aboutsummaryrefslogtreecommitdiffstats
path: root/debian/patches/340_ssl-init.patch
diff options
context:
space:
mode:
authorTatsuya Kinoshita <tats@debian.org>2015-01-24 14:36:40 +0000
committerTatsuya Kinoshita <tats@debian.org>2015-01-24 14:37:05 +0000
commit8595cb4102d547388d0d9e699d10a14f8f7aa71c (patch)
treecd27e4b710769000b651b9af4db2704a1cd328dd /debian/patches/340_ssl-init.patch
parentUpdate Vcs-Browser (diff)
downloadw3m-8595cb4102d547388d0d9e699d10a14f8f7aa71c.tar.gz
w3m-8595cb4102d547388d0d9e699d10a14f8f7aa71c.zip
Integrate Debian changes into 020_debian.patch (closes: #776112)
(debian/patches/*.patch except 010_upstream.patch are merged)
Diffstat (limited to '')
-rw-r--r--debian/patches/340_ssl-init.patch50
1 files changed, 0 insertions, 50 deletions
diff --git a/debian/patches/340_ssl-init.patch b/debian/patches/340_ssl-init.patch
deleted file mode 100644
index b47bbb6..0000000
--- a/debian/patches/340_ssl-init.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-Subject: Force ssl_verify_server on, and disable SSLv2 and SSLv3
-Author: Ludwig Nussel <ludwig.nussel@suse.de>, Tatsuya Kinoshita <tats@debian.org>
-Origin: http://www.openwall.com/lists/oss-security/2010/06/14/4
-
- Update README.SSL to follow default values
-
- Disable SSLv3 by default [CVE-2014-3566]
- cf. https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
-
- Force ssl_verify_server on and disable SSLv2 support
- Origin: http://www.openwall.com/lists/oss-security/2010/06/14/4
-
-diff --git a/doc-jp/README.SSL b/doc-jp/README.SSL
-index 4aedfde..670ed5f 100644
---- a/doc-jp/README.SSL
-+++ b/doc-jp/README.SSL
-@@ -25,9 +25,9 @@ SSL
-
- ssl_forbid_method
- 使わないSSLメソッドのリスト(2: SSLv2, 3: SSLv3, t: TLSv1)
-- (デフォルトは<NULL>).
-+ (デフォルトは2, 3).
- ssl_verify_server ON/OFF
-- SSLのサーバ認証を行う(デフォルトはOFF).
-+ SSLのサーバ認証を行う(デフォルトはON).
- ssl_cert_file ファイル名
- SSLのクライアント用PEM形式証明書ファイル(デフォルトは<NULL>).
- ssl_key_file ファイル名
-diff --git a/fm.h b/fm.h
-index 8378939..ddcd4fc 100644
---- a/fm.h
-+++ b/fm.h
-@@ -1135,7 +1135,7 @@ global int view_unseenobject init(TRUE);
- #endif
-
- #if defined(USE_SSL) && defined(USE_SSL_VERIFY)
--global int ssl_verify_server init(FALSE);
-+global int ssl_verify_server init(TRUE);
- global char *ssl_cert_file init(NULL);
- global char *ssl_key_file init(NULL);
- global char *ssl_ca_path init(NULL);
-@@ -1144,7 +1144,7 @@ global int ssl_path_modified init(FALSE);
- #endif /* defined(USE_SSL) &&
- * defined(USE_SSL_VERIFY) */
- #ifdef USE_SSL
--global char *ssl_forbid_method init(NULL);
-+global char *ssl_forbid_method init("2, 3");
- #endif
-
- global int is_redisplay init(FALSE);