aboutsummaryrefslogtreecommitdiffstats
path: root/debian
diff options
context:
space:
mode:
authorTatsuya Kinoshita <tats@debian.org>2014-06-23 13:50:49 +0000
committerTatsuya Kinoshita <tats@debian.org>2014-06-23 13:52:22 +0000
commit11979bbe99261335a199ff6e223affc6ad2cc685 (patch)
tree47eec120eac78f90f01902bd05022c71f7e95fe6 /debian
parentUpdate debian/rules to bootstrap without libimlib2-dev (closes: #738208) (diff)
downloadw3m-11979bbe99261335a199ff6e223affc6ad2cc685.tar.gz
w3m-11979bbe99261335a199ff6e223affc6ad2cc685.zip
New patch 330_Disable-weak-ciphers.patch (LP: #1325674)
Diffstat (limited to 'debian')
-rw-r--r--debian/patches/330_Disable-weak-ciphers.patch16
-rw-r--r--debian/patches/series1
2 files changed, 17 insertions, 0 deletions
diff --git a/debian/patches/330_Disable-weak-ciphers.patch b/debian/patches/330_Disable-weak-ciphers.patch
new file mode 100644
index 0000000..a243c61
--- /dev/null
+++ b/debian/patches/330_Disable-weak-ciphers.patch
@@ -0,0 +1,16 @@
+Subject: Disable ciphers that use keys smaller than 128 bits
+From: Tatsuya Kinoshita <tats@debian.org>
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/w3m/+bug/1325674
+
+diff --git a/url.c b/url.c
+index ed6062e..e6b51c8 100644
+--- a/url.c
++++ b/url.c
+@@ -326,6 +326,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
+ SSL_load_error_strings();
+ if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method())))
+ goto eend;
++ SSL_CTX_set_cipher_list(ssl_ctx, "DEFAULT:!LOW:!EXP");
+ option = SSL_OP_ALL;
+ if (ssl_forbid_method) {
+ if (strchr(ssl_forbid_method, '2'))
diff --git a/debian/patches/series b/debian/patches/series
index d887f52..e7e1572 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -31,4 +31,5 @@
300_manual-links.patch
310_doc-ascii.patch
320_imlib2-config.patch
+330_Disable-weak-ciphers.patch
900_ChangeLog.patch