more
+ (kdudka at redhat.com)
+
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.6-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
More information about the scm-commits
mailing list