svn commit: r378448 - in head/devel/mercurial: . files

Mathieu Arnold mat at FreeBSD.org
Thu Feb 5 09:01:47 UTC 2015 

Author: mat
Date: Thu Feb  5 09:01:46 2015
New Revision: 378448
URL: https://svnweb.freebsd.org/changeset/ports/378448
QAT: https://qat.redports.org/buildarchive/r378448/

Log:
  Fix how OpenSSL context is created to make it possible to push over https again.
  
  Submitted by:	maintainer
  Approved by:	maintainer
  Sponsored by:	Absolight

Added:
  head/devel/mercurial/files/patch-mercurial_sslutil.py   (contents, props changed)
Modified:
  head/devel/mercurial/Makefile

Modified: head/devel/mercurial/Makefile
==============================================================================
--- head/devel/mercurial/Makefile	Thu Feb  5 08:57:04 2015	(r378447)
+++ head/devel/mercurial/Makefile	Thu Feb  5 09:01:46 2015	(r378448)
@@ -3,6 +3,7 @@
 
 PORTNAME=	mercurial
 PORTVERSION=	3.3
+PORTREVISION=	1
 CATEGORIES=	devel python
 MASTER_SITES=	http://mercurial.selenic.com/release/
 

Added: head/devel/mercurial/files/patch-mercurial_sslutil.py
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/devel/mercurial/files/patch-mercurial_sslutil.py	Thu Feb  5 09:01:46 2015	(r378448)
@@ -0,0 +1,18 @@
+Change condition in order to prevent SSLv2 and SSLv3 protocols.
+Taken from ${PYTHON_LIBDIR}/ssl.py file (found in 'create_default_context'
+function).
+
+--- mercurial/sslutil.py.orig	2015-02-02 02:20:50 UTC
++++ mercurial/sslutil.py
+@@ -29,7 +29,10 @@ try:
+             # maintainers for us, but that breaks too many things to
+             # do it in a hurry.
+             sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+-            sslcontext.options &= ssl.OP_NO_SSLv2 & ssl.OP_NO_SSLv3
++            # SSLv2 is considered harmful
++            sslcontext.options |= ssl.OP_NO_SSLv2
++            # SSLv3 has problematic security issue
++            sslcontext.options |= ssl.OP_NO_SSLv3
+             if certfile is not None:
+                 sslcontext.load_cert_chain(certfile, keyfile)
+             sslcontext.verify_mode = cert_reqs

More information about the svn-ports-all mailing list