diff options
Diffstat (limited to 'dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-CVE-2014-3230.patch')
-rw-r--r-- | dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-CVE-2014-3230.patch | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-CVE-2014-3230.patch b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-CVE-2014-3230.patch new file mode 100644 index 000000000000..1eb26d2e4092 --- /dev/null +++ b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-CVE-2014-3230.patch @@ -0,0 +1,22 @@ +Source: https://bugzilla.redhat.com/show_bug.cgi?id=1094440 + +This patch combines the following two: +https://bugzilla.redhat.com/attachment.cgi?id=894747 +https://bugzilla.redhat.com/attachment.cgi?id=894748 + +diff -ruN LWP-Protocol-https-6.06.orig/lib/LWP/Protocol/https.pm LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm +--- LWP-Protocol-https-6.06.orig/lib/LWP/Protocol/https.pm 2014-04-18 18:33:26.000000000 +0200 ++++ LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm 2014-10-26 23:57:27.714303175 +0100 +@@ -21,7 +21,11 @@ + $ssl_opts{SSL_verifycn_scheme} = 'www'; + } + else { +- $ssl_opts{SSL_verify_mode} = 0; ++ if ( $Net::HTTPS::SSL_SOCKET_CLASS eq 'Net::SSL' ) { ++ $ssl_opts{SSL_verifycn_scheme} = ''; ++ } else { ++ $ssl_opts{SSL_verifycn_scheme} = 'none'; ++ } + } + if ($ssl_opts{SSL_verify_mode}) { + unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { |