- rel 5; ssl enhancements from upstream

Changed files:
    irssi-ssl.patch -> 1.1
    irssi.spec -> 1.170

diff --git a/irssi-ssl.patch b/irssi-ssl.patch
new file mode 100644 (file)
index 0000000..5ca5d36
--- /dev/null
+++ b/irssi-ssl.patch
@@ -0,0 +1,130 @@
+Index: src/core/network-openssl.c
+===================================================================
+--- src/core/network-openssl.c (wersja 5094)
++++ src/core/network-openssl.c (wersja 5095)
+@@ -317,6 +317,9 @@
+               return NULL;
+       }
+ 
++      SSL_set_mode(ssl, SSL_MODE_ENABLE_PARTIAL_WRITE |
++                      SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
++
+       chan = g_new0(GIOSSLChannel, 1);
+       chan->fd = fd;
+       chan->giochan = handle;
+Index: src/core/network-openssl.c
+===================================================================
+--- src/core/network-openssl.c (wersja 5106)
++++ src/core/network-openssl.c (wersja 5107)
+@@ -43,15 +43,14 @@
+       const char *hostname;
+ } GIOSSLChannel;
+ 
+-static SSL_CTX *ssl_ctx = NULL;
++static int ssl_inited = FALSE;
+ 
+ static void irssi_ssl_free(GIOChannel *handle)
+ {
+       GIOSSLChannel *chan = (GIOSSLChannel *)handle;
+       g_io_channel_unref(chan->giochan);
+       SSL_free(chan->ssl);
+-      if (chan->ctx != ssl_ctx)
+-              SSL_CTX_free(chan->ctx);
++      SSL_CTX_free(chan->ctx);
+       g_free(chan);
+ }
+ 
+@@ -375,14 +374,8 @@
+ {
+       SSL_library_init();
+       SSL_load_error_strings();
++      ssl_inited = TRUE;
+ 
+-      ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+-      if(!ssl_ctx)
+-      {
+-              g_error("Initialization of the SSL library failed");
+-              return FALSE;
+-      }
+-
+       return TRUE;
+ 
+ }
+@@ -397,18 +390,20 @@
+ 
+       g_return_val_if_fail(handle != NULL, NULL);
+ 
+-      if(!ssl_ctx && !irssi_ssl_init())
++      if(!ssl_inited && !irssi_ssl_init())
+               return NULL;
+ 
+       if(!(fd = g_io_channel_unix_get_fd(handle)))
+               return NULL;
+ 
++      ctx = SSL_CTX_new(SSLv23_client_method());
++      if (ctx == NULL) {
++              g_error("Could not allocate memory for SSL context");
++              return NULL;
++      }
++
+       if (mycert && *mycert) {
+               char *scert = NULL, *spkey = NULL;
+-              if ((ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) {
+-                      g_error("Could not allocate memory for SSL context");
+-                      return NULL;
+-              }
+               scert = convert_home(mycert);
+               if (mypkey && *mypkey)
+                       spkey = convert_home(mypkey);
+@@ -425,10 +420,6 @@
+       if ((cafile && *cafile) || (capath && *capath)) {
+               char *scafile = NULL;
+               char *scapath = NULL;
+-              if (! ctx && (ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) {
+-                      g_error("Could not allocate memory for SSL context");
+-                      return NULL;
+-              }
+               if (cafile && *cafile)
+                       scafile = convert_home(cafile);
+               if (capath && *capath)
+@@ -443,14 +434,15 @@
+               g_free(scafile);
+               g_free(scapath);
+               verify = TRUE;
++      } else {
++              if (!SSL_CTX_set_default_verify_paths(ctx))
++                      g_warning("Could not load default certificates");
+       }
+ 
+-      if (ctx == NULL)
+-              ctx = ssl_ctx;
+-
+       if(!(ssl = SSL_new(ctx)))
+       {
+               g_warning("Failed to allocate SSL structure");
++              SSL_CTX_free(ctx);
+               return NULL;
+       }
+ 
+@@ -458,8 +450,7 @@
+       {
+               g_warning("Failed to associate socket to SSL stream");
+               SSL_free(ssl);
+-              if (ctx != ssl_ctx)
+-                      SSL_CTX_free(ctx);
++              SSL_CTX_free(ctx);
+               return NULL;
+       }
+ 
+Index: src/core/network-openssl.c
+===================================================================
+--- src/core/network-openssl.c (wersja 5107)
++++ src/core/network-openssl.c (wersja 5108)
+@@ -374,6 +374,7 @@
+ {
+       SSL_library_init();
+       SSL_load_error_strings();
++      OpenSSL_add_all_algorithms();
+       ssl_inited = TRUE;
+ 
+       return TRUE;

diff --git a/irssi.spec b/irssi.spec
index b57b64ce1e66f07c31e4f4fd58a313171cbc0464..ebeb5d660a8e7140ced83c35026883f0fba0b7d9 100644 (file)
--- a/irssi.spec
+++ b/irssi.spec
@@ -13,7 +13,7 @@ Summary(fr.UTF-8):    Irssi est un client IRC
 Summary(pl.UTF-8):     Irssi - wygodny w użyciu klient IRC
 Name:          irssi
 Version:       0.8.14
-Release:       4
+Release:       5
 License:       GPL
 Group:         Applications/Communications
 #Source0:      http://www.irssi.org/files/snapshots/%{name}-%{_snap}.tar.gz
@@ -35,6 +35,7 @@ Patch6:               %{name}-invalid_free.patch
 Patch7:                %{name}-color_support_for_gui_entry.patch
 Patch8:                %{name}-libs-nopoison.patch
 Patch9:                irssi.conf.patch
+Patch10:       %{name}-ssl.patch
 URL:           http://www.irssi.org/
 BuildRequires: autoconf
 BuildRequires: automake
@@ -96,6 +97,7 @@ Ten pakiet zawiera wtyczkę do Irssi z szyfrowaniem IDEA.
 %patch7 -p0
 %patch8 -p1
 %patch9 -p1
+%patch10 -p0
 
 echo 'AC_DEFUN([AM_PATH_GLIB],[:])' > glib1.m4