Subversion Repositories prayer

Compare Revisions

Ignore whitespace Rev 142 → Rev 160

/tags/1.3.5-dfsg1-3/debian/patches/disable_ssl3.patch
0,0 → 1,58
Description: Disable SSL 3.0 on client as well as server side
Author: Magnus Holmgren <holmgren@debian.org>
 
--- a/lib/ssl.c
+++ b/lib/ssl.c
@@ -387,12 +387,16 @@ void ssl_context_init(struct ssl_config
SSL_load_error_strings();
/* Set up client context: only used by accountd */
- client_ctx = SSL_CTX_new(SSLv3_client_method());
+ client_ctx = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_session_cache_mode(client_ctx, SSL_SESS_CACHE_BOTH);
SSL_CTX_set_info_callback(client_ctx, info_callback);
#ifdef SSL_MODE_AUTO_RETRY
SSL_CTX_set_mode(client_ctx, SSL_MODE_AUTO_RETRY);
#endif
+ /* SSLv2 now obsolete */
+ SSL_CTX_set_options(client_ctx, SSL_OP_NO_SSLv2);
+ /* SSLv3 now also obsolete */
+ SSL_CTX_set_options(client_ctx, SSL_OP_NO_SSLv3);
if (SSL_CTX_need_tmp_RSA(client_ctx))
SSL_CTX_set_tmp_rsa_callback(client_ctx, rsa_callback);
@@ -420,6 +424,8 @@ void ssl_context_init(struct ssl_config
/* SSLv2 now obsolete */
SSL_CTX_set_options(server_ctx, SSL_OP_NO_SSLv2);
+ /* SSLv3 now also obsolete */
+ SSL_CTX_set_options(server_ctx, SSL_OP_NO_SSLv3);
/* Start off with the session cache disabled */
SSL_CTX_set_session_cache_mode(server_ctx, SSL_SESS_CACHE_OFF);
@@ -625,6 +631,12 @@ void *ssl_start_server(int fd, unsigned
case TLS1_VERSION:
ver = "TLSv1";
break;
+ case TLS1_1_VERSION:
+ ver = "TLSv1.1";
+ break;
+ case TLS1_2_VERSION:
+ ver = "TLSv1.2";
+ break;
default:
ver = "UNKNOWN";
}
@@ -678,6 +690,12 @@ void *ssl_start_client(int fd, unsigned
case TLS1_VERSION:
ver = "TLSv1";
break;
+ case TLS1_1_VERSION:
+ ver = "TLSv1.1";
+ break;
+ case TLS1_2_VERSION:
+ ver = "TLSv1.2";
+ break;
default:
ver = "UNKNOWN";
}
/tags/1.3.5-dfsg1-3/debian/patches/dlopen_templates.patch
50,12 → 50,12
-CFLAGS = $(BASECFLAGS)
-LDFLAGS = $(BASELDFLAGS)
+CFLAGS = $(BASECFLAGS) -fPIC
+LDFLAGS = $(BASELDFLAGS) -fPIC
+MYCFLAGS = $(BASECFLAGS) -fPIC
+MYLDFLAGS = $(BASELDFLAGS) -fPIC
+LDFLAGS_TEMPLATELIB = \
+ -Wl,--defsym=template_map=template_map_$(TYPE) \
+ -Wl,--defsym=template_map_count=template_map_$(TYPE)_count
+LDFLAGS += $(LDFLAGS_TEMPLATELIB)
+MYLDFLAGS += $(LDFLAGS_TEMPLATELIB)
TYPE=cam
64,19 → 64,22
T_FILES_FRONTEND=login.t login_hermes.t \
frontend_login_error.t frontend_security.t frontend_session.t \
@@ -111,6 +115,12 @@ templates.a: $(O_FILES)
@@ -111,8 +115,14 @@ templates.a: $(O_FILES)
rm -f templates.a
ar q templates.a $(O_FILES)
+$(TYPE)_frontend.so: $(O_FILES_FRONTEND)
+ $(CC) $(LDFLAGS) -shared -o $@ $(O_FILES_FRONTEND)
+ $(CC) $(MYLDFLAGS) -shared -o $@ $(O_FILES_FRONTEND)
+
+$(TYPE).so: $(O_FILES)
+ $(CC) $(LDFLAGS) -shared -o $@ $(O_FILES)
+ $(CC) $(MYLDFLAGS) -shared -o $@ $(O_FILES)
