diff options
Diffstat (limited to 'main/elinks')
-rw-r--r-- | main/elinks/APKBUILD | 24 | ||||
-rw-r--r-- | main/elinks/elinks-0.12pre6-openssl11.patch | 73 | ||||
-rw-r--r-- | main/elinks/libressl-2.5.patch | 11 |
3 files changed, 82 insertions, 26 deletions
diff --git a/main/elinks/APKBUILD b/main/elinks/APKBUILD index a76eeb5f78..76cb1f1ce2 100644 --- a/main/elinks/APKBUILD +++ b/main/elinks/APKBUILD @@ -3,31 +3,26 @@ pkgname=elinks pkgver=0.13 _ver=${pkgver/_/} -pkgrel=5 +pkgrel=6 pkgdesc="a text mode web browser" url="http://elinks.or.cz/" arch="all" license="GPL" depends= -makedepends="bzip2-dev zlib-dev libressl-dev expat-dev gettext-dev" +makedepends="bzip2-dev zlib-dev openssl-dev expat-dev gettext-dev" install= subpackages="$pkgname-doc $pkgname-lang" source="https://dev.alpinelinux.org/archive/elinks/elinks-$pkgver.tar.bz2 musl-va_copy.patch ssl-Make-RAND_egd-optional.patch - libressl-2.5.patch + elinks-0.12pre6-openssl11.patch " builddir="$srcdir"/elinks-0.13-20150624 prepare() { - cd "$builddir" - for i in $source; do - case $i in - *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; - esac - done - update_config_sub || return 1 + default_prepare + update_config_sub } build() { @@ -39,14 +34,13 @@ build() { --sysconfdir=/etc \ --mandir=/usr/share/man \ --infodir=/usr/share/info \ - --without-included-gettext \ - || return 1 - make || return 1 + --without-included-gettext + make } package() { cd "$builddir" - make DESTDIR="$pkgdir" install || return 1 + make DESTDIR="$pkgdir" install rm -rf "$pkgdir"/usr/lib/charset.alias rmdir -p "$pkgdir"/usr/lib 2>/dev/null || true #fix conflict with gettext @@ -56,4 +50,4 @@ package() { sha512sums="9dd7fb674ab914fccaf64b889f6fe3431f95abe1ae76f1df6155fbc89623ec921a4de5f30e896e94c77161c4b4638a29ec19b8e1fe4cbdebdc4666be024f8ed9 elinks-0.13.tar.bz2 56378b4744783e8a07c5e92f3f75cdb7edf7b26881eb033789d71612c3971b3a3c5ada5f02ec422391242cbceb64ff31a2be68298608ed6448c37056d6dedf40 musl-va_copy.patch df3254ff429540cca66849e03cd6245bd3e82897225ba3bfea9a41ab222c0041e60c61784a9fd6f819b360b6168b6375a5455a97786ab656b24a8e1b4b96bda3 ssl-Make-RAND_egd-optional.patch -6aa70bb8ddf1fb57b2e52ccc9b75d08731e8423f60f60aba31fcba879fbf3758208b0079b9204e2351380483c991ea39bddcc7f426d89fe18971390a01cae79d libressl-2.5.patch" +85e7a4e560a87ba641a04e3fce918cd0a2b52bd13b162f15950e4bb7d19a511f984d0891e3df1784cc8bb77a53f6c7ed6ffe56d7707d6b32a6676e21725893b9 elinks-0.12pre6-openssl11.patch" diff --git a/main/elinks/elinks-0.12pre6-openssl11.patch b/main/elinks/elinks-0.12pre6-openssl11.patch new file mode 100644 index 0000000000..29c4ef6bcb --- /dev/null +++ b/main/elinks/elinks-0.12pre6-openssl11.patch @@ -0,0 +1,73 @@ +From d83c0edf4c6ae42359ff856d7a879ecba5769595 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Fri, 17 Feb 2017 16:51:41 +0100 +Subject: [PATCH 1/2] fix compatibility with OpenSSL 1.1 + +--- + src/network/ssl/socket.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c +index c9e2be4..467fc48 100644 +--- a/src/network/ssl/socket.c ++++ b/src/network/ssl/socket.c +@@ -83,7 +83,7 @@ static void + ssl_set_no_tls(struct socket *socket) + { + #ifdef CONFIG_OPENSSL +- ((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1; ++ SSL_set_options((ssl_t *) socket->ssl, SSL_OP_NO_TLSv1); + #elif defined(CONFIG_GNUTLS) + { + /* GnuTLS does not support SSLv2 because it is "insecure". +@@ -419,7 +419,7 @@ ssl_connect(struct socket *socket) + (SSL *) socket->ssl, + client_cert); + #else +- SSL_CTX *ctx = ((SSL *) socket->ssl)->ctx; ++ SSL_CTX *ctx = SSL_get_SSL_CTX((SSL *) socket->ssl); + + SSL_CTX_use_certificate_chain_file(ctx, client_cert); + SSL_CTX_use_PrivateKey_file(ctx, client_cert, +-- +2.7.4 + + +From ec952cc5b79973bee73fcfc813159d40c22b7228 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz <tmraz@fedoraproject.org> +Date: Fri, 17 Feb 2017 16:44:11 +0100 +Subject: [PATCH 2/2] drop disablement of TLS1.0 on second attempt to connect + +It would not work correctly anyway and the code does not build +with OpenSSL-1.1.0. +--- + src/network/ssl/socket.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c +index 467fc48..b981c1e 100644 +--- a/src/network/ssl/socket.c ++++ b/src/network/ssl/socket.c +@@ -82,6 +82,11 @@ + static void + ssl_set_no_tls(struct socket *socket) + { ++#if 0 ++/* This implements the insecure renegotiation, which should not be used. ++ * The code also would not work on current Fedora (>= Fedora 23) anyway, ++ * because it would just switch off TLS 1.0 keeping TLS 1.1 and 1.2 enabled. ++ */ + #ifdef CONFIG_OPENSSL + SSL_set_options((ssl_t *) socket->ssl, SSL_OP_NO_TLSv1); + #elif defined(CONFIG_GNUTLS) +@@ -96,6 +101,7 @@ ssl_set_no_tls(struct socket *socket) + gnutls_protocol_set_priority(*(ssl_t *) socket->ssl, protocol_priority); + } + #endif ++#endif + } + + #ifdef USE_OPENSSL +-- +2.7.4 + diff --git a/main/elinks/libressl-2.5.patch b/main/elinks/libressl-2.5.patch deleted file mode 100644 index 6b8c73032b..0000000000 --- a/main/elinks/libressl-2.5.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/src/network/ssl/socket.c.orig 2017-02-08 12:49:43 UTC -+++ b/src/network/ssl/socket.c -@@ -67,7 +67,7 @@ static void - ssl_set_no_tls(struct socket *socket) - { - #ifdef CONFIG_OPENSSL -- ((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1; -+ SSL_set_options((ssl_t *) socket->ssl, SSL_OP_NO_TLSv1); - #elif defined(CONFIG_GNUTLS) - { - /* GnuTLS does not support SSLv2 because it is "insecure". |