commit: 6e6625164350305d29cb53417ed1a6c444b9cb71 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> AuthorDate: Wed Oct 10 11:12:13 2018 +0000 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> CommitDate: Wed Oct 10 11:12:29 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e662516
net-libs/libircclient: Added two openssl fixes from upstream. Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 .../files/libircclient-1.10-openssl.patch | 38 ++++++++++++++++++++++ net-libs/libircclient/libircclient-1.10.ebuild | 3 ++ 2 files changed, 41 insertions(+) diff --git a/net-libs/libircclient/files/libircclient-1.10-openssl.patch b/net-libs/libircclient/files/libircclient-1.10-openssl.patch new file mode 100644 index 00000000000..b488f7f626c --- /dev/null +++ b/net-libs/libircclient/files/libircclient-1.10-openssl.patch @@ -0,0 +1,38 @@ +https://sourceforge.net/p/libircclient/code/141/ +https://sourceforge.net/p/libircclient/code/142/ + +--- libircclient-1.10/src/ssl.c ++++ libircclient-1.10/src/ssl.c +@@ -114,26 +114,23 @@ + #if OPENSSL_VERSION_NUMBER < 0x10100000L + SSL_library_init(); + #else +- OPENSSL_init_ssl(0, NULL); ++ if ( OPENSSL_init_ssl(0, NULL) == 0 ) ++ return LIBIRC_ERR_SSL_INIT_FAILED; + #endif + + if ( RAND_status() == 0 ) + return LIBIRC_ERR_SSL_INIT_FAILED; + + // Create an SSL context; currently a single context is used for all connections ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + ssl_context = SSL_CTX_new( SSLv23_method() ); ++#else ++ ssl_context = SSL_CTX_new( TLS_client_method() ); ++#endif + + if ( !ssl_context ) + return LIBIRC_ERR_SSL_INIT_FAILED; + +- // Disable SSLv2 as it is unsecure +- if ( (SSL_CTX_set_options( ssl_context, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) == 0 ) +- return LIBIRC_ERR_SSL_INIT_FAILED; +- +- // Enable only strong ciphers +- if ( SSL_CTX_set_cipher_list( ssl_context, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH" ) != 1 ) +- return LIBIRC_ERR_SSL_INIT_FAILED; +- + // Set the verification + if ( session->options & LIBIRC_OPTION_SSL_NO_VERIFY ) + SSL_CTX_set_verify( ssl_context, SSL_VERIFY_NONE, 0 ); diff --git a/net-libs/libircclient/libircclient-1.10.ebuild b/net-libs/libircclient/libircclient-1.10.ebuild index d25e3c79b6e..940b5f0a396 100644 --- a/net-libs/libircclient/libircclient-1.10.ebuild +++ b/net-libs/libircclient/libircclient-1.10.ebuild @@ -21,6 +21,9 @@ PATCHES=( "${FILESDIR}"/${PN}-1.10-shared.patch "${FILESDIR}"/${PN}-1.8-static.patch "${FILESDIR}"/${PN}-1.8-include.patch + + # upstream patches (can usually be removed with next version bump) + "${FILESDIR}"/${PN}-1.10-openssl.patch ) src_prepare() {