+
%.o: %.c Makefile
$(CC) $(CFLAGS) -I../../lib -c $<
- $(CC) $(CFLAGS) -I../../lib -c $<
+ $(CC) $(MYCFLAGS) -I../../lib -c $<
_template_index_frontend.c:
../src/build_index.pl $(TYPE) $(T_FILES_FRONTEND) > _template_index_frontend.c
@@ -129,6 +139,10 @@ install:
cp *.t $(BROOT)$(PREFIX)/templates/$(TYPE)
cp *.vars $(BROOT)$(PREFIX)/templates/$(TYPE)
96,12 → 99,12
-CFLAGS = $(BASECFLAGS)
-LDFLAGS = $(BASELDFLAGS)
+CFLAGS = $(BASECFLAGS) -fPIC
+LDFLAGS = $(BASELDFLAGS) -fPIC
+MYCFLAGS = $(BASECFLAGS) -fPIC
+MYLDFLAGS = $(BASELDFLAGS) -fPIC
+LDFLAGS_TEMPLATELIB = \
+ -Wl,--defsym=template_map=template_map_$(TYPE) \
+ -Wl,--defsym=template_map_count=template_map_$(TYPE)_count
+LDFLAGS += $(LDFLAGS_TEMPLATELIB)
+MYLDFLAGS += $(LDFLAGS_TEMPLATELIB)
TYPE=old
110,19 → 113,22
T_FILES_FRONTEND=login.t \
frontend_login_error.t frontend_security.t frontend_session.t \
@@ -110,6 +114,12 @@ templates.a: $(O_FILES)
@@ -110,8 +114,14 @@ templates.a: $(O_FILES)
rm -f templates.a
ar q templates.a $(O_FILES)
+$(TYPE)_frontend.so: $(O_FILES_FRONTEND)
+ $(CC) $(LDFLAGS) -shared -o $@ $(O_FILES_FRONTEND)
+ $(CC) $(MYLDFLAGS) -shared -o $@ $(O_FILES_FRONTEND)
+
+$(TYPE).so: $(O_FILES)
+ $(CC) $(LDFLAGS) -shared -o $@ $(O_FILES)
+ $(CC) $(MYLDFLAGS) -shared -o $@ $(O_FILES)
+
%.o: %.c Makefile
$(CC) $(CFLAGS) -I../../lib -c $<
- $(CC) $(CFLAGS) -I../../lib -c $<
+ $(CC) $(MYCFLAGS) -I../../lib -c $<
_template_index_frontend.c:
../src/build_index.pl $(TYPE) $(T_FILES_FRONTEND) > _template_index_frontend.c
@@ -128,6 +138,10 @@ install:
cp *.t $(BROOT)$(PREFIX)/templates/$(TYPE)
cp *.vars $(BROOT)$(PREFIX)/templates/$(TYPE)
181,9 → 187,9
endif
-PRAYER_LIBS = $(BASE_LIBS) $(SERVER_SSL_LIBS)
-SESSION_LIBS = $(BASE_LIBS) $(CCLIENT_LIBS)
-SESSION_LIBS = $(CCLIENT_LIBS) $(BASE_LIBS)
+PRAYER_LIBS = $(BASE_LIBS) $(SERVER_SSL_LIBS) -ldl
+SESSION_LIBS = $(BASE_LIBS) $(CCLIENT_LIBS) -ldl
+SESSION_LIBS = $(CCLIENT_LIBS) $(BASE_LIBS) -ldl
# Add SSL if c-client needs SSL
ifeq ($(strip $(CCLIENT_SSL_ENABLE)), true)
217,7 → 223,7
ifeq ($(strip $(ACCOUNTD_ENABLE)), true)
--- a/servers/session_exchange.c
+++ b/servers/session_exchange.c
@@ -144,6 +144,8 @@ BOOL session_exchange(struct session * s
@@ -146,6 +146,8 @@ BOOL session_exchange(struct session * s
else
template_set = config->template_set; /* Safe default */
/tags/1.3.5-dfsg1-3/debian/patches/hurd.patch
11,3 → 11,17
# define SPT_TYPE SPT_REUSEARGV
# define SPT_PADCHAR '\0' /* pad process title with nulls */
#elif (defined(BSD) && BSD >= 199306)
--- a/accountd/authenticate.c
+++ b/accountd/authenticate.c
@@ -8,11 +8,7 @@
#include "accountd.h"
-#ifdef BSD4_4
-#define HAVE_SHADOW 0
-#else
#define HAVE_SHADOW 1
-#endif
#include <pwd.h>
#if HAVE_SHADOW
/tags/1.3.5-dfsg1-3/debian/patches/makefile_install_config.patch
