From: Nicolas Thill Date: Mon, 18 Dec 2006 17:07:01 +0000 (+0000) Subject: disable SSLv2 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=1bd0ef8cf008cd088b4431d88e27c58f6ba0bb42;p=openwrt%2Fsvn-archive%2Fpackages.git disable SSLv2 SVN-Revision: 5843 --- diff --git a/admin/monit/patches/01-no_sslv2.patch b/admin/monit/patches/01-no_sslv2.patch new file mode 100644 index 000000000..646fb4be5 --- /dev/null +++ b/admin/monit/patches/01-no_sslv2.patch @@ -0,0 +1,16 @@ +diff -ruN monit-4.6-old/ssl.c monit-4.6-new/ssl.c +--- monit-4.6-old/ssl.c 2005-08-07 22:26:47.000000000 +0200 ++++ monit-4.6-new/ssl.c 2006-12-18 11:18:46.000000000 +0100 +@@ -1367,10 +1367,12 @@ + ssl->method = SSLv23_client_method(); + break; + ++#ifndef OPENSSL_NO_SSL2 + case SSL_VERSION_SSLV2: + + ssl->method = SSLv2_client_method(); + break; ++#endif + + case SSL_VERSION_SSLV3: + diff --git a/net/rrs/patches/02-no_sslv2.patch b/net/rrs/patches/02-no_sslv2.patch new file mode 100644 index 000000000..67f05663d --- /dev/null +++ b/net/rrs/patches/02-no_sslv2.patch @@ -0,0 +1,45 @@ +diff -ruN rrs-1.70-old/rrs.c rrs-1.70-new/rrs.c +--- rrs-1.70-old/rrs.c 2006-12-18 11:41:42.000000000 +0100 ++++ rrs-1.70-new/rrs.c 2006-12-18 11:53:43.000000000 +0100 +@@ -1826,9 +1826,12 @@ + } + rrs_ssl = TLSv1; + if (optarg) { ++#ifndef OPENSSL_NO_SSL2 + if (!strcasecmp(optarg, "SSLv2")) { + rrs_ssl = SSLv2; +- } else if (!strcasecmp(optarg, "SSLv3")) { ++ } else ++#endif ++ if (!strcasecmp(optarg, "SSLv3")) { + rrs_ssl = SSLv3; + } else if (!strcasecmp(optarg, "TLSv1")) { + rrs_ssl = TLSv1; +@@ -1981,9 +1984,12 @@ + SSL_load_error_strings(); + + if (rrs_listen) { ++#ifndef OPENSSL_NO_SSL2 + if (rrs_ssl == SSLv2) { + sslmethod = SSLv2_server_method(); +- } else if (rrs_ssl == SSLv3) { ++ } else ++#endif ++ if (rrs_ssl == SSLv3) { + sslmethod = SSLv3_server_method(); + } else if (rrs_ssl == TLSv1) { + sslmethod = TLSv1_server_method(); +@@ -1992,9 +1998,12 @@ + return err_generic; + } + } else { ++#ifndef OPENSSL_NO_SSL2 + if (rrs_ssl == SSLv2) { + sslmethod = SSLv2_client_method(); +- } else if (rrs_ssl == SSLv3) { ++ } else ++#endif ++ if (rrs_ssl == SSLv3) { + sslmethod = SSLv3_client_method(); + } else if (rrs_ssl == TLSv1) { + sslmethod = TLSv1_client_method(); diff --git a/net/socat/patches/502-no_sslv2.patch b/net/socat/patches/502-no_sslv2.patch new file mode 100644 index 000000000..372383aa9 --- /dev/null +++ b/net/socat/patches/502-no_sslv2.patch @@ -0,0 +1,50 @@ +diff -ruN socat-1.4-old/sslcls.c socat-1.4-new/sslcls.c +--- socat-1.4-old/sslcls.c 2005-03-12 19:06:54.000000000 +0100 ++++ socat-1.4-new/sslcls.c 2006-12-18 12:26:32.000000000 +0100 +@@ -35,6 +35,7 @@ + return result; + } + ++#ifndef OPENSSL_NO_SSL2 + SSL_METHOD *sycSSLv2_client_method(void) { + SSL_METHOD *result; + Debug("SSLv2_client_method()"); +@@ -50,6 +51,7 @@ + Debug1("SSLv2_server_method() -> %p", result); + return result; + } ++#endif + + SSL_METHOD *sycSSLv3_client_method(void) { + SSL_METHOD *result; +diff -ruN socat-1.4-old/xio-openssl.c socat-1.4-new/xio-openssl.c +--- socat-1.4-old/xio-openssl.c 2005-09-04 11:40:45.000000000 +0200 ++++ socat-1.4-new/xio-openssl.c 2006-12-18 12:27:17.000000000 +0100 +@@ -612,9 +612,12 @@ + + if (!server) { + if (me_str != 0) { ++#ifndef OPENSSL_NO_SSL2 + if (!strcasecmp(me_str, "SSLv2") || !strcasecmp(me_str, "SSL2")) { + method = sycSSLv2_client_method(); +- } else if (!strcasecmp(me_str, "SSLv3") || !strcasecmp(me_str, "SSL3")) { ++ } else ++#endif ++ if (!strcasecmp(me_str, "SSLv3") || !strcasecmp(me_str, "SSL3")) { + method = sycSSLv3_client_method(); + } else if (!strcasecmp(me_str, "SSLv23") || !strcasecmp(me_str, "SSL23") || + !strcasecmp(me_str, "SSL")) { +@@ -631,9 +634,12 @@ + } + } else /* server */ { + if (me_str != 0) { ++#ifndef OPENSSL_NO_SSL2 + if (!strcasecmp(me_str, "SSLv2") || !strcasecmp(me_str, "SSL2")) { + method = sycSSLv2_server_method(); +- } else if (!strcasecmp(me_str, "SSLv3") || !strcasecmp(me_str, "SSL3")) { ++ } else ++#endif ++ if (!strcasecmp(me_str, "SSLv3") || !strcasecmp(me_str, "SSL3")) { + method = sycSSLv3_server_method(); + } else if (!strcasecmp(me_str, "SSLv23") || !strcasecmp(me_str, "SSL23") || + !strcasecmp(me_str, "SSL")) {