diff options
author | Frans Meulenbroeks <fransmeulenbroeks@gmail.com> | 2010-10-08 18:35:46 +0200 |
---|---|---|
committer | Frans Meulenbroeks <fransmeulenbroeks@gmail.com> | 2010-10-08 18:59:31 +0200 |
commit | 12d705f554ed92234b7e0aa1d27549abefbdfe82 (patch) | |
tree | 798b545ee3117ad01b48cf5813eb460704f18574 /recipes/curl/files | |
parent | 104b736e074f5698175dfc759978a3039bd36b53 (diff) | |
download | openembedded-12d705f554ed92234b7e0aa1d27549abefbdfe82.tar.gz |
curl : moved unused files to obsolete dir
Signed-off-by: Frans Meulenbroeks <fransmeulenbroeks@gmail.com>
Diffstat (limited to 'recipes/curl/files')
-rw-r--r-- | recipes/curl/files/curl-7.18.1-CVE-2009-2417.patch | 83 | ||||
-rw-r--r-- | recipes/curl/files/curl-7.19.5-CVE-2009-2417.patch | 80 | ||||
-rw-r--r-- | recipes/curl/files/curl-add_all_algorithms.patch | 22 |
3 files changed, 0 insertions, 185 deletions
diff --git a/recipes/curl/files/curl-7.18.1-CVE-2009-2417.patch b/recipes/curl/files/curl-7.18.1-CVE-2009-2417.patch deleted file mode 100644 index e7c24c0b6e..0000000000 --- a/recipes/curl/files/curl-7.18.1-CVE-2009-2417.patch +++ /dev/null @@ -1,83 +0,0 @@ ---- - lib/ssluse.c | 40 +++++++++++++++++++++++++++------------- - 1 file changed, 27 insertions(+), 13 deletions(-) - ---- lib/ssluse.c.orig -+++ lib/ssluse.c -@@ -1061,7 +1061,7 @@ static CURLcode verifyhost(struct connec - if(check->type == target) { - /* get data and length */ - const char *altptr = (char *)ASN1_STRING_data(check->d.ia5); -- int altlen; -+ size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5); - - switch(target) { - case GEN_DNS: /* name/pattern comparison */ -@@ -1075,14 +1075,16 @@ static CURLcode verifyhost(struct connec - "I checked the 0.9.6 and 0.9.8 sources before my patch and - it always 0-terminates an IA5String." - */ -- if(cert_hostcheck(altptr, conn->host.name)) -+ if((altlen == strlen(altptr)) && -+ /* if this isn't true, there was an embedded zero in the name -+ string and we cannot match it. */ -+ cert_hostcheck(altptr, conn->host.name)) - matched = TRUE; - break; - - case GEN_IPADD: /* IP address comparison */ - /* compare alternative IP address if the data chunk is the same size - our server IP address is */ -- altlen = ASN1_STRING_length(check->d.ia5); - if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) - matched = TRUE; - break; -@@ -1122,18 +1124,27 @@ static CURLcode verifyhost(struct connec - string manually to avoid the problem. This code can be made - conditional in the future when OpenSSL has been fixed. Work-around - brought by Alexis S. L. Carvalho. */ -- if(tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { -- j = ASN1_STRING_length(tmp); -- if(j >= 0) { -- peer_CN = OPENSSL_malloc(j+1); -- if(peer_CN) { -- memcpy(peer_CN, ASN1_STRING_data(tmp), j); -- peer_CN[j] = '\0'; -+ if(tmp) { -+ if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { -+ j = ASN1_STRING_length(tmp); -+ if(j >= 0) { -+ peer_CN = OPENSSL_malloc(j+1); -+ if(peer_CN) { -+ memcpy(peer_CN, ASN1_STRING_data(tmp), j); -+ peer_CN[j] = '\0'; -+ } - } - } -+ else /* not a UTF8 name */ -+ j = ASN1_STRING_to_UTF8(&peer_CN, tmp); -+ -+ if(peer_CN && ((int)strlen((char *)peer_CN) != j)) { -+ /* there was a terminating zero before the end of string, this -+ cannot match and we return failure! */ -+ failf(data, "SSL: illegal cert name field"); -+ res = CURLE_PEER_FAILED_VERIFICATION; -+ } - } -- else /* not a UTF8 name */ -- j = ASN1_STRING_to_UTF8(&peer_CN, tmp); - } - - if(peer_CN == nulstr) -@@ -1151,7 +1162,10 @@ static CURLcode verifyhost(struct connec - } - #endif /* CURL_DOES_CONVERSIONS */ - -- if(!peer_CN) { -+ if(res) -+ /* error already detected, pass through */ -+ ; -+ else if(!peer_CN) { - failf(data, - "SSL: unable to obtain common name from peer certificate"); - return CURLE_PEER_FAILED_VERIFICATION; diff --git a/recipes/curl/files/curl-7.19.5-CVE-2009-2417.patch b/recipes/curl/files/curl-7.19.5-CVE-2009-2417.patch deleted file mode 100644 index f64232c502..0000000000 --- a/recipes/curl/files/curl-7.19.5-CVE-2009-2417.patch +++ /dev/null @@ -1,80 +0,0 @@ ---- lib/ssluse.c-7.19.5 2009-08-03 16:01:58.000000000 +0200 -+++ lib/ssluse.c 2009-08-03 16:07:17.000000000 +0200 -@@ -1092,7 +1092,8 @@ - if(check->type == target) { - /* get data and length */ - const char *altptr = (char *)ASN1_STRING_data(check->d.ia5); -- size_t altlen; -+ size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5); -+ - - switch(target) { - case GEN_DNS: /* name/pattern comparison */ -@@ -1106,14 +1107,16 @@ - "I checked the 0.9.6 and 0.9.8 sources before my patch and - it always 0-terminates an IA5String." - */ -- if(cert_hostcheck(altptr, conn->host.name)) -+ if((altlen == strlen(altptr)) && -+ /* if this isn't true, there was an embedded zero in the name -+ string and we cannot match it. */ -+ cert_hostcheck(altptr, conn->host.name)) - matched = TRUE; - break; - - case GEN_IPADD: /* IP address comparison */ - /* compare alternative IP address if the data chunk is the same size - our server IP address is */ -- altlen = (size_t) ASN1_STRING_length(check->d.ia5); - if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) - matched = TRUE; - break; -@@ -1153,18 +1156,27 @@ - string manually to avoid the problem. This code can be made - conditional in the future when OpenSSL has been fixed. Work-around - brought by Alexis S. L. Carvalho. */ -- if(tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { -- j = ASN1_STRING_length(tmp); -- if(j >= 0) { -- peer_CN = OPENSSL_malloc(j+1); -- if(peer_CN) { -- memcpy(peer_CN, ASN1_STRING_data(tmp), j); -- peer_CN[j] = '\0'; -+ if(tmp) { -+ if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { -+ j = ASN1_STRING_length(tmp); -+ if(j >= 0) { -+ peer_CN = OPENSSL_malloc(j+1); -+ if(peer_CN) { -+ memcpy(peer_CN, ASN1_STRING_data(tmp), j); -+ peer_CN[j] = '\0'; -+ } - } - } -+ else /* not a UTF8 name */ -+ j = ASN1_STRING_to_UTF8(&peer_CN, tmp); -+ -+ if(peer_CN && ((int)strlen((char *)peer_CN) != j)) { -+ /* there was a terminating zero before the end of string, this -+ cannot match and we return failure! */ -+ failf(data, "SSL: illegal cert name field"); -+ res = CURLE_PEER_FAILED_VERIFICATION; -+ } - } -- else /* not a UTF8 name */ -- j = ASN1_STRING_to_UTF8(&peer_CN, tmp); - } - - if(peer_CN == nulstr) -@@ -1182,7 +1194,10 @@ - } - #endif /* CURL_DOES_CONVERSIONS */ - -