Merge remote-tracking branch 'upstream/stable/v8.x'

szmyd · Oct 10, 2024 · 6d1912b · 6d1912b
2 parents afdb876 + 1ba0fa7
commit 6d1912b
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 5 deletions.
diff --git a/3rd_party/pistache/conandata.yml b/3rd_party/pistache/conandata.yml
@@ -1,5 +1,8 @@
 sources:
-  "nbi.0.0.5":
+  "nbi.0.0.5.1":
+    url: "https://github.com/pistacheio/pistache/archive/refs/tags/0.0.5.tar.gz"
+    sha256: "e2da87ebc01367e33bd8d7800cb2bf5c23e9fb4e6f49dce2cab5f8756df8dca0"
+  "0.0.5":
     url: "https://github.com/pistacheio/pistache/archive/refs/tags/0.0.5.tar.gz"
     sha256: "e2da87ebc01367e33bd8d7800cb2bf5c23e9fb4e6f49dce2cab5f8756df8dca0"
   "cci.20240107":
@@ -9,7 +12,14 @@ sources:
     url: "https://github.com/pistacheio/pistache/archive/a3c5c68e0f08e19331d53d12846079ad761fe974.tar.gz"
     sha256: "f1abb9e43ff847ebff8edb72623c9942162df134bccfb571af9c7817d3261fae"
 patches:
-  "nbi.0.0.5":
+  "nbi.0.0.5.1":
+    - patch_file: "patches/0.0.5-0001-include-cstdint.patch"
+      patch_description: "include <stddef>"
+      patch_type: "portability"
+      patch_source: "https://github.com/pistacheio/pistache/pull/1142"
+    - patch_file: "patches/0.0.5-0002-disable-older-tls.patch"
+      patch_description: "disable tls1 and tls1.1"
+  "0.0.5":
     - patch_file: "patches/0.0.5-0001-include-cstdint.patch"
       patch_description: "include <stddef>"
       patch_type: "portability"

diff --git a/3rd_party/pistache/patches/0.0.5-0002-disable-older-tls.patch b/3rd_party/pistache/patches/0.0.5-0002-disable-older-tls.patch
@@ -0,0 +1,28 @@
+diff -Naur a/src/server/listener.cc b/src/server/listener.cc
+--- a/src/server/listener.cc	2022-09-02 13:59:00.000000000 -0700
++++ b/src/server/listener.cc	2024-10-10 11:00:05.512069049 -0700
+@@ -105,6 +105,24 @@
+                     throw std::runtime_error(err);
+                 }
+             }
++            if (!SSL_CTX_set_options(GetSSLContext(ctx), SSL_OP_NO_SSLv3))
++            {
++                std::string err = "SSL error - cannot disable SSLv3: "
++                    + ssl_print_errors_to_string();
++                throw std::runtime_error(err);
++            }
++            if (!SSL_CTX_set_options(GetSSLContext(ctx), SSL_OP_NO_TLSv1))
++            {
++                std::string err = "SSL error - cannot disable TLSv1.0: "
++                    + ssl_print_errors_to_string();
++                throw std::runtime_error(err);
++            }
++            if (!SSL_CTX_set_options(GetSSLContext(ctx), SSL_OP_NO_TLSv1_1))
++            {
++                std::string err = "SSL error - cannot disable TLSv1.1: "
++                    + ssl_print_errors_to_string();
++                throw std::runtime_error(err);
++            }
+
+             if (cb != NULL)
+             {
diff --git a/conanfile.py b/conanfile.py
@@ -9,7 +9,7 @@
 
 class IOMgrConan(ConanFile):
     name = "iomgr"
-    version = "11.3.11"
+    version = "11.3.12"
 
     homepage = "https://github.com/eBay/IOManager"
     description = "Asynchronous event manager"
@@ -69,7 +69,7 @@ def requirements(self):
             self.requires("grpc/[>=1.50]")
         if self.options.spdk:
             self.requires("spdk/nbi.21.07.y", transitive_headers=True)
-        self.requires("pistache/nbi.0.0.5", transitive_headers=True)
+        self.requires("pistache/nbi.0.0.5.1", transitive_headers=True)
         self.requires("libcurl/8.4.0", override=True)
         self.requires("lz4/1.9.4", override=True)
         self.requires("zstd/1.5.5", override=True)

diff --git a/prepare.sh b/prepare.sh
@@ -13,6 +13,6 @@ conan export 3rd_party/fio fio/nbi.3.28@
 echo -n "spdk."
 conan export 3rd_party/spdk spdk/nbi.21.07.y@
 echo -n "pistache."
-conan export 3rd_party/pistache pistache/nbi.0.0.5@
+conan export 3rd_party/pistache pistache/nbi.0.0.5.1@
 
 echo "done."