20231080 problem in UTILITY/W3M
authorRich Burridge <rich.burridge@oracle.com>
Thu, 29 Jan 2015 14:57:20 -0800
changeset 3705 0d8951107033
parent 3703 71b5204c547a
child 3716 a2629a2cf270
20231080 problem in UTILITY/W3M 20231097 problem in UTILITY/LYNX
components/lynx/patches/02-init-openssl.patch
components/w3m/patches/05-init-openssl.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/lynx/patches/02-init-openssl.patch	Thu Jan 29 14:57:20 2015 -0800
@@ -0,0 +1,15 @@
+Disable SSLv2 and SSLv3 in lynx to "mitigate POODLE vulnerability".
+
+This change will be passed upstream.
+
+--- lynx2-8-7/WWW/Library/Implementation/HTTP.c.orig	2015-01-29 08:30:29.185065523 -0800
++++ lynx2-8-7/WWW/Library/Implementation/HTTP.c	2015-01-29 08:48:49.143858796 -0800
[email protected]@ -123,6 +123,8 @@
+ 	SSLeay_add_ssl_algorithms();
+ 	ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+ 	SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
++	/* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */
++	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+ 	SSL_CTX_set_default_verify_paths(ssl_ctx);
+ 	SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, HTSSLCallback);
+ #endif /* SSLEAY_VERSION_NUMBER < 0x0800 */
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/w3m/patches/05-init-openssl.patch	Thu Jan 29 14:57:20 2015 -0800
@@ -0,0 +1,15 @@
+Disable SSLv2 and SSLv3 in w3m to "mitigate POODLE vulnerability".
+
+This change will be passed upstream.
+
+--- w3m-0.5.2/url.c.orig	2015-01-29 08:37:04.156739107 -0800
++++ w3m-0.5.2/url.c	2015-01-29 08:48:24.055383389 -0800
[email protected]@ -337,6 +337,8 @@
+ 		option |= SSL_OP_NO_TLSv1;
+ 	}
+ 	SSL_CTX_set_options(ssl_ctx, option);
++	/* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */
++	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+ #ifdef USE_SSL_VERIFY
+ 	/* derived from openssl-0.9.5/apps/s_{client,cb}.c */
+ #if 1				/* use SSL_get_verify_result() to verify cert */