rpms/links/devel links-2.2-ssl-verify.patch, NONE, 1.1 links.spec, 1.1, 1.2
Lubomir Rintel
lkundrak at fedoraproject.org
Mon Apr 13 17:35:03 UTC 2009
Author: lkundrak
Update of /cvs/pkgs/rpms/links/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13774
Modified Files:
links.spec
Added Files:
links-2.2-ssl-verify.patch
Log Message:
* Mon Apr 13 2009 Lubomir Rintel <lkundrak at v3.sk> - 2.2-8
- Enable SSL certificates verification
links-2.2-ssl-verify.patch:
--- NEW FILE links-2.2-ssl-verify.patch ---
Fix a security issue -- links would not verify SSL and TLS
certificates, rendering SSL support practically useless.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510417
Lubomir Rintel <lkundrak at v3.sk>
diff -up links-2.2/connect.c.ssl-verify links-2.2/connect.c
--- links-2.2/connect.c.ssl-verify 2009-04-13 19:28:13.076133802 +0200
+++ links-2.2/connect.c 2009-04-13 19:27:34.467258505 +0200
@@ -319,6 +319,8 @@ void connected(struct connection *c)
#ifdef HAVE_SSL
if (c->ssl) {
c->ssl = getSSL();
+ if (!getenv("UNSAFE_SSL"))
+ SSL_set_verify(c->ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
SSL_set_fd(c->ssl, *b->sock);
#ifndef HAVE_NSS_COMPAT
if (c->no_tsl) c->ssl->options |= SSL_OP_NO_TLSv1;
Index: links.spec
===================================================================
RCS file: /cvs/pkgs/rpms/links/devel/links.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- links.spec 13 Apr 2009 17:00:11 -0000 1.1
+++ links.spec 13 Apr 2009 17:34:58 -0000 1.2
@@ -1,6 +1,6 @@
Name: links
Version: 2.2
-Release: 7%{?dist}
+Release: 8%{?dist}
Summary: Web browser running in both graphics and text mode
Group: Applications/Internet
@@ -9,6 +9,7 @@
Source0: http://links.twibright.com/download/%{name}-%{version}.tar.bz2
Source1: links.desktop
Patch0: links-2.2-nss.patch
+Patch1: links-2.2-ssl-verify.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: libpng-devel
@@ -42,6 +43,7 @@
%prep
%setup -q
%patch0 -p1 -b .nss
+%patch1 -p1 -b .verify-ssl
%build
@@ -104,6 +106,9 @@
%changelog
+* Mon Apr 13 2009 Lubomir Rintel <lkundrak at v3.sk> - 2.2-8
+- Enable SSL certificates verification
+
* Sun Apr 12 2009 Lubomir Rintel <lkundrak at v3.sk> - 2.2-7
- removing unnecessary BuildConflicts
More information about the scm-commits
mailing list