WebSVN - prayer - Path Comparison - / Rev 157 and / Rev 158

Ignore whitespace Rev 157 → Rev 158

 /trunk/debian/changelog
 ,3 → 1,10
+prayer (1.3.5-dfsg1-3) unstable; urgency=low
+  * disable_ssl3.patch (new): Disable SSL 3.0 due to CVE-2014-3566
+    (POODLE).
+ -- Magnus Holmgren <holmgren@debian.org>  Wed, 29 Oct 2014 21:58:48 +0100
 prayer (1.3.5-dfsg1-2) unstable; urgency=high
   * dlopen_templates.patch: Use MYCFLAGS (which is initialized to the

 /trunk/debian/patches/disable_ssl3.patch
 ,0 → 1,58
+Description: Disable SSL 3.0 on client as well as server side
+Author: Magnus Holmgren <holmgren@debian.org>
+--- a/lib/ssl.c
++++ b/lib/ssl.c
+@@ -387,12 +387,16 @@ void ssl_context_init(struct ssl_config
+     SSL_load_error_strings();
+     /* Set up client context: only used by accountd */
+-    client_ctx = SSL_CTX_new(SSLv3_client_method());
++    client_ctx = SSL_CTX_new(SSLv23_client_method());
+     SSL_CTX_set_session_cache_mode(client_ctx, SSL_SESS_CACHE_BOTH);
+     SSL_CTX_set_info_callback(client_ctx, info_callback);
+ #ifdef SSL_MODE_AUTO_RETRY
+     SSL_CTX_set_mode(client_ctx, SSL_MODE_AUTO_RETRY);
+ #endif
++    /* SSLv2 now obsolete */
++    SSL_CTX_set_options(client_ctx, SSL_OP_NO_SSLv2);
++    /* SSLv3 now also obsolete */
++    SSL_CTX_set_options(client_ctx, SSL_OP_NO_SSLv3);
+     if (SSL_CTX_need_tmp_RSA(client_ctx))
+         SSL_CTX_set_tmp_rsa_callback(client_ctx, rsa_callback);
+@@ -420,6 +424,8 @@ void ssl_context_init(struct ssl_config
+     /* SSLv2 now obsolete */
+     SSL_CTX_set_options(server_ctx, SSL_OP_NO_SSLv2);
++    /* SSLv3 now also obsolete */
++    SSL_CTX_set_options(server_ctx, SSL_OP_NO_SSLv3);
+     /* Start off with the session cache disabled */
+     SSL_CTX_set_session_cache_mode(server_ctx, SSL_SESS_CACHE_OFF);
+@@ -625,6 +631,12 @@ void *ssl_start_server(int fd, unsigned
+     case TLS1_VERSION:
+         ver = "TLSv1";
+         break;
++    case TLS1_1_VERSION:
++        ver = "TLSv1.1";
++        break;
++    case TLS1_2_VERSION:
++        ver = "TLSv1.2";
++        break;
+     default:
+         ver = "UNKNOWN";
+     }
+@@ -678,6 +690,12 @@ void *ssl_start_client(int fd, unsigned
+     case TLS1_VERSION:
+         ver = "TLSv1";
+         break;
++    case TLS1_1_VERSION:
++        ver = "TLSv1.1";
++        break;
++    case TLS1_2_VERSION:
++        ver = "TLSv1.2";
++        break;
+     default:
+         ver = "UNKNOWN";
+     }

Subversion Repositories prayer

Compare Revisions

Ignore whitespace Rev 157 → Rev 158

/trunk/debian/patches/series
6,3 → 6,4
template_sdk.patch
no_db_version_check.patch
hurd.patch
disable_ssl3.patch