From 2e51e8607e3b45b41a984f95c81c257a41107cff Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 17 Feb 2016 21:57:00 +0100 Subject: [PATCH 01/13] core98: remove wrong grub.cfg only if it was empty. Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/98/update.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/config/rootfiles/core/98/update.sh b/config/rootfiles/core/98/update.sh index ec9c1aaa6..89d32450e 100644 --- a/config/rootfiles/core/98/update.sh +++ b/config/rootfiles/core/98/update.sh @@ -39,7 +39,10 @@ extract_files # Bugfixes for core96 updater bugs... if [ -e /boot/grub/grub.conf ]; then # legacy grub config on xen or citrix conflicts with grub2 config - rm /boot/grub/grub.cfg + # and core96 contains an empty file + if [ ! -s /boot/grub/grub.cfg ] + rm /boot/grub/grub.cfg + fi fi if [ -e /boot/grub/grub.cfg ]; then From 829b0ba85156fbf3514b3f5d5b13c0f3254fae49 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Thu, 18 Feb 2016 04:31:28 +0100 Subject: [PATCH 02/13] core98: fix typo Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/98/update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/rootfiles/core/98/update.sh b/config/rootfiles/core/98/update.sh index 89d32450e..7e0cc2dc2 100644 --- a/config/rootfiles/core/98/update.sh +++ b/config/rootfiles/core/98/update.sh @@ -40,7 +40,7 @@ extract_files if [ -e /boot/grub/grub.conf ]; then # legacy grub config on xen or citrix conflicts with grub2 config # and core96 contains an empty file - if [ ! -s /boot/grub/grub.cfg ] + if [ ! -s /boot/grub/grub.cfg ]; then rm /boot/grub/grub.cfg fi fi From aacab139dc272d9c1b42340100cccb15cd7a302f Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 23 Feb 2016 09:40:31 -0800 Subject: [PATCH 03/13] stunnel: Bump release version The version on the server seems to be still linked against the older 0.9.8 series of openssl and needs to be updated on all systems. I manually pushed this update for the 2.17 branch on i586. Signed-off-by: Michael Tremer --- lfs/stunnel | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lfs/stunnel b/lfs/stunnel index f6f27e075..4585151a8 100644 --- a/lfs/stunnel +++ b/lfs/stunnel @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = stunnel -PAK_VER = 1 +PAK_VER = 2 DEPS = "" From defc321f04783b58a1a8ad45c77560d445eed6d6 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Mon, 29 Feb 2016 21:47:05 +0100 Subject: [PATCH 04/13] core99: create core99 for OpenSSL security update Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/99/exclude | 25 ++++++++ config/rootfiles/core/99/filelists/files | 2 + .../core/99/filelists/i586/openssl-sse2 | 1 + config/rootfiles/core/99/filelists/openssh | 1 + config/rootfiles/core/99/filelists/openssl | 1 + config/rootfiles/core/99/meta | 1 + config/rootfiles/core/99/update.sh | 59 +++++++++++++++++++ 7 files changed, 90 insertions(+) create mode 100644 config/rootfiles/core/99/exclude create mode 100644 config/rootfiles/core/99/filelists/files create mode 120000 config/rootfiles/core/99/filelists/i586/openssl-sse2 create mode 120000 config/rootfiles/core/99/filelists/openssh create mode 120000 config/rootfiles/core/99/filelists/openssl create mode 100644 config/rootfiles/core/99/meta create mode 100644 config/rootfiles/core/99/update.sh diff --git a/config/rootfiles/core/99/exclude b/config/rootfiles/core/99/exclude new file mode 100644 index 000000000..d87f175b5 --- /dev/null +++ b/config/rootfiles/core/99/exclude @@ -0,0 +1,25 @@ +boot/config.txt +etc/alternatives +etc/collectd.custom +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/99/filelists/files b/config/rootfiles/core/99/filelists/files new file mode 100644 index 000000000..409e5fe8a --- /dev/null +++ b/config/rootfiles/core/99/filelists/files @@ -0,0 +1,2 @@ +etc/system-release +etc/issue diff --git a/config/rootfiles/core/99/filelists/i586/openssl-sse2 b/config/rootfiles/core/99/filelists/i586/openssl-sse2 new file mode 