Changes - j0ke.net Open Build Service

Changes of Revision 2

[-] [+]	Changed	nginx.spec
@@ -1,4 +1,4 @@ -%define nginx_user nginx + %define nginx_group %{nginx_user} %define nginx_home %{_localstatedir}/lib/nginx %define nginx_home_tmp %{nginx_home}/tmp @@ -16,7 +16,7 @@ %define nps_version 1.9.32.3 %define slowfs_version 1.5 #%define waf_version 2.8.0 -%define openssl_version 1.0.2a +#%define openssl_version 1.0.2a Name: nginx Version: 1.9.1 @@ -67,7 +67,8 @@ Source9: Nginx-limit-traffic-rate-module.tar.gz Source10: %{rtmp}.tar.gz Source11: nginx_upstream_check_module-master.tar.gz -Source12: openssl-%{openssl_version}.tar.gz +#Source12: openssl-%{openssl_version}.tar.gz +Source12: boringssl.tar.gz Source13: nginx-munin.tar.gz Source14: release-%{nps_version}-beta.zip Source15: %{nps_version}.tar.gz @@ -157,11 +158,13 @@ --with-http_secure_link_module \ --with-http_degradation_module \ --with-http_stub_status_module \ + --with-stream_ssl_modul \ --with-stream \ + --with-threads \ --with-debug \ --with-ipv6 \ --with-cc-opt="%{optflags} $(pcre-config --cflags)" \ - --with-openssl=%{_builddir}/nginx-%{version}/openssl-%{openssl_version} \ + --with-openssl=%{_builddir}/nginx-%{version}/boringssl \ --with-file-aio \ --add-module=%{_builddir}/nginx-%{version}/Nginx-limit-traffic-rate-module \ %if 0%{?rhel_version} == 700 \|\| 0%{?centos_version} == 700 @@ -268,8 +271,13 @@ %changelog +* Wed May 05 2015 Juergen Gotteswinter <jg@internetx.com> - 1.9.1-1 +- walls up - same sourcetree than stable builds, just compiled against + googles boringssl. Project Mad Ivan +- added simple patch to get nginx taking care about boringssl + * Wed May 12 2015 Juergen Gotteswinter <jg@internetx.com> - 1.9.1-1 -- Version Bump 1.9.1 Codename Putin +- Version Bump 1.9.1 * Wed May 12 2015 Juergen Gotteswinter <jg@internetx.com> - 1.9.0-1 - moved on to the current stable mainline tree 1.9.x x 1 @@ -1,4 +1,4 @@ 2 -%define nginx_user nginx 3 + 4 %define nginx_group %{nginx_user} 5 %define nginx_home %{_localstatedir}/lib/nginx 6 %define nginx_home_tmp %{nginx_home}/tmp 7 @@ -16,7 +16,7 @@ 8 %define nps_version 1.9.32.3 9 %define slowfs_version 1.5 10 #%define waf_version 2.8.0 11 -%define openssl_version 1.0.2a 12 +#%define openssl_version 1.0.2a 13 14 Name: nginx 15 Version: 1.9.1 16 @@ -67,7 +67,8 @@ 17 Source9: Nginx-limit-traffic-rate-module.tar.gz 18 Source10: %{rtmp}.tar.gz 19 Source11: nginx_upstream_check_module-master.tar.gz 20 -Source12: openssl-%{openssl_version}.tar.gz 21 +#Source12: openssl-%{openssl_version}.tar.gz 22 +Source12: boringssl.tar.gz 23 Source13: nginx-munin.tar.gz 24 Source14: release-%{nps_version}-beta.zip 25 Source15: %{nps_version}.tar.gz 26 @@ -157,11 +158,13 @@ 27 --with-http_secure_link_module \ 28 --with-http_degradation_module \ 29 --with-http_stub_status_module \ 30 + --with-stream_ssl_modul \ 31 --with-stream \ 32 + --with-threads \ 33 --with-debug \ 34 --with-ipv6 \ 35 --with-cc-opt="%{optflags} $(pcre-config --cflags)" \ 36 - --with-openssl=%{_builddir}/nginx-%{version}/openssl-%{openssl_version} \ 37 + --with-openssl=%{_builddir}/nginx-%{version}/boringssl \ 38 --with-file-aio \ 39 --add-module=%{_builddir}/nginx-%{version}/Nginx-limit-traffic-rate-module \ 40 %if 0%{?rhel_version} == 700 \|\| 0%{?centos_version} == 700 41 @@ -268,8 +271,13 @@ 42 43 44 %changelog 45 +* Wed May 05 2015 Juergen Gotteswinter <jg@internetx.com> - 1.9.1-1 46 +- walls up - same sourcetree than stable builds, just compiled against 47 + googles boringssl. Project Mad Ivan 48 +- added simple patch to get nginx taking care about boringssl 49 + 50 * Wed May 12 2015 Juergen Gotteswinter <jg@internetx.com> - 1.9.1-1 51 -- Version Bump 1.9.1 Codename Putin 52 +- Version Bump 1.9.1 53 54 * Wed May 12 2015 Juergen Gotteswinter <jg@internetx.com> - 1.9.0-1 55 - moved on to the current stable mainline tree 1.9.x 56
