# HG changeset patch # User Rich Burridge # Date 1422572240 28800 # Node ID 0d89511070338ff2f4d84b84d1ee13c3de587252 # Parent 71b5204c547a800a92834e4f83b3aaf46d293e3b 20231080 problem in UTILITY/W3M 20231097 problem in UTILITY/LYNX diff -r 71b5204c547a -r 0d8951107033 components/lynx/patches/02-init-openssl.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/lynx/patches/02-init-openssl.patch Thu Jan 29 14:57:20 2015 -0800 @@ -0,0 +1,15 @@ +Disable SSLv2 and SSLv3 in lynx to "mitigate POODLE vulnerability". + +This change will be passed upstream. + +--- lynx2-8-7/WWW/Library/Implementation/HTTP.c.orig 2015-01-29 08:30:29.185065523 -0800 ++++ lynx2-8-7/WWW/Library/Implementation/HTTP.c 2015-01-29 08:48:49.143858796 -0800 +@@ -123,6 +123,8 @@ + SSLeay_add_ssl_algorithms(); + ssl_ctx = SSL_CTX_new(SSLv23_client_method()); + SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); ++ /* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */ ++ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); + SSL_CTX_set_default_verify_paths(ssl_ctx); + SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, HTSSLCallback); + #endif /* SSLEAY_VERSION_NUMBER < 0x0800 */ diff -r 71b5204c547a -r 0d8951107033 components/w3m/patches/05-init-openssl.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/w3m/patches/05-init-openssl.patch Thu Jan 29 14:57:20 2015 -0800 @@ -0,0 +1,15 @@ +Disable SSLv2 and SSLv3 in w3m to "mitigate POODLE vulnerability". + +This change will be passed upstream. + +--- w3m-0.5.2/url.c.orig 2015-01-29 08:37:04.156739107 -0800 ++++ w3m-0.5.2/url.c 2015-01-29 08:48:24.055383389 -0800 +@@ -337,6 +337,8 @@ + option |= SSL_OP_NO_TLSv1; + } + SSL_CTX_set_options(ssl_ctx, option); ++ /* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */ ++ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); + #ifdef USE_SSL_VERIFY + /* derived from openssl-0.9.5/apps/s_{client,cb}.c */ + #if 1 /* use SSL_get_verify_result() to verify cert */