120000 index 000000000..f424713d6 --- /dev/null +++ b/config/rootfiles/core/99/filelists/i586/openssl-sse2 @@ -0,0 +1 @@ +../../../../common/i586/openssl-sse2 \ No newline at end of file diff --git a/config/rootfiles/core/99/filelists/openssh b/config/rootfiles/core/99/filelists/openssh new file mode 120000 index 000000000..d8c77fd8e --- /dev/null +++ b/config/rootfiles/core/99/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/99/filelists/openssl b/config/rootfiles/core/99/filelists/openssl new file mode 120000 index 000000000..e011a9266 --- /dev/null +++ b/config/rootfiles/core/99/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/99/meta b/config/rootfiles/core/99/meta new file mode 100644 index 000000000..d547fa86f --- /dev/null +++ b/config/rootfiles/core/99/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/99/update.sh b/config/rootfiles/core/99/update.sh new file mode 100644 index 000000000..fd81307b3 --- /dev/null +++ b/config/rootfiles/core/99/update.sh @@ -0,0 +1,59 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2016 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# Remove old core updates from pakfire cache to save space... +core=99 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# Stop services + +# Extract files +extract_files + +# Update Language cache +# /usr/local/bin/update-lang-cache + +# Start services +/etc/init.d/sshd restart +/etc/init.d/apache restart + +# This update need a reboot... +touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi +sync + +# Don't report the exitcode last command +exit 0 From 7e90cf38cb0f3fcee6e3e4baf0d629233f769d51 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Mon, 29 Feb 2016 21:53:41 +0100 Subject: [PATCH 05/13] backup: fix vnstat path Signed-off-by: Arne Fitzenreiter --- config/backup/include | 2 +- config/rootfiles/core/99/filelists/files | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/config/backup/include b/config/backup/include index 6ecb930fa..eb76ebf36 100644 --- a/config/backup/include +++ b/config/backup/include @@ -33,7 +33,7 @@ /var/log/ip-acct/* /var/log/rrd/* /var/log/rrd/collectd -/var/log/rrd/vnstat +/var/log/vnstat /etc/sysconfig/firewall.local /etc/sysconfig/rc.local /root/.gitconfig diff --git a/config/rootfiles/core/99/filelists/files b/config/rootfiles/core/99/filelists/files index 409e5fe8a..76b5b4e32 100644 --- a/config/rootfiles/core/99/filelists/files +++ b/config/rootfiles/core/99/filelists/files @@ -1,2 +1,3 @@ etc/system-release etc/issue +var/ipfire/backup/include From aced5a957861710fb8b5fc94aa87fc29ceb9b3ec Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Tue, 1 Mar 2016 15:59:34 +0100 Subject: [PATCH 06/13] openssh: update to 7.2p1 Signed-off-by: Arne Fitzenreiter --- lfs/openssh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/openssh b/lfs/openssh index 546bc7ed8..ab25d6233 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2015 IPFire Team # +# Copyright (C) 2007-2016 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 7.1p2 +VER = 7.2p1 THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 4d8547670e2a220d5ef805ad9e47acf2 +$(DL_FILE)_MD5 = b984775f0cfff1f7ff18b8797fce8a28 install : $(TARGET) From eea5bfe4656963628c1888afe106a51875752372 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Tue, 1 Mar 2016 16:00:19 +0100 Subject: [PATCH 07/13] openssl: security update to 1.0.2g this fixes diverse security problems. check http://openssl.org/news/secadv/20160301.txt for details. Signed-off-by: Arne Fitzenreiter --- lfs/openssl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/openssl b/lfs/openssl index c5b71f797..c68cf2903 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@ include Config -VER = 1.0.2f +VER = 1.0.2g THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -86,7 +86,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = b3bf73f507172be9292ea2a8c28b659d +$(DL_FILE)_MD5 = f3c710c045cdee5fd114feb69feba7aa install : $(TARGET) From 68537369b0c9fa551bc9db31ccc2d1b116badde8 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Tue, 1 Mar 2016 16:02:50 +0100 Subject: [PATCH 08/13] core99: set version to 99 Signed-off-by: Arne Fitzenreiter --- make.