← Back to branch summary

~ubuntu-branches/ubuntu/maverick/irssi/maverick

« back to all changes in this revision

Viewing changes to debian/patches/91_disable_sslv2.patch

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge
  • Date: 2010-04-14 13:36:33 UTC
  • Revision ID: james.westby@ubuntu.com-20100414133633-qn4xagdn8am0kqk2
Tags: 0.8.14-1ubuntu3
* SECURITY UPDATE: perform certificate host validation
  - debian/patches/91_CVE-2010-1155.patch: adjust to verify hostname against
    CN. Also use one SSL_CTX per connection and use default trusted CAs if
    nothing specified. This can be dropped in 0.8.15.
  - CVE-2010-1155
* SECURITY UPDATE: fix crash when checking for fuzzy nick match when not on
  the channel
  - debian/patches/91_CVE-2010-1156.patch: verify channel is non-NULL in
    src/core/nicklist.c. This can be dropped in 0.8.15.
  - CVE-2010-1156
* Do not use SSLv2 protocol. This can be dropped in 0.8.16.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/91_disable_sslv2.patch
 
1
Origin: r5136
 
2
Description: Do not use SSLv2 protocol. From Bazerka.
 
3
 
 
4
diff -Nur irssi-0.8.14/src/core/network-openssl.c irssi-0.8.14.new/src/core/network-openssl.c
 
5
--- irssi-0.8.14/src/core/network-openssl.c     2010-04-14 13:35:32.240201673 -0500
 
6
+++ irssi-0.8.14.new/src/core/network-openssl.c 2010-04-14 13:35:43.950433414 -0500
 
7
@@ -406,6 +406,7 @@
 
8
                g_error("Could not allocate memory for SSL context");
 
9
                return NULL;
 
10
        }
 
11
+       SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
 
12
 
 
13
        if (mycert && *mycert) {
 
14
                char *scert = NULL, *spkey = NULL;