/tags/1.3.5-dfsg1-3/debian/patches/disable_ssl3.patch |
---|
0,0 → 1,58 |
Description: Disable SSL 3.0 on client as well as server side |
Author: Magnus Holmgren <holmgren@debian.org> |
--- a/lib/ssl.c |
+++ b/lib/ssl.c |
@@ -387,12 +387,16 @@ void ssl_context_init(struct ssl_config |
SSL_load_error_strings(); |
/* Set up client context: only used by accountd */ |
- client_ctx = SSL_CTX_new(SSLv3_client_method()); |
+ client_ctx = SSL_CTX_new(SSLv23_client_method()); |
SSL_CTX_set_session_cache_mode(client_ctx, SSL_SESS_CACHE_BOTH); |
SSL_CTX_set_info_callback(client_ctx, info_callback); |
#ifdef SSL_MODE_AUTO_RETRY |
SSL_CTX_set_mode(client_ctx, SSL_MODE_AUTO_RETRY); |
#endif |
+ /* SSLv2 now obsolete */ |
+ SSL_CTX_set_options(client_ctx, SSL_OP_NO_SSLv2); |
+ /* SSLv3 now also obsolete */ |
+ SSL_CTX_set_options(client_ctx, SSL_OP_NO_SSLv3); |
if (SSL_CTX_need_tmp_RSA(client_ctx)) |
SSL_CTX_set_tmp_rsa_callback(client_ctx, rsa_callback); |
@@ -420,6 +424,8 @@ void ssl_context_init(struct ssl_config |
/* SSLv2 now obsolete */ |
SSL_CTX_set_options(server_ctx, SSL_OP_NO_SSLv2); |
+ /* SSLv3 now also obsolete */ |
+ SSL_CTX_set_options(server_ctx, SSL_OP_NO_SSLv3); |
/* Start off with the session cache disabled */ |
SSL_CTX_set_session_cache_mode(server_ctx, SSL_SESS_CACHE_OFF); |
@@ -625,6 +631,12 @@ void *ssl_start_server(int fd, unsigned |
case TLS1_VERSION: |
ver = "TLSv1"; |
break; |
+ case TLS1_1_VERSION: |
+ ver = "TLSv1.1"; |
+ break; |
+ case TLS1_2_VERSION: |
+ ver = "TLSv1.2"; |
+ break; |
default: |
ver = "UNKNOWN"; |
} |
@@ -678,6 +690,12 @@ void *ssl_start_client(int fd, unsigned |
case TLS1_VERSION: |
ver = "TLSv1"; |
break; |
+ case TLS1_1_VERSION: |
+ ver = "TLSv1.1"; |
+ break; |
+ case TLS1_2_VERSION: |
+ ver = "TLSv1.2"; |
+ break; |
default: |
ver = "UNKNOWN"; |
} |
/tags/1.3.5-dfsg1-3/debian/patches/dlopen_templates.patch |
---|
50,12 → 50,12 |
-CFLAGS = $(BASECFLAGS) |
-LDFLAGS = $(BASELDFLAGS) |
+CFLAGS = $(BASECFLAGS) -fPIC |
+LDFLAGS = $(BASELDFLAGS) -fPIC |
+MYCFLAGS = $(BASECFLAGS) -fPIC |
+MYLDFLAGS = $(BASELDFLAGS) -fPIC |
+LDFLAGS_TEMPLATELIB = \ |
+ -Wl,--defsym=template_map=template_map_$(TYPE) \ |
+ -Wl,--defsym=template_map_count=template_map_$(TYPE)_count |
+LDFLAGS += $(LDFLAGS_TEMPLATELIB) |
+MYLDFLAGS += $(LDFLAGS_TEMPLATELIB) |
TYPE=cam |
64,19 → 64,22 |
T_FILES_FRONTEND=login.t login_hermes.t \ |
frontend_login_error.t frontend_security.t frontend_session.t \ |
@@ -111,6 +115,12 @@ templates.a: $(O_FILES) |
@@ -111,8 +115,14 @@ templates.a: $(O_FILES) |
rm -f templates.a |
ar q templates.a $(O_FILES) |
+$(TYPE)_frontend.so: $(O_FILES_FRONTEND) |
+ $(CC) $(LDFLAGS) -shared -o $@ $(O_FILES_FRONTEND) |
+ $(CC) $(MYLDFLAGS) -shared -o $@ $(O_FILES_FRONTEND) |
+ |
+$(TYPE).so: $(O_FILES) |
+ $(CC) $(LDFLAGS) -shared -o $@ $(O_FILES) |
+ $(CC) $(MYLDFLAGS) -shared -o $@ $(O_FILES) |
+ |
%.o: %.c Makefile |
