diff options
| author |   Lars Wendler <polynomial-c@gentoo.org> | 2018-10-10 13:12:13 +0200 |
|---|---|---|
| committer | Lars Wendler <polynomial-c@gentoo.org> | 2018-10-10 13:12:29 +0200 |
| commit | 6e6625164350305d29cb53417ed1a6c444b9cb71 (patch) | |
| tree | 808070c6bcf2c89633b74f6ee4ec423274bb39a6 /net-libs | |
| parent | www-plugins/adobe-flash: Old. (diff) | |
| download | gentoo-6e6625164350305d29cb53417ed1a6c444b9cb71.tar.gz gentoo-6e6625164350305d29cb53417ed1a6c444b9cb71.tar.bz2 gentoo-6e6625164350305d29cb53417ed1a6c444b9cb71.zip | |
net-libs/libircclient: Added two openssl fixes from upstream.
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
Diffstat (limited to 'net-libs')
| -rw-r--r-- | net-libs/libircclient/files/libircclient-1.10-openssl.patch | 38 | ||||
| -rw-r--r-- | net-libs/libircclient/libircclient-1.10.ebuild | 3 |
2 files changed, 41 insertions, 0 deletions
diff --git a/net-libs/libircclient/files/libircclient-1.10-openssl.patch b/net-libs/libircclient/files/libircclient-1.10-openssl.patch new file mode 100644 index 000000000000..b488f7f626c7 --- /dev/null +++ b/net-libs/libircclient/files/libircclient-1.10-openssl.patch @@ -0,0 +1,38 @@ +https://sourceforge.net/p/libircclient/code/141/ +https://sourceforge.net/p/libircclient/code/142/ + +--- libircclient-1.10/src/ssl.c ++++ libircclient-1.10/src/ssl.c +@@ -114,26 +114,23 @@ + #if OPENSSL_VERSION_NUMBER < 0x10100000L + SSL_library_init(); + #else +- OPENSSL_init_ssl(0, NULL); ++ if ( OPENSSL_init_ssl(0, NULL) == 0 ) ++ return LIBIRC_ERR_SSL_INIT_FAILED; + #endif + + if ( RAND_status() == 0 ) + return LIBIRC_ERR_SSL_INIT_FAILED; + + // Create an SSL context; currently a single context is used for all connections ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + ssl_context = SSL_CTX_new( SSLv23_method() ); ++#else ++ ssl_context = SSL_CTX_new( TLS_client_method() ); ++#endif + + if ( !ssl_context ) + return LIBIRC_ERR_SSL_INIT_FAILED; + +- // Disable SSLv2 as it is unsecure +- if ( (SSL_CTX_set_options( ssl_context, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) == 0 ) +- return LIBIRC_ERR_SSL_INIT_FAILED; +- +- // Enable only strong ciphers +- if ( SSL_CTX_set_cipher_list( ssl_context, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH" ) != 1 ) +- return LIBIRC_ERR_SSL_INIT_FAILED; +- + // Set the verification + if ( session->options & LIBIRC_OPTION_SSL_NO_VERIFY ) + SSL_CTX_set_verify( ssl_context, SSL_VERIFY_NONE, 0 ); diff --git a/net-libs/libircclient/libircclient-1.10.ebuild b/net-libs/libircclient/libircclient-1.10.ebuild index d25e3c79b6ef..940b5f0a3967 100644 --- a/net-libs/libircclient/libircclient-1.10.ebuild +++ b/net-libs/libircclient/libircclient-1.10.ebuild @@ -21,6 +21,9 @@ PATCHES=( "${FILESDIR}"/${PN}-1.10-shared.patch "${FILESDIR}"/${PN}-1.8-static.patch "${FILESDIR}"/${PN}-1.8-include.patch + + # upstream patches (can usually be removed with next version bump) + "${FILESDIR}"/${PN}-1.10-openssl.patch ) src_prepare() { |