diff options
Diffstat (limited to 'core/openssl')
-rw-r--r-- | core/openssl/PKGBUILD | 15 | ||||
-rw-r--r-- | core/openssl/disable-tls12-client.patch | 36 |
2 files changed, 46 insertions, 5 deletions
diff --git a/core/openssl/PKGBUILD b/core/openssl/PKGBUILD index 0f0238e2d..4835d5941 100644 --- a/core/openssl/PKGBUILD +++ b/core/openssl/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 153962 2012-03-21 06:20:46Z pierre $ +# $Id: PKGBUILD 154941 2012-03-31 12:48:22Z pierre $ # Maintainer: Pierre Schmitz <pierre@archlinux.de> pkgname=openssl @@ -6,7 +6,7 @@ _ver=1.0.1 # use a pacman compatible version scheme # pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}} pkgver=$_ver -pkgrel=1 +pkgrel=2 pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security' arch=('i686' 'x86_64' 'mips64el') url='https://www.openssl.org' @@ -19,12 +19,14 @@ source=("https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz" 'fix-manpages.patch' 'no-rpath.patch' 'gnu-linux-mips64el-gcc.patch' - 'ca-dir.patch') + 'ca-dir.patch' + 'disable-tls12-client.patch') md5sums=('134f168bc2a8333f19f81d684841710b' '5bbc0655bda2af95bc8eb568963ce8ba' 'dc78d3d06baffc16217519242ce92478' 'd7115f0cc44df346d7b68c681819f94b' - '3bf51be3a1bbd262be46dc619f92aa90') + '3bf51be3a1bbd262be46dc619f92aa90' + '26432b9d7af63c63828b6405c9185400') build() { cd $srcdir/$pkgname-$_ver @@ -36,6 +38,8 @@ build() { patch -p0 -i $srcdir/no-rpath.patch # set ca dir to /etc/ssl by default patch -p0 -i $srcdir/ca-dir.patch + # workaround for PR#2771 + patch -p1 -i $srcdir/disable-tls12-client.patch # patch -p0 -i $srcdir/gnu-linux-mips64el-gcc.patch @@ -56,7 +60,8 @@ build() { ./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \ shared zlib enable-md2 ${optflags} \ "${openssltarget}" \ - -Wa,--noexecstack "${CFLAGS}" "${LDFLAGS}" + -Wa,--noexecstack "${CFLAGS}" "${LDFLAGS}" \ + -DOPENSSL_NO_TLS1_2_CLIENT make depend make diff --git a/core/openssl/disable-tls12-client.patch b/core/openssl/disable-tls12-client.patch new file mode 100644 index 000000000..edb87e77f --- /dev/null +++ b/core/openssl/disable-tls12-client.patch @@ -0,0 +1,36 @@ +Index: openssl/ssl/t1_lib.c +RCS File: /v/openssl/cvs/openssl/ssl/t1_lib.c,v +rcsdiff -q -kk '-r1.64.2.14.2.31' '-r1.64.2.14.2.32' -u '/v/openssl/cvs/openssl/ssl/t1_lib.c,v' 2>/dev/null +--- t1_lib.c 2012/02/27 16:38:10 1.64.2.14.2.31 ++++ t1_lib.c 2012/03/21 21:32:57 1.64.2.14.2.32 +@@ -544,7 +544,7 @@ + } + skip_ext: + +- if (TLS1_get_version(s) >= TLS1_2_VERSION) ++ if (TLS1_get_client_version(s) >= TLS1_2_VERSION) + { + if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6) + return NULL; +Index: openssl/ssl/s23_clnt.c +RCS File: /v/openssl/cvs/openssl/ssl/s23_clnt.c,v +rcsdiff -q -kk '-r1.43.2.4.2.5' '-r1.43.2.4.2.6' -u '/v/openssl/cvs/openssl/ssl/s23_clnt.c,v' 2>/dev/null +--- s23_clnt.c 2011/05/19 18:22:15 1.43.2.4.2.5 ++++ s23_clnt.c 2012/03/29 19:08:54 1.43.2.4.2.6 +@@ -287,12 +287,14 @@ + + if (ssl2_compat && ssl23_no_ssl2_ciphers(s)) + ssl2_compat = 0; +- ++#ifndef OPENSSL_NO_TLS1_2_CLIENT + if (!(s->options & SSL_OP_NO_TLSv1_2)) + { + version = TLS1_2_VERSION; + } +- else if (!(s->options & SSL_OP_NO_TLSv1_1)) ++ else ++#endif ++ if (!(s->options & SSL_OP_NO_TLSv1_1)) + { + version = TLS1_1_VERSION; + } |