From patchwork Mon Jan 8 00:42:51 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 1597 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.ipfire.org (Postfix) with ESMTP id 2F5F560A09 for ; Sun, 7 Jan 2018 14:44:08 +0100 (CET) Received: from mail01.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 5F6851E7E; Sun, 7 Jan 2018 14:44:07 +0100 (CET) Received: from mx.link38.eu (mx.link38.eu [188.68.43.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.link38.eu", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 6F09F1E7E for ; Sun, 7 Jan 2018 14:42:58 +0100 (CET) X-Virus-Scanned: ClamAV at mx.link38.eu Received: from mx-fra.brokers.link38.eu (mx-fra.brokers.link38.eu [10.141.75.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.link38.eu (Postfix) with ESMTPS id 5E2F140240 for ; Sun, 7 Jan 2018 14:42:52 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx-fra.brokers.link38.eu (Postfix) with ESMTPSA id D2DA29F408 for ; Sun, 7 Jan 2018 14:42:51 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=link38.eu; s=201711; t=1515332571; x=1578404571; bh=Y/SE0RNymWtUaCedcM6kpSuTJUsosniihHY4/KA8WcE=; h=Date:From:To:Subject:Message-ID:Content-Type:From:To:Subject:Date: Cc; b=EMcGJ/h4ZICQoOpobXCKpRPcTRfSc0te/2gG14lzEkfeWh90Ysu8a3sTKPH14lAhW V5P3p5o0cZ2I7/UcUW/GsYu+CS+IVKaFUo0XPrywq+yn3mxOufr/YbwQb7Jw20h9P0 nTDCzzo3FfSdoDh9BRSAsMog6ahSZLhdF048p3yc2STOWN6PQDliiV8MIqjxGM5Op0 vl3eYdiF6XLhQOIGBjNMTguykFMbLv78VYqUMOhH55DQpXifMnhRYiwBLx8zTK4mG+ tUn+zdMiIC6Wh0Qryqmo5elD53PznN0UrLL4voQ4AdywFO1rexLgLrUTQUOQYLPMoG 8o3f6z4IsCUkg== Date: Sun, 7 Jan 2018 14:42:51 +0100 From: Peter =?utf-8?q?M=C3=BCller?= To: "development@lists.ipfire.org" Subject: Question regarding package updates, applying patches, and building Message-ID: <20180107144251.7cb5c7be.peter.mueller@link38.eu> Organization: Link38 MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Hello, while trying to update entire packages in IPFire (some of them are outdated) and to fix some bugs, I ran into a couple of questions: (a) How to update entire packages? As far as I understood, to every package belongs a file in lfs/[package_name], containing information about how to build, apply patches to it, and so on. It seems like packages are downloaded from https://source.ipfire.org/ , but it did not became clear to me how to upload a new version of a package to this server. Of course, the download URL can be changed manually, but that seems rather ugly to me. Unfortunately, I was unable to find a sort of tutorial in the wiki for this issue. (b) How to apply patches to downloaded packages with changed filenames? As discussed in December (https://wiki.ipfire.org/devel/telco/2017-12-04), I am supposed to have a look at the DEFAULT cipher suite in OpenSSL. To change this value, the .tar.gz file needs to be downloaded and unpacked first. After that, the file "ssl/ssl.h" needs to be changed. The patch at src/patches/openssl-1.0.2h-weak-ciphers.patch does something similar: But where does the file openssl-[...].org came from? (c) How to build the distribution partly? In the past, I handed in some patches to allow remote syslogging via TCP, too. After some struggles (settings are written by a C program, not the CGI file itself), I modified syslogdctrl.c, and the changes were shipped. (See https://bugzilla.ipfire.org/show_bug.cgi?id=11540 for details.) But since this program now crashes with a segfault on my machine (*sigh*), it seems like my patch contained some errors. However, building the entire distribution is somewhat time-consuming and not worth the effort for a probably small error. Is there any way of just building this C program, and omit the rest? Thanks in advance! Best regards, Peter Müller diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h --- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200 +++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200 @@ -338,7 +338,7 @@ * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. */ -# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" +# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES" /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is