2 files changed, 19 insertions, 0 deletions

diff --git a/devel/mercurial/Makefile b/devel/mercurial/Makefile
index 4fbf0f2104b2..cb4d59818ffb 100644
--- a/devel/mercurial/Makefile
+++ b/devel/mercurial/Makefile
@@ -3,6 +3,7 @@
 
 PORTNAME=	mercurial
 PORTVERSION=	3.3
+PORTREVISION=	1
 CATEGORIES=	devel python
 MASTER_SITES=	http://mercurial.selenic.com/release/
 
diff --git a/devel/mercurial/files/patch-mercurial_sslutil.py b/devel/mercurial/files/patch-mercurial_sslutil.py
new file mode 100644
index 000000000000..81926b1b20e7
--- /dev/null
+++ b/devel/mercurial/files/patch-mercurial_sslutil.py
@@ -0,0 +1,18 @@
+Change condition in order to prevent SSLv2 and SSLv3 protocols.
+Taken from ${PYTHON_LIBDIR}/ssl.py file (found in 'create_default_context'
+function).
+
+--- mercurial/sslutil.py.orig	2015-02-02 02:20:50 UTC
++++ mercurial/sslutil.py
+@@ -29,7 +29,10 @@ try:
+             # maintainers for us, but that breaks too many things to
+             # do it in a hurry.
+             sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+-            sslcontext.options &= ssl.OP_NO_SSLv2 & ssl.OP_NO_SSLv3
++            # SSLv2 is considered harmful
++            sslcontext.options |= ssl.OP_NO_SSLv2
++            # SSLv3 has problematic security issue
++            sslcontext.options |= ssl.OP_NO_SSLv3
+             if certfile is not None:
+                 sslcontext.load_cert_chain(certfile, keyfile)
+             sslcontext.verify_mode = cert_reqs