0af66fa685
rewording while here. XXX: I don't see what w3m-img does differently? Changes: w3m 0.5.3 - 2011-01-15 * security fix - fix vulnerabilities indicated by bugs.debian.org. - suppress sending Referer, if https:// -> http:// * new features - adapt w3mimg to native windows on MS Windows. - support xterm-incompatible terminals without gpm. - add "xhtml" to default guess. - introduce option pseudo_inlines. - add option to avoid "wrong number of dots" error in cookies. * other bug fixes - fix "important" bugs from bugs.debian.org - preserve spaces in multibyte context. - fix proxy authentication.
26 lines
819 B
Text
26 lines
819 B
Text
$NetBSD: patch-ac,v 1.15 2011/01/21 23:34:14 wiz Exp $
|
|
|
|
Fix for CVE-2010-2074 taken from here:
|
|
|
|
http://www.openwall.com/lists/oss-security/2010/06/14/4
|
|
|
|
--- fm.h.orig 2011-01-04 09:22:21.000000000 +0000
|
|
+++ fm.h
|
|
@@ -1135,7 +1135,7 @@ global int view_unseenobject init(TRUE);
|
|
#endif
|
|
|
|
#if defined(USE_SSL) && defined(USE_SSL_VERIFY)
|
|
-global int ssl_verify_server init(FALSE);
|
|
+global int ssl_verify_server init(TRUE);
|
|
global char *ssl_cert_file init(NULL);
|
|
global char *ssl_key_file init(NULL);
|
|
global char *ssl_ca_path init(NULL);
|
|
@@ -1144,7 +1144,7 @@ global int ssl_path_modified init(FALSE)
|
|
#endif /* defined(USE_SSL) &&
|
|
* defined(USE_SSL_VERIFY) */
|
|
#ifdef USE_SSL
|
|
-global char *ssl_forbid_method init(NULL);
|
|
+global char *ssl_forbid_method init("2");
|
|
#endif
|
|
|
|
global int is_redisplay init(FALSE);
|