diff options
Diffstat (limited to 'debian/patches/260_openssl.patch')
| -rw-r--r-- | debian/patches/260_openssl.patch | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/debian/patches/260_openssl.patch b/debian/patches/260_openssl.patch deleted file mode 100644 index 85c32c8..0000000 --- a/debian/patches/260_openssl.patch +++ /dev/null @@ -1,29 +0,0 @@ -Subject: OpenSSL issues -Author: Cristian Rodriguez <crrodriguez@opensuse.org> -Origin: https://build.opensuse.org/request/show/141054 -Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2012-4929 - - Mon Nov 12 18:26:45 UTC 2012 - crrodriguez@opensuse.org - - Due to the "CRIME attack" (CVE-2012-4929) HTTPS clients - that negotiate TLS-level compression can be abused for - MITM attacks. (w3m-openssl.patch) - - Use SSL_MODE_RELEASE_BUFFERS if available . - ---- w3m.orig/url.c -+++ w3m/url.c -@@ -337,7 +337,15 @@ openSSLHandle(int sock, char *hostname, - if (strchr(ssl_forbid_method, 'T')) - option |= SSL_OP_NO_TLSv1; - } -+#ifdef SSL_OP_NO_COMPRESSION -+ option |= SSL_OP_NO_COMPRESSION; -+#endif - SSL_CTX_set_options(ssl_ctx, option); -+ -+#ifdef SSL_MODE_RELEASE_BUFFERS -+ SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS); -+#endif -+ - #ifdef USE_SSL_VERIFY - /* derived from openssl-0.9.5/apps/s_{client,cb}.c */ - #if 1 /* use SSL_get_verify_result() to verify cert */ |