Title: [174984] releases/WebKitGTK/webkit-2.6/Source/WebKit2
- Revision
- 174984
- Author
- [email protected]
- Date
- 2014-10-21 10:05:06 -0700 (Tue, 21 Oct 2014)
Log Message
Merge r174927 - [SOUP] Disable SSLv3
https://bugs.webkit.org/show_bug.cgi?id=137859
Patch by Michael Catanzaro <[email protected]> on 2014-10-21
Reviewed by Carlos Garcia Campos.
Set G_TLS_GNUTLS_PRIORITY if unset.
* NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
(main):
* WebProcess/EntryPoint/unix/WebProcessMain.cpp:
(main):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.6/Source/WebKit2/ChangeLog (174983 => 174984)
--- releases/WebKitGTK/webkit-2.6/Source/WebKit2/ChangeLog 2014-10-21 17:02:50 UTC (rev 174983)
+++ releases/WebKitGTK/webkit-2.6/Source/WebKit2/ChangeLog 2014-10-21 17:05:06 UTC (rev 174984)
@@ -1,3 +1,17 @@
+2014-10-21 Michael Catanzaro <[email protected]>
+
+ [SOUP] Disable SSLv3
+ https://bugs.webkit.org/show_bug.cgi?id=137859
+
+ Reviewed by Carlos Garcia Campos.
+
+ Set G_TLS_GNUTLS_PRIORITY if unset.
+
+ * NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
+ (main):
+ * WebProcess/EntryPoint/unix/WebProcessMain.cpp:
+ (main):
+
2014-10-20 Michael Catanzaro <[email protected]>
Change the default TLS errors policy to WEBKIT_TLS_ERRORS_POLICY_FAIL
Modified: releases/WebKitGTK/webkit-2.6/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp (174983 => 174984)
--- releases/WebKitGTK/webkit-2.6/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp 2014-10-21 17:02:50 UTC (rev 174983)
+++ releases/WebKitGTK/webkit-2.6/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp 2014-10-21 17:05:06 UTC (rev 174984)
@@ -25,9 +25,21 @@
#include "NetworkProcessMainUnix.h"
+#include <cstdlib>
+
using namespace WebKit;
int main(int argc, char** argv)
{
+ // Disable SSLv3 very early because it is practically impossible to safely
+ // use setenv() when multiple threads are running, as another thread calling
+ // getenv() could cause a crash, and many functions use getenv() internally.
+ // This workaround will stop working if glib-networking switches away from
+ // GnuTLS or simply stops parsing this variable. We intentionally do not
+ // overwrite this priority string if it's already set by the user.
+ // Keep this in sync with WebProcessMain.cpp.
+ // https://bugzilla.gnome.org/show_bug.cgi?id=738633
+ setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0", 0);
+
return NetworkProcessMainUnix(argc, argv);
}
Modified: releases/WebKitGTK/webkit-2.6/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp (174983 => 174984)
--- releases/WebKitGTK/webkit-2.6/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp 2014-10-21 17:02:50 UTC (rev 174983)
+++ releases/WebKitGTK/webkit-2.6/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp 2014-10-21 17:05:06 UTC (rev 174984)
@@ -25,9 +25,21 @@
#include "WebProcessMainUnix.h"
+#include <cstdlib>
+
using namespace WebKit;
int main(int argc, char** argv)
{
+ // Disable SSLv3 very early because it is practically impossible to safely
+ // use setenv() when multiple threads are running, as another thread calling
+ // getenv() could cause a crash, and many functions use getenv() internally.
+ // This workaround will stop working if glib-networking switches away from
+ // GnuTLS or simply stops parsing this variable. We intentionally do not
+ // overwrite this priority string if it's already set by the user.
+ // Keep this in sync with NetworkProcessMain.cpp.
+ // https://bugzilla.gnome.org/show_bug.cgi?id=738633
+ setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0", 0);
+
return WebProcessMainUnix(argc, argv);
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