$(CC) $(CFLAGS) -I../../lib -c $< |
- $(CC) $(CFLAGS) -I../../lib -c $< |
+ $(CC) $(MYCFLAGS) -I../../lib -c $< |
_template_index_frontend.c: |
../src/build_index.pl $(TYPE) $(T_FILES_FRONTEND) > _template_index_frontend.c |
@@ -129,6 +139,10 @@ install: |
cp *.t $(BROOT)$(PREFIX)/templates/$(TYPE) |
cp *.vars $(BROOT)$(PREFIX)/templates/$(TYPE) |
96,12 → 99,12 |
-CFLAGS = $(BASECFLAGS) |
-LDFLAGS = $(BASELDFLAGS) |
+CFLAGS = $(BASECFLAGS) -fPIC |
+LDFLAGS = $(BASELDFLAGS) -fPIC |
+MYCFLAGS = $(BASECFLAGS) -fPIC |
+MYLDFLAGS = $(BASELDFLAGS) -fPIC |
+LDFLAGS_TEMPLATELIB = \ |
+ -Wl,--defsym=template_map=template_map_$(TYPE) \ |
+ -Wl,--defsym=template_map_count=template_map_$(TYPE)_count |
+LDFLAGS += $(LDFLAGS_TEMPLATELIB) |
+MYLDFLAGS += $(LDFLAGS_TEMPLATELIB) |
TYPE=old |
110,19 → 113,22 |
T_FILES_FRONTEND=login.t \ |
frontend_login_error.t frontend_security.t frontend_session.t \ |
@@ -110,6 +114,12 @@ templates.a: $(O_FILES) |
@@ -110,8 +114,14 @@ templates.a: $(O_FILES) |
rm -f templates.a |
ar q templates.a $(O_FILES) |
+$(TYPE)_frontend.so: $(O_FILES_FRONTEND) |
+ $(CC) $(LDFLAGS) -shared -o $@ $(O_FILES_FRONTEND) |
+ $(CC) $(MYLDFLAGS) -shared -o $@ $(O_FILES_FRONTEND) |
+ |
+$(TYPE).so: $(O_FILES) |
+ $(CC) $(LDFLAGS) -shared -o $@ $(O_FILES) |
+ $(CC) $(MYLDFLAGS) -shared -o $@ $(O_FILES) |
+ |
%.o: %.c Makefile |
$(CC) $(CFLAGS) -I../../lib -c $< |
- $(CC) $(CFLAGS) -I../../lib -c $< |
+ $(CC) $(MYCFLAGS) -I../../lib -c $< |
_template_index_frontend.c: |
../src/build_index.pl $(TYPE) $(T_FILES_FRONTEND) > _template_index_frontend.c |
@@ -128,6 +138,10 @@ install: |
cp *.t $(BROOT)$(PREFIX)/templates/$(TYPE) |
cp *.vars $(BROOT)$(PREFIX)/templates/$(TYPE) |
181,9 → 187,9 |
endif |
-PRAYER_LIBS = $(BASE_LIBS) $(SERVER_SSL_LIBS) |
-SESSION_LIBS = $(BASE_LIBS) $(CCLIENT_LIBS) |
-SESSION_LIBS = $(CCLIENT_LIBS) $(BASE_LIBS) |
+PRAYER_LIBS = $(BASE_LIBS) $(SERVER_SSL_LIBS) -ldl |
+SESSION_LIBS = $(BASE_LIBS) $(CCLIENT_LIBS) -ldl |
+SESSION_LIBS = $(CCLIENT_LIBS) $(BASE_LIBS) -ldl |
# Add SSL if c-client needs SSL |
ifeq ($(strip $(CCLIENT_SSL_ENABLE)), true) |
217,7 → 223,7 |
ifeq ($(strip $(ACCOUNTD_ENABLE)), true) |
--- a/servers/session_exchange.c |
+++ b/servers/session_exchange.c |
@@ -144,6 +144,8 @@ BOOL session_exchange(struct session * s |
@@ -146,6 +146,8 @@ BOOL session_exchange(struct session * s |
else |
template_set = config->template_set; /* Safe default */ |
/tags/1.3.5-dfsg1-3/debian/patches/hurd.patch |
---|
11,3 → 11,17 |
# define SPT_TYPE SPT_REUSEARGV |
# define SPT_PADCHAR '\0' /* pad process title with nulls */ |
#elif (defined(BSD) && BSD >= 199306) |
--- a/accountd/authenticate.c |
+++ b/accountd/authenticate.c |
@@ -8,11 +8,7 @@ |
#include "accountd.h" |
-#ifdef BSD4_4 |
-#define HAVE_SHADOW 0 |
-#else |
#define HAVE_SHADOW 1 |
-#endif |
#include <pwd.h> |
#if HAVE_SHADOW |
/tags/1.3.5-dfsg1-3/debian/patches/makefile_install_config.patch |
