rev 12010 - in kde-extras/kvirc/trunk/debian: . patches
Raúl Sánchez Siles
kebianizao-guest at alioth.debian.org
Thu Aug 28 21:55:06 UTC 2008
Author: kebianizao-guest
Date: 2008-08-28 21:55:06 +0000 (Thu, 28 Aug 2008)
New Revision: 12010
Added:
kde-extras/kvirc/trunk/debian/patches/30_security-cipherlist-bad-order_r1990.patch
Modified:
kde-extras/kvirc/trunk/debian/changelog
Log:
Adding 30_security-cipherlist-bad-order_r1990.patch collected from upstream.
This solves SSL ciphering security bug (https://svn.kvirc.de/kvirc/ticket/155)
Modified: kde-extras/kvirc/trunk/debian/changelog
===================================================================
--- kde-extras/kvirc/trunk/debian/changelog 2008-08-28 21:53:43 UTC (rev 12009)
+++ kde-extras/kvirc/trunk/debian/changelog 2008-08-28 21:55:06 UTC (rev 12010)
@@ -1,7 +1,9 @@
kvirc (2:3.4.0-2) UNRELEASED; urgency=low
+ * Adding 30_security-cipherlist-bad-order_r1990.patch collected from upstream.
+ This solves SSL ciphering security bug (https://svn.kvirc.de/kvirc/ticket/155)
* embedding perl needs PERL_SYS_INIT3() (Closes: #495064) Taken from svn and
- added as 51_PERL_SYS_INIT3_r2271-bug495064.patch
+ added as 51_PERL_SYS_INIT3_r2271-bug495064.patch
-- Raúl Sánchez Siles <rasasi at gmail.com> Tue, 26 Aug 2008 15:20:00 +0200
Added: kde-extras/kvirc/trunk/debian/patches/30_security-cipherlist-bad-order_r1990.patch
===================================================================
--- kde-extras/kvirc/trunk/debian/patches/30_security-cipherlist-bad-order_r1990.patch (rev 0)
+++ kde-extras/kvirc/trunk/debian/patches/30_security-cipherlist-bad-order_r1990.patch 2008-08-28 21:55:06 UTC (rev 12010)
@@ -0,0 +1,14 @@
+Index: src/kvilib/net/kvi_ssl.cpp
+===================================================================
+--- src/kvilib/net/kvi_ssl.cpp (revisión: 1989)
++++ src/kvilib/net/kvi_ssl.cpp (revisión: 1990)
+@@ -305,7 +305,8 @@
+ m_pSSLCtx = SSL_CTX_new(m == Client ? SSLv23_client_method() : SSLv23_server_method());
+ if(!m_pSSLCtx)return false;
+ // FIXME: this should be configurable ?
+- SSL_CTX_set_cipher_list(m_pSSLCtx,"ALL:eNULL");
++ // NOTE: see bug ticket #155
++ SSL_CTX_set_cipher_list(m_pSSLCtx,"ALL:!ADH:!EXP:!SSLv2 at STRENGTH");
+ SSL_CTX_set_tmp_dh_callback(m_pSSLCtx,my_ugly_dh_callback);
+ return true;
+ }
More information about the pkg-kde-commits
mailing list