From owner-svn-ports-head@FreeBSD.ORG Thu Feb 5 09:01:47 2015 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B5488BA5; Thu, 5 Feb 2015 09:01:47 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 88B109F7; Thu, 5 Feb 2015 09:01:47 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t1591l1a098940; Thu, 5 Feb 2015 09:01:47 GMT (envelope-from mat@FreeBSD.org) Received: (from mat@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t1591l2f098937; Thu, 5 Feb 2015 09:01:47 GMT (envelope-from mat@FreeBSD.org) Message-Id: <201502050901.t1591l2f098937@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: mat set sender to mat@FreeBSD.org using -f From: Mathieu Arnold Date: Thu, 5 Feb 2015 09:01:47 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r378448 - in head/devel/mercurial: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Feb 2015 09:01:47 -0000 Author: mat Date: Thu Feb 5 09:01:46 2015 New Revision: 378448 URL: https://svnweb.freebsd.org/changeset/ports/378448 QAT: https://qat.redports.org/buildarchive/r378448/ Log: Fix how OpenSSL context is created to make it possible to push over https again. Submitted by: maintainer Approved by: maintainer Sponsored by: Absolight Added: head/devel/mercurial/files/patch-mercurial_sslutil.py (contents, props changed) Modified: head/devel/mercurial/Makefile Modified: head/devel/mercurial/Makefile ============================================================================== --- head/devel/mercurial/Makefile Thu Feb 5 08:57:04 2015 (r378447) +++ head/devel/mercurial/Makefile Thu Feb 5 09:01:46 2015 (r378448) @@ -3,6 +3,7 @@ PORTNAME= mercurial PORTVERSION= 3.3 +PORTREVISION= 1 CATEGORIES= devel python MASTER_SITES= http://mercurial.selenic.com/release/ Added: head/devel/mercurial/files/patch-mercurial_sslutil.py ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/devel/mercurial/files/patch-mercurial_sslutil.py Thu Feb 5 09:01:46 2015 (r378448) @@ -0,0 +1,18 @@ +Change condition in order to prevent SSLv2 and SSLv3 protocols. +Taken from ${PYTHON_LIBDIR}/ssl.py file (found in 'create_default_context' +function). + +--- mercurial/sslutil.py.orig 2015-02-02 02:20:50 UTC ++++ mercurial/sslutil.py +@@ -29,7 +29,10 @@ try: + # maintainers for us, but that breaks too many things to + # do it in a hurry. + sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23) +- sslcontext.options &= ssl.OP_NO_SSLv2 & ssl.OP_NO_SSLv3 ++ # SSLv2 is considered harmful ++ sslcontext.options |= ssl.OP_NO_SSLv2 ++ # SSLv3 has problematic security issue ++ sslcontext.options |= ssl.OP_NO_SSLv3 + if certfile is not None: + sslcontext.load_cert_chain(certfile, keyfile) + sslcontext.verify_mode = cert_reqs