---|
87,17 → 87,17 |
# EGD socket, if system has no /dev/urandom |
#egd_socket = "/var/prngd/urandom" |
@@ -376,13 +364,15 @@ sendmail_path = /usr/lib/sendmail |
@@ -374,13 +375,15 @@ sendmail_path = /usr/lib/sendmail |
ispell_path = /usr/bin/ispell |
# Message of the day file |
-motd_path = "$prefix/etc/motd.html" |
- |
-# HTML to insert into login page |
-#login_insert1_path = "$prefix/etc/ucsnews.html" |
+#motd_path = "/etc/prayer/motd.html" |
-# HTML to insert into login page |
-#login_insert1_path = "$prefix/etc/ucsnews.html" |
- |
-# HTML to insert into login page |
-#login_insert2_path = "$prefix/etc/ucsnews.html" |
+# HTML to make available to login template as $login_insert1 |
+# (only used in "cam" template set). |
109,7 → 109,7 |
# Login security: Prayer's front page defaults to a login form. |
# If the user does not connect via SSL then this can be changed |
@@ -411,10 +401,11 @@ bin_dir = "__BIN_DIR__" |
@@ -409,10 +412,11 @@ bin_dir = "__BIN_DIR__" |
# Various directories used by the running system |
# Logs stored in $log_dir |
123,7 → 123,7 |
# $socket_dir is location for unix domain sockets which connect frontend |
# to backend in proxy mode of operation. |
@@ -422,7 +413,7 @@ socket_dir = "$var_prefix/socke |
@@ -420,7 +424,7 @@ socket_dir = "$var_prefix/socke |
# Split socket directory into 64 subdirs keyed on first letter of sessionID |
# Code provides compatibility in both directions: can switch back and forward |
132,7 → 132,7 |
# Name of Unix domain socket (in $socket_dir) used for initial handshake |
# between prayer and prayer-session processes when a user logs in |
@@ -436,7 +427,7 @@ ssl_session_dir = "$var_prefix/ssl_s |
@@ -434,7 +438,7 @@ ssl_session_dir = "$var_prefix/ssl_s |
tmp_dir = "$var_prefix/tmp" |
# Location for PID files for prayer and prayer-session master processes. |
141,7 → 141,7 |
# Interface to Hermes finger database |
#lookup_rpasswd = "/data/finger/rpasswd.cdb" |
@@ -454,7 +445,7 @@ pid_dir = "$var_prefix/pid" |
@@ -452,7 +456,7 @@ pid_dir = "$var_prefix/pid" |
# Template stuff |
template_path = "__PREFIX__/templates" |
150,7 → 150,7 |
template_use_compiled = TRUE |
template old "Traditional" |
@@ -603,14 +594,14 @@ hiersep = "/" |
@@ -601,14 +605,14 @@ hiersep = "/" |
dualuse = FALSE |
# Names of postponed_folder and sent_mail_folder, relative to maildir |
/tags/1.3.5-dfsg1-3/debian/patches/series |
---|
6,3 → 6,4 |
template_sdk.patch |
no_db_version_check.patch |
hurd.patch |
disable_ssl3.patch |
/tags/1.3.5-dfsg1-3/debian/patches/templates_fallback_to_compiled.patch |
---|
34,7 → 34,7 |
"Template %s not found (top level template_expand())\n", |
--- a/files/etc/prayer.cf.SRC |
+++ b/files/etc/prayer.cf.SRC |
@@ -444,7 +444,7 @@ pid_dir = "$var_prefix" |
@@ -455,7 +455,7 @@ pid_dir = "$var_prefix" |
###################################################################### |
# Template stuff |