87,17 → 87,17
# EGD socket, if system has no /dev/urandom
#egd_socket = "/var/prngd/urandom"
@@ -376,13 +364,15 @@ sendmail_path = /usr/lib/sendmail
@@ -374,13 +375,15 @@ sendmail_path = /usr/lib/sendmail
ispell_path = /usr/bin/ispell
# Message of the day file
-motd_path = "$prefix/etc/motd.html"
-
-# HTML to insert into login page
-#login_insert1_path = "$prefix/etc/ucsnews.html"
+#motd_path = "/etc/prayer/motd.html"
-# HTML to insert into login page
-#login_insert1_path = "$prefix/etc/ucsnews.html"
-
-# HTML to insert into login page
-#login_insert2_path = "$prefix/etc/ucsnews.html"
+# HTML to make available to login template as $login_insert1
+# (only used in "cam" template set).
109,7 → 109,7
# Login security: Prayer's front page defaults to a login form.
# If the user does not connect via SSL then this can be changed
@@ -411,10 +401,11 @@ bin_dir = "__BIN_DIR__"
@@ -409,10 +412,11 @@ bin_dir = "__BIN_DIR__"
# Various directories used by the running system
# Logs stored in $log_dir
123,7 → 123,7
# $socket_dir is location for unix domain sockets which connect frontend
# to backend in proxy mode of operation.
@@ -422,7 +413,7 @@ socket_dir = "$var_prefix/socke
@@ -420,7 +424,7 @@ socket_dir = "$var_prefix/socke
# Split socket directory into 64 subdirs keyed on first letter of sessionID
# Code provides compatibility in both directions: can switch back and forward
132,7 → 132,7
# Name of Unix domain socket (in $socket_dir) used for initial handshake
# between prayer and prayer-session processes when a user logs in
@@ -436,7 +427,7 @@ ssl_session_dir = "$var_prefix/ssl_s
@@ -434,7 +438,7 @@ ssl_session_dir = "$var_prefix/ssl_s
tmp_dir = "$var_prefix/tmp"
# Location for PID files for prayer and prayer-session master processes.
141,7 → 141,7
# Interface to Hermes finger database
#lookup_rpasswd = "/data/finger/rpasswd.cdb"
@@ -454,7 +445,7 @@ pid_dir = "$var_prefix/pid"
@@ -452,7 +456,7 @@ pid_dir = "$var_prefix/pid"
# Template stuff
template_path = "__PREFIX__/templates"
150,7 → 150,7
template_use_compiled = TRUE
template old "Traditional"
@@ -603,14 +594,14 @@ hiersep = "/"
@@ -601,14 +605,14 @@ hiersep = "/"
dualuse = FALSE
# Names of postponed_folder and sent_mail_folder, relative to maildir
/tags/1.3.5-dfsg1-3/debian/patches/series
6,3 → 6,4
template_sdk.patch
no_db_version_check.patch
hurd.patch
disable_ssl3.patch
/tags/1.3.5-dfsg1-3/debian/patches/templates_fallback_to_compiled.patch
34,7 → 34,7
"Template %s not found (top level template_expand())\n",
--- a/files/etc/prayer.cf.SRC
+++ b/files/etc/prayer.cf.SRC
@@ -444,7 +444,7 @@ pid_dir = "$var_prefix"
@@ -455,7 +455,7 @@ pid_dir = "$var_prefix"
######################################################################
# Template stuff