rpms/links/devel links-2.2-ssl-verify.patch, NONE, 1.1 links.spec, 1.1, 1.2

[Lubomir Rintel]

Author: lkundrak

Update of /cvs/pkgs/rpms/links/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13774

Modified Files:
	links.spec 
Added Files:
	links-2.2-ssl-verify.patch 
Log Message:
* Mon Apr 13 2009 Lubomir Rintel <lkundrak at v3.sk> - 2.2-8
- Enable SSL certificates verification


links-2.2-ssl-verify.patch:

--- NEW FILE links-2.2-ssl-verify.patch ---
Fix a security issue -- links would not verify SSL and TLS
certificates, rendering SSL support practically useless.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510417

Lubomir Rintel <lkundrak at v3.sk>

diff -up links-2.2/connect.c.ssl-verify links-2.2/connect.c
--- links-2.2/connect.c.ssl-verify	2009-04-13 19:28:13.076133802 +0200
+++ links-2.2/connect.c	2009-04-13 19:27:34.467258505 +0200
@@ -319,6 +319,8 @@ void connected(struct connection *c)
 #ifdef HAVE_SSL
 	if (c->ssl) {
 		c->ssl = getSSL();
+		if (!getenv("UNSAFE_SSL"))
+			SSL_set_verify(c->ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
 		SSL_set_fd(c->ssl, *b->sock);
 #ifndef HAVE_NSS_COMPAT
 		if (c->no_tsl) c->ssl->options |= SSL_OP_NO_TLSv1;


Index: links.spec
===================================================================
RCS file: /cvs/pkgs/rpms/links/devel/links.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- links.spec	13 Apr 2009 17:00:11 -0000	1.1
+++ links.spec	13 Apr 2009 17:34:58 -0000	1.2
@@ -1,6 +1,6 @@
 Name:           links
 Version:        2.2
-Release:        7%{?dist}
+Release:        8%{?dist}
 Summary:        Web browser running in both graphics and text mode
 
 Group:          Applications/Internet
@@ -9,6 +9,7 @@
 Source0:        http://links.twibright.com/download/%{name}-%{version}.tar.bz2
 Source1:        links.desktop
 Patch0:         links-2.2-nss.patch
+Patch1:         links-2.2-ssl-verify.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  libpng-devel
@@ -42,6 +43,7 @@
 %prep
 %setup -q
 %patch0 -p1 -b .nss
+%patch1 -p1 -b .verify-ssl
 
 
 %build
@@ -104,6 +106,9 @@
 
 
 %changelog
+* Mon Apr 13 2009 Lubomir Rintel <lkundrak at v3.sk> - 2.2-8
+- Enable SSL certificates verification
+
 * Sun Apr 12 2009 Lubomir Rintel <lkundrak at v3.sk> - 2.2-7
 - removing unnecessary BuildConflicts