diff options
author | Kei Kebreau <kei@openmailbox.org> | 2016-11-04 20:06:03 -0400 |
---|---|---|
committer | Kei Kebreau <kei@openmailbox.org> | 2016-11-04 20:06:03 -0400 |
commit | 674a0f955809d40c2fe3e5092b2927c4c96e8351 (patch) | |
tree | d2d9d92f32d6cd1f5939f6ebbd44cdb88375cb41 /gnu/packages/patches | |
parent | 682bfb8124508c016b93f2d1d6696e5e06699e0c (diff) | |
download | guix-674a0f955809d40c2fe3e5092b2927c4c96e8351.tar guix-674a0f955809d40c2fe3e5092b2927c4c96e8351.tar.gz |
gnu: w3m: Switch to Debian's actively maintained fork of w3m.
Fixes some security issues seen here:
<http://www.openwall.com/lists/oss-security/2016/11/03/3>
* gnu/packages/w3m.scm (w3m): Switch it.
[source]: Use Debian's git tree. Remove obsolete patches.
[arguments]: Remove an unneeded substitute* function.
* gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch,
gnu/packages/patches/w3m-disable-weak-ciphers.patch,
gnu/packages/patches/w3m-force-ssl_verify_server-on.patch,
gnu/packages/patches/w3m-libgc.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch | 24 | ||||
-rw-r--r-- | gnu/packages/patches/w3m-disable-weak-ciphers.patch | 24 | ||||
-rw-r--r-- | gnu/packages/patches/w3m-force-ssl_verify_server-on.patch | 24 | ||||
-rw-r--r-- | gnu/packages/patches/w3m-libgc.patch | 28 |
4 files changed, 0 insertions, 100 deletions
diff --git a/gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch b/gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch deleted file mode 100644 index 5b78f2d909..0000000000 --- a/gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch +++ /dev/null @@ -1,24 +0,0 @@ -Subject: Disable SSLv2 and SSLv3. - -The only remaining methods are TLSv1.* (the code never distinguishes -between TLSv1.0, TLSv1.1, and TLSv1.2). ---- - fm.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/fm.h b/fm.h -index 320906c..ddcd4fc 100644 ---- a/fm.h -+++ b/fm.h -@@ -1144,7 +1144,7 @@ global int ssl_path_modified init(FALSE); - #endif /* defined(USE_SSL) && - * defined(USE_SSL_VERIFY) */ - #ifdef USE_SSL --global char *ssl_forbid_method init(NULL); -+global char *ssl_forbid_method init("2, 3"); - #endif - - global int is_redisplay init(FALSE); --- -2.6.4 - diff --git a/gnu/packages/patches/w3m-disable-weak-ciphers.patch b/gnu/packages/patches/w3m-disable-weak-ciphers.patch deleted file mode 100644 index 4780d54cb6..0000000000 --- a/gnu/packages/patches/w3m-disable-weak-ciphers.patch +++ /dev/null @@ -1,24 +0,0 @@ -Subject: Disable weak ciphers - -Disable RC4, "export ciphers", and all keys < 128 bits. - -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/w3m/+bug/1325674 ---- - url.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/url.c b/url.c -index ed6062e..e86b1f3 100644 ---- a/url.c -+++ b/url.c -@@ -326,6 +326,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert) - SSL_load_error_strings(); - if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method()))) - goto eend; -+ SSL_CTX_set_cipher_list(ssl_ctx, "DEFAULT:!LOW:!RC4:!EXP"); - option = SSL_OP_ALL; - if (ssl_forbid_method) { - if (strchr(ssl_forbid_method, '2')) --- -2.6.4 - diff --git a/gnu/packages/patches/w3m-force-ssl_verify_server-on.patch b/gnu/packages/patches/w3m-force-ssl_verify_server-on.patch deleted file mode 100644 index dc9f117f9d..0000000000 --- a/gnu/packages/patches/w3m-force-ssl_verify_server-on.patch +++ /dev/null @@ -1,24 +0,0 @@ -Subject: Force ssl_verify_server on. - -By default, SSL/TLS certificates are not verified. This enables the -verification. ---- - fm.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/fm.h b/fm.h -index 8378939..320906c 100644 ---- a/fm.h -+++ b/fm.h -@@ -1135,7 +1135,7 @@ global int view_unseenobject init(TRUE); - #endif - - #if defined(USE_SSL) && defined(USE_SSL_VERIFY) --global int ssl_verify_server init(FALSE); -+global int ssl_verify_server init(TRUE); - global char *ssl_cert_file init(NULL); - global char *ssl_key_file init(NULL); - global char *ssl_ca_path init(NULL); --- -2.6.4 - diff --git a/gnu/packages/patches/w3m-libgc.patch b/gnu/packages/patches/w3m-libgc.patch deleted file mode 100644 index 0dc6a4027c..0000000000 --- a/gnu/packages/patches/w3m-libgc.patch +++ /dev/null @@ -1,28 +0,0 @@ -This patch fixes w3m compilation with libgc > 7.2. - -Reported: -https://bugs.archlinux.org/task/33397 - -Patch with explanation: -http://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=770eec8304bdbe458 ---- - main.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/main.c b/main.c -index b421943..249eb1a 100644 ---- a/main.c -+++ b/main.c -@@ -833,7 +833,8 @@ main(int argc, char **argv, char **envp) - mySignal(SIGPIPE, SigPipe); - #endif - -- orig_GC_warn_proc = GC_set_warn_proc(wrap_GC_warn_proc); -+ orig_GC_warn_proc = GC_get_warn_proc(); -+ GC_set_warn_proc(wrap_GC_warn_proc); - err_msg = Strnew(); - if (load_argc == 0) { - /* no URL specified */ --- -2.6.4 - |