summaryrefslogtreecommitdiff
path: root/system/openssl/0010-ssl-env-zlib.patch
diff options
context:
space:
mode:
Diffstat (limited to 'system/openssl/0010-ssl-env-zlib.patch')
-rw-r--r--system/openssl/0010-ssl-env-zlib.patch38
1 files changed, 0 insertions, 38 deletions
diff --git a/system/openssl/0010-ssl-env-zlib.patch b/system/openssl/0010-ssl-env-zlib.patch
deleted file mode 100644
index 9eae15d72..000000000
--- a/system/openssl/0010-ssl-env-zlib.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-diff -ru openssl-1.0.2a.orig/doc/ssl/SSL_COMP_add_compression_method.pod openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod
---- openssl-1.0.2a.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2015-01-15 16:43:14.000000000 -0200
-+++ openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod 2015-03-27 15:18:47.280054883 -0200
-@@ -47,6 +47,13 @@
- been standardized, the compression API will most likely be changed. Using
- it in the current state is not recommended.
-
-+It is also not recommended to use compression if data transfered contain
-+untrusted parts that can be manipulated by an attacker as he could then
-+get information about the encrypted data. See the CRIME attack. For
-+that reason the default loading of the zlib compression method is
-+disabled and enabled only if the environment variable B<OPENSSL_DEFAULT_ZLIB>
-+is present during the library initialization.
-+
- =head1 RETURN VALUES
-
- SSL_COMP_add_compression_method() may return the following values:
-diff -ru openssl-1.0.2a.orig/ssl/ssl_ciph.c openssl-1.0.2a/ssl/ssl_ciph.c
---- openssl-1.0.2a.orig/ssl/ssl_ciph.c 2015-03-19 15:30:36.000000000 -0200
-+++ openssl-1.0.2a/ssl/ssl_ciph.c 2015-03-27 15:23:05.960057092 -0200
-@@ -141,6 +141,8 @@
- */
-
- #include <stdio.h>
-+#include <stdlib.h>
-+#include <sys/auxv.h>
- #include <openssl/objects.h>
- #ifndef OPENSSL_NO_COMP
- # include <openssl/comp.h>
-@@ -481,7 +483,7 @@
-
- MemCheck_off();
- ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
-- if (ssl_comp_methods != NULL) {
-+ if (ssl_comp_methods != NULL && getauxval(AT_SECURE) == 0 && getenv("OPENSSL_DEFAULT_ZLIB") != NULL) {
- comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
- if (comp != NULL) {
- comp->method = COMP_zlib();