Bug#733107: nginx: 1.4.4-1 FTBFS against recent libssl-dev

Neutron Soutmun Wed, 25 Dec 2013 08:00:45 -0800

Package: src:nginx
Followup-For: Bug #733107

Dear Maintainer,


  I have checked-out the nginx source package from collab-maint git
repository and prepared the patch to fix this bug, please find the
attached file.

Best regards,
Neutron Soutmun

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.11-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

From 8dc8b9e6a71b745f9bf070a1f1866d0a46b73c7f Mon Sep 17 00:00:00 2001
From: Neutron Soutmun <neo.neut...@gmail.com>
Date: Wed, 25 Dec 2013 22:07:52 +0700
Subject: [PATCH] Fix FTBFS against the recent libssl-dev

---
 debian/changelog                                      |  4 ++++
 .../guard-use-of-deprecated-openssl-definition.patch  | 19 +++++++++++++++++++
 debian/patches/series                                 |  1 +
 3 files changed, 24 insertions(+)
 create mode 100644 debian/patches/guard-use-of-deprecated-openssl-definition.patch

diff --git a/debian/changelog b/debian/changelog
index 94a8a67..f922545 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -21,6 +21,10 @@ nginx (1.4.4-2) UNRELEASED; urgency=low
     + Host header should be passed unmodified to the proxied server.
     + Pass X-Forwarded-Proto header to the proxied server.
 
+  [ Neutron Soutmun ]
+  * debian/patches/guard-use-of-deprecated-openssl-definition.patch:
+    + Fix FTBFS against the recent libssl-dev. (Closes: #733107)
+
  -- Michael Lustfield <mich...@forge.lustfield.net>  Sun, 24 Nov 2013 15:59:52 -0600
 
 nginx (1.4.4-1) unstable; urgency=low
diff --git a/debian/patches/guard-use-of-deprecated-openssl-definition.patch b/debian/patches/guard-use-of-deprecated-openssl-definition.patch
new file mode 100644
index 0000000..1ebc8bc
--- /dev/null
+++ b/debian/patches/guard-use-of-deprecated-openssl-definition.patch
@@ -0,0 +1,19 @@
+Description: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING
+ This option had no effect since 0.9.7h / 0.9.8b and it was removed
+ in recent OpenSSL
+Author: Piotr Sikora <pi...@cloudflare.com>
+Origin: http://trac.nginx.org/nginx/changeset/a73678f5f96ffead0b616b2c03dfcfd5445d443b/nginx
+
+Index: src/event/ngx_event_openssl.c
+===================================================================
+--- a/src/event/ngx_event_openssl.c
++++ b/src/event/ngx_event_openssl.c
+@@ -186,6 +186,8 @@
+     SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
+
++#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
+     /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
+     SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
++#endif
+
+     SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
diff --git a/debian/patches/series b/debian/patches/series
index 73f535e..f4cd23e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 perl-use-dpkg-buildflags.patch
+guard-use-of-deprecated-openssl-definition.patch
-- 
1.8.5.2

signature.asc
Description: Digital signature

Bug#733107: nginx: 1.4.4-1 FTBFS against recent libssl-dev

Reply via email to