diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2015-01-24 14:36:40 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2015-01-24 14:37:05 +0000 |
commit | 8595cb4102d547388d0d9e699d10a14f8f7aa71c (patch) | |
tree | cd27e4b710769000b651b9af4db2704a1cd328dd /debian/patches/260_openssl.patch | |
parent | Update Vcs-Browser (diff) | |
download | w3m-8595cb4102d547388d0d9e699d10a14f8f7aa71c.tar.gz w3m-8595cb4102d547388d0d9e699d10a14f8f7aa71c.zip |
Integrate Debian changes into 020_debian.patch (closes: #776112)
(debian/patches/*.patch except 010_upstream.patch are merged)
Diffstat (limited to 'debian/patches/260_openssl.patch')
-rw-r--r-- | debian/patches/260_openssl.patch | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/debian/patches/260_openssl.patch b/debian/patches/260_openssl.patch deleted file mode 100644 index 85c32c8..0000000 --- a/debian/patches/260_openssl.patch +++ /dev/null @@ -1,29 +0,0 @@ -Subject: OpenSSL issues -Author: Cristian Rodriguez <crrodriguez@opensuse.org> -Origin: https://build.opensuse.org/request/show/141054 -Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2012-4929 - - Mon Nov 12 18:26:45 UTC 2012 - crrodriguez@opensuse.org - - Due to the "CRIME attack" (CVE-2012-4929) HTTPS clients - that negotiate TLS-level compression can be abused for - MITM attacks. (w3m-openssl.patch) - - Use SSL_MODE_RELEASE_BUFFERS if available . - ---- w3m.orig/url.c -+++ w3m/url.c -@@ -337,7 +337,15 @@ openSSLHandle(int sock, char *hostname, - if (strchr(ssl_forbid_method, 'T')) - option |= SSL_OP_NO_TLSv1; - } -+#ifdef SSL_OP_NO_COMPRESSION -+ option |= SSL_OP_NO_COMPRESSION; -+#endif - SSL_CTX_set_options(ssl_ctx, option); -+ -+#ifdef SSL_MODE_RELEASE_BUFFERS -+ SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS); -+#endif -+ - #ifdef USE_SSL_VERIFY - /* derived from openssl-0.9.5/apps/s_{client,cb}.c */ - #if 1 /* use SSL_get_verify_result() to verify cert */ |