core/openssl-cryptodev to 1.0.1-2

2025-03-19 00:21:40 +00:00 · 2012-04-01 12:45:03 -04:00 · 2012-04-01 12:45:03 -04:00 · c16ebbf6bb
commit c16ebbf6bb
parent 21e08e2c36
2 changed files with 45 additions and 4 deletions
--- a/core/openssl-cryptodev/PKGBUILD
+++ b/core/openssl-cryptodev/PKGBUILD
@ -13,7 +13,7 @@ _pkgname=openssl
 _ver=1.0.1
 # use a pacman compatible version scheme
 pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
-pkgrel=1
+pkgrel=2
 pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security'
 arch=('i686' 'x86_64')
 url='https://www.openssl.org'
@ -29,12 +29,14 @@ source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz"
        "https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz.asc"
        'fix-manpages.patch'
        'no-rpath.patch'
-        'ca-dir.patch')
+        'ca-dir.patch'
+        'disable-tls12-client.patch')
 md5sums=('134f168bc2a8333f19f81d684841710b'
         'efbe93c11747fed52e60567819409d8a'
         '5bbc0655bda2af95bc8eb568963ce8ba'
         'dc78d3d06baffc16217519242ce92478'
-         '3bf51be3a1bbd262be46dc619f92aa90')
+         '3bf51be3a1bbd262be46dc619f92aa90'
+         '365328e1fff7239777adcb50dc4edd42')

 build() {
 	cd $srcdir/$_pkgname-$_ver
@ -54,12 +56,15 @@ build() {
 	patch -p0 -i $srcdir/no-rpath.patch
 	# set ca dir to /etc/ssl by default
 	patch -p0 -i $srcdir/ca-dir.patch
+	# workaround for PR#2771
+	patch -p1 -i $srcdir/disable-tls12-client.patch
 	# mark stack as non-executable: http://bugs.archlinux.org/task/12434
 	./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
 		-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHASH_MAX_LEN=64 \
 		shared threads zlib enable-md2 \
 		"${openssltarget}" \
-		-Wa,--noexecstack "${CFLAGS} -I/usr/src/linux-`uname -r`"
+		-Wa,--noexecstack "${CFLAGS} -I/usr/src/linux-`uname -r`" \
+		-DOPENSSL_NO_TLS1_2_CLIENT

 	make depend
 	make
--- a/core/openssl-cryptodev/disable-tls12-client.patch
+++ b/core/openssl-cryptodev/disable-tls12-client.patch
@ -0,0 +1,36 @@
+Index: openssl/ssl/t1_lib.c
+RCS File: /v/openssl/cvs/openssl/ssl/t1_lib.c,v
+rcsdiff -q -kk '-r1.64.2.14.2.31' '-r1.64.2.14.2.32' -u '/v/openssl/cvs/openssl/ssl/t1_lib.c,v' 2>/dev/null
+--- t1_lib.c	2012/02/27 16:38:10	1.64.2.14.2.31
+++ t1_lib.c	2012/03/21 21:32:57	1.64.2.14.2.32
+@@ -544,7 +544,7 @@
+		}
+		skip_ext:
+
+-	if (TLS1_get_version(s) >= TLS1_2_VERSION)
+	if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
+		{
+		if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
+			return NULL;
+Index: openssl/ssl/s23_clnt.c
+RCS File: /v/openssl/cvs/openssl/ssl/s23_clnt.c,v
+rcsdiff -q -kk '-r1.43.2.4.2.5' '-r1.43.2.4.2.6' -u '/v/openssl/cvs/openssl/ssl/s23_clnt.c,v' 2>/dev/null
+--- s23_clnt.c	2011/05/19 18:22:15	1.43.2.4.2.5
+++ s23_clnt.c	2012/03/29 19:08:54	1.43.2.4.2.6
+@@ -287,12 +287,14 @@
+
+	if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
+		ssl2_compat = 0;
+-
+#ifndef OPENSSL_NO_TLS1_2_CLIENT
+	if (!(s->options & SSL_OP_NO_TLSv1_2))
+		{
+		version = TLS1_2_VERSION;
+		}
+-	else if (!(s->options & SSL_OP_NO_TLSv1_1))
+	else
+#endif
+	if (!(s->options & SSL_OP_NO_TLSv1_1))
+		{
+		version = TLS1_1_VERSION;
+		}