openssl: security update to 1.0.2g

see https://www.openssl.org/news/secadv/20160503.txt for details Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2026-05-11 09:48:24 +02:00 · 2016-05-03 21:28:28 +02:00
parent 68aa7aa602
commit d25d7bfccf
3 changed files with 16 additions and 15 deletions
--- a/src/patches/openssl-1.0.1m-weak-ciphers.patch
+++ b/src/patches/openssl-1.0.1m-weak-ciphers.patch
@@ -1,11 +0,0 @@
--- openssl-1.0.1m/ssl/ssl.h.old	2015-03-19 15:25:20.646533583 +0100
-+++ openssl-1.0.1m/ssl/ssl.h	2015-03-19 15:25:31.229875691 +0100
-@@ -334,7 +334,7 @@
-  * The following cipher list is used by default. It also is substituted when
-  * an application-defined cipher list string starts with 'DEFAULT'.
-  */
-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
-+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:!RC2:!DES"
- /*
-  * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
-  * starts with a reasonable order, and all we have to do for DEFAULT is
--- a/src/patches/openssl-1.0.2h-weak-ciphers.patch
+++ b/src/patches/openssl-1.0.2h-weak-ciphers.patch
@@ -0,0 +1,12 @@
+diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h
+--- openssl-1.0.2h.org/ssl/ssl.h	2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2h/ssl/ssl.h	2016-05-03 18:49:10.393302264 +0200
+@@ -338,7 +338,7 @@
+  * The following cipher list is used by default. It also is substituted when
+  * an application-defined cipher list string starts with 'DEFAULT'.
+  */
+-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES"
+ /*
+  * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+  * starts with a reasonable order, and all we have to do for DEFAULT is