Mercurial Mercurial > upstream > oracle > userland-gate / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
20231094 problem in UTILITY/LINKS s11u2-sru
authorRich Burridge <rich.burridge@oracle.com>
Fri, 09 Jan 2015 13:29:50 -0800
branchs11u2-sru
changeset 3608 bd6da1c6bb63
parent 3607 3319d35f11de
child 3609 4f3b656821cd
20231094 problem in UTILITY/LINKS
components/links/patches/init-openssl.patch file | annotate | diff | comparison | revisions 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/links/patches/init-openssl.patch	Fri Jan 09 13:29:50 2015 -0800
@@ -0,0 +1,14 @@
+Disable SSLv2 and SSLv3 in elinks to "mitigate POODLE vulnerability".
+
+This change will be passed upstream.
+
+--- links-1.03/https.c.orig	2014-12-17 15:47:04.315785336 -0800
++++ links-1.03/https.c	2015-01-06 13:08:06.766439550 -0800
+@@ -41,6 +41,7 @@
+ 		SSLeay_add_ssl_algorithms();
+ 		context = SSL_CTX_new(SSLv23_client_method());
+ 		SSL_CTX_set_options(context, SSL_OP_ALL);
++		SSL_CTX_set_options(context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+ 		SSL_CTX_set_default_verify_paths(context);
+ /* needed for systems without /dev/random, but obviously kills security. */
+ 		/*{
upstream/oracle/userland-gate