aboutsummaryrefslogtreecommitdiffstats
path: root/debian/patches/70_ssl-init.patch
diff options
context:
space:
mode:
authorTatsuya Kinoshita <tats@vega.ocn.ne.jp>2011-05-04 07:37:56 +0000
committerTatsuya Kinoshita <tats@vega.ocn.ne.jp>2011-05-04 07:37:56 +0000
commit93a6ce5c73d259de8254f19b550324b2d5b5d005 (patch)
treee79af60d9addb5caca5eaf9063438655512b51d9 /debian/patches/70_ssl-init.patch
parentReleasing debian version 0.5.2-4 (diff)
downloadw3m-93a6ce5c73d259de8254f19b550324b2d5b5d005.tar.gz
w3m-93a6ce5c73d259de8254f19b550324b2d5b5d005.zip
Releasing debian version 0.5.2-5debian/0.5.2-5
Diffstat (limited to '')
-rw-r--r--debian/patches/70_ssl-init.patch25
1 files changed, 25 insertions, 0 deletions
diff --git a/debian/patches/70_ssl-init.patch b/debian/patches/70_ssl-init.patch
new file mode 100644
index 0000000..6d19279
--- /dev/null
+++ b/debian/patches/70_ssl-init.patch
@@ -0,0 +1,25 @@
+Description: Force ssl_verify_server on and disable SSLv2 support
+Origin: http://www.openwall.com/lists/oss-security/2010/06/14/4
+Author: Ludwig Nussel <ludwig.nussel@suse.de>
+Bug-Debian: http://bugs.debian.org/587445
+
+--- w3m-0.5.2.orig/fm.h
++++ w3m-0.5.2/fm.h
+@@ -1120,7 +1120,7 @@ global int view_unseenobject init(TRUE);
+ #endif
+
+ #if defined(USE_SSL) && defined(USE_SSL_VERIFY)
+-global int ssl_verify_server init(FALSE);
++global int ssl_verify_server init(TRUE);
+ global char *ssl_cert_file init(NULL);
+ global char *ssl_key_file init(NULL);
+ global char *ssl_ca_path init(NULL);
+@@ -1129,7 +1129,7 @@ global int ssl_path_modified init(FALSE)
+ #endif /* defined(USE_SSL) &&
+ * defined(USE_SSL_VERIFY) */
+ #ifdef USE_SSL
+-global char *ssl_forbid_method init(NULL);
++global char *ssl_forbid_method init("2");
+ #endif
+
+ global int is_redisplay init(FALSE);