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/make.sh b/make.sh index 9f119bf3f..08178b40b 100755 --- a/make.sh +++ b/make.sh @@ -25,8 +25,8 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.17" # Version number -CORE="98" # Core Level (Filename) -PAKFIRE_CORE="98" # Core Level (PAKFIRE) +CORE="99" # Core Level (Filename) +PAKFIRE_CORE="99" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir From d86a24928625c47d46d17daad18f159d28678ee4 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Tue, 1 Mar 2016 22:25:55 +0100 Subject: [PATCH 09/13] python-m2crypto: remove SSLv2_method this is removed by OpenSSL 1.0.2g Signed-off-by: Arne Fitzenreiter --- lfs/python-m2crypto | 1 + .../M2Crypto-0.21.1_remove_sslv2_method.patch | 12 ++++++++++++ 2 files changed, 13 insertions(+) create mode 100644 src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch diff --git a/lfs/python-m2crypto b/lfs/python-m2crypto index 536380c9b..69c070b57 100644 --- a/lfs/python-m2crypto +++ b/lfs/python-m2crypto @@ -77,6 +77,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch cd $(DIR_APP) && python setup.py install @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch b/src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch new file mode 100644 index 000000000..24195fb05 --- /dev/null +++ b/src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch @@ -0,0 +1,12 @@ +diff -Naur M2Crypto-0.21.1.org/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i +--- M2Crypto-0.21.1.org/SWIG/_ssl.i 2011-01-15 20:10:06.000000000 +0100 ++++ M2Crypto-0.21.1/SWIG/_ssl.i 2016-03-01 22:12:16.387266258 +0100 +@@ -48,8 +48,6 @@ + %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long; + extern const char *SSL_alert_desc_string_long(int); + +-%rename(sslv2_method) SSLv2_method; +-extern SSL_METHOD *SSLv2_method(void); + %rename(sslv3_method) SSLv3_method; + extern SSL_METHOD *SSLv3_method(void); + %rename(sslv23_method) SSLv23_method; From ac385b2f17ef142101165bdd9b31206bd86998dc Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Tue, 1 Mar 2016 22:50:53 +0100 Subject: [PATCH 10/13] OpenSSH: remove slogin binary in rootfile and update Signed-off-by: Arne Fitzenreiter --- config/rootfiles/common/openssh | 1 - config/rootfiles/core/99/update.sh | 3 +++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh index 1b6ded3ba..c33003fe6 100644 --- a/config/rootfiles/common/openssh +++ b/config/rootfiles/common/openssh @@ -14,7 +14,6 @@ etc/ssh/ssh_config etc/ssh/sshd_config usr/bin/scp usr/bin/sftp -usr/bin/slogin usr/bin/ssh usr/bin/ssh-add usr/bin/ssh-agent diff --git a/config/rootfiles/core/99/update.sh b/config/rootfiles/core/99/update.sh index fd81307b3..b57d0a738 100644 --- a/config/rootfiles/core/99/update.sh +++ b/config/rootfiles/core/99/update.sh @@ -33,6 +33,9 @@ done # Stop services +# remove slogin which is not included in new OpenSSH +rm /usr/bin/slogin + # Extract files extract_files From 5d95fd5af11e8631cbaed1e5f8c914facd0b2125 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 2 Mar 2016 21:13:31 +0100 Subject: [PATCH 11/13] Revert "python-m2crypto: remove SSLv2_method" This reverts commit d86a24928625c47d46d17daad18f159d28678ee4. --- lfs/python-m2crypto | 1 - .../M2Crypto-0.21.1_remove_sslv2_method.patch | 12 ------------ 2 files changed, 13 deletions(-) delete mode 100644 src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch diff --git a/lfs/python-m2crypto b/lfs/python-m2crypto index 69c070b57..536380c9b 100644 --- a/lfs/python-m2crypto +++ b/lfs/python-m2crypto @@ -77,7 +77,6 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch cd $(DIR_APP) && python setup.py install @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch b/src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch deleted file mode 100644 index 24195fb05..000000000 --- a/src/patches/M2Crypto-0.21.1_remove_sslv2_method.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur M2Crypto-0.21.1.org/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i ---- M2Crypto-0.21.1.org/SWIG/_ssl.i 2011-01-15 20:10:06.000000000 +0100 -+++ M2Crypto-0.21.1/SWIG/_ssl.i 2016-03-01 22:12:16.387266258 +0100 -@@ -48,8 +48,6 @@ - %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long; - extern const char *SSL_alert_desc_string_long(int); - --%rename(sslv2_method) SSLv2_method; --extern SSL_METHOD *SSLv2_method(void); - %rename(sslv3_method) SSLv3_method; - extern SSL_METHOD *SSLv3_method(void); - %rename(sslv23_method) SSLv23_method; From 353e08cd7778f2070469842ebe0f553e648f79d4 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 2 Mar 2016 21:31:07 +0100 Subject: [PATCH 12/13] openssl: compile with sslv2 support but disable the new default breaks the ABI so we need to compile in but disable it with a patch. --- lfs/openssl | 2 +- .../openssl-1.0.2g-disable-sslv2v3.patch | 18 ++++++++++++++++++ src/patches/openssl-disable-sslv2-sslv3.patch | 12 ------------ 3 files changed, 19 insertions(+), 13 deletions(-) create mode 100644 src/patches/openssl-1.0.2g-disable-sslv2v3.patch delete mode 100644 src/patches/openssl-disable-sslv2-sslv3.patch diff --git a/lfs/openssl b/lfs/openssl index c68cf2903..f45295e4b 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -119,7 +119,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch # i586 specific patches ifeq "$(MACHINE)" "i586" diff --git a/src/patches/openssl-1.0.2g-disable-sslv2v3.patch b/src/patches/openssl-1.0.2g-disable-sslv2v3.patch new file mode 100644 index 000000000..06f51322b --- /dev/null +++ b/src/patches/openssl-1.0.2g-disable-sslv2v3.patch @@ -0,0 +1,18 @@ +diff -up openssl-1.0.2g/ssl/ssl_lib.c.v2v3 openssl-1.0.2g/ssl/ssl_lib.c +--- openssl-1.0.2g/ssl/ssl_lib.c.v2v3 2016-03-01 16:38:26.879142021 +0100 ++++ openssl-1.0.2g/ssl/ssl_lib.c 2016-03-01 16:41:32.977353769 +0100 +@@ -2055,11 +2055,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m + ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; + + /* +- * Disable SSLv2 by default, callers that want to enable SSLv2 will have to +- * explicitly clear this option via either of SSL_CTX_clear_options() or ++ * Disable SSLv2 and SSLv3 by default, callers that want to enable these will have to ++ * explicitly clear these options via either of SSL_CTX_clear_options() or + * SSL_clear_options(). + */ +- ret->options |= SSL_OP_NO_SSLv2; ++ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; + + return (ret); + err: diff --git a/src/patches/openssl-disable-sslv2-sslv3.patch b/src/patches/openssl-disable-sslv2-sslv3.patch deleted file mode 100644 index e42dfac69..000000000 --- a/src/patches/openssl-disable-sslv2-sslv3.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- openssl-1.0.1m/ssl/ssl_lib.c.old 2015-03-19 15:56:40.966287977 +0100 -+++ openssl-1.0.1m/ssl/ssl_lib.c 2015-03-19 15:57:07.976160846 +0100 -@@ -1892,6 +1892,9 @@ - */ - ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; - -+ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */ -+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; -+ - return (ret); - err: - SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); From 75ad2e4e885992c9b17c2d7b722dd3ac3875a7f0 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Thu, 3 Mar 2016 08:38:27 +0100 Subject: [PATCH 13/13] openssl: add forgotten sslv2 compile option Signed-off-by: Arne Fitzenreiter --- lfs/openssl | 1 + 1 file changed, 1 insertion(+) diff --git a/lfs/openssl b/lfs/openssl index f45295e4b..eb7352f8c 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -53,6 +53,7 @@ CONFIGURE_OPTIONS = \ zlib-dynamic \ enable-camellia \ enable-md2 \ + enable-ssl2 \ enable-seed \ enable-tlsext \ enable-rfc3779 \