[-] [+]	Added	boringssl.patch ^
@@ -0,0 +1,66 @@ +From ec439c41f45ce01f0f5e03b8df58f0148e108f83 Mon Sep 17 00:00:00 2001 +From: Yves Laroche <yves.laroche@bluecoala.com> +Date: Fri, 24 Apr 2015 12:57:48 +0100 +Subject: [PATCH] BoringSSL + +--- + src/core/nginx.c \| 8 ++++++++ + src/event/ngx_event_openssl.c \| 2 ++ + src/event/ngx_event_openssl.h \| 1 + + 3 files changed, 11 insertions(+) + +diff --git a/src/core/nginx.c b/src/core/nginx.c +index 4702d28..9a0cc89 100644 +--- a/src/core/nginx.c ++++ b/src/core/nginx.c +@@ -254,6 +254,7 @@ main(int argc, char const argv) + #endif + + #if (NGX_SSL) ++#ifdef SSLEAY_VERSION_NUMBER + if (SSLeay() == SSLEAY_VERSION_NUMBER) { + ngx_write_stderr("built with " OPENSSL_VERSION_TEXT + NGX_LINEFEED); +@@ -264,6 +265,13 @@ main(int argc, char const argv) + SSLeay_version(SSLEAY_VERSION)); + ngx_write_stderr(")" NGX_LINEFEED); + } ++#else ++ ngx_write_stderr("built with " OPENSSL_VERSION_TEXT ++ " (running with "); ++ ngx_write_stderr((char ) (uintptr_t) ++ SSLeay_version(SSLEAY_VERSION)); ++ ngx_write_stderr(")" NGX_LINEFEED); ++#endif + #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME + ngx_write_stderr("TLS SNI support enabled" NGX_LINEFEED); + #else +diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c +index 1b789e6..00d2448 100644 +--- a/src/event/ngx_event_openssl.c ++++ b/src/event/ngx_event_openssl.c +@@ -1905,7 +1905,9 @@ ngx_ssl_connection_error(ngx_connection_t c, int sslerr, ngx_err_t err, + + /* handshake failures / + if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC / 103 / ++#ifdef SSL_R_BLOCK_CIPHER_PAD_IS_WRONG + \|\| n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG / 129 / ++#endif + \|\| n == SSL_R_DIGEST_CHECK_FAILED / 149 / + \|\| n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST / 151 / + \|\| n == SSL_R_EXCESSIVE_MESSAGE_SIZE / 152 */ +diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h +index 08eff64..cc48bb4 100644 +--- a/src/event/ngx_event_openssl.h ++++ b/src/event/ngx_event_openssl.h +@@ -29,6 +29,7 @@ + #include <openssl/rsa.h> + #include <openssl/x509.h> + #include <openssl/x509v3.h> ++#include <openssl/mem.h> + + #define NGX_SSL_NAME "OpenSSL" + +-- +2.1.4 +
[-] [+]	Deleted	openssl-rc4tilt.patch ^
@@ -1,17 +0,0 @@ -Nur in openssl-1.0.1j-norc4: openssl__disable_rc4.patch. -diff -ru openssl-1.0.1j/ssl/s3_lib.c openssl-1.0.1j-norc4/ssl/s3_lib.c ---- openssl-1.0.1j/ssl/s3_lib.c 2014-10-15 14:53:39.000000000 +0200 -+++ openssl-1.0.1j-norc4/ssl/s3_lib.c 2014-10-23 18:57:16.468131600 +0200 -@@ -3844,6 +3844,11 @@ - (TLS1_get_version(s) < TLS1_2_VERSION)) - continue; - -+ /* Disable RC4 for TLS v1.1+ */ -+ if ((c->algorithm_enc == SSL_RC4) && -+ (TLS1_get_version(s) >= TLS1_1_VERSION)) -+ continue; -+ - ssl_set_cert_masks(cert,c); - mask_k = cert->mask_k; - mask_a = cert->mask_a; -Nur in openssl-1.0.1j-norc4/ssl: s3_lib.c.orig.
	Added	boringssl.tar.gz ^
	Deleted	openssl-1.0.2a.tar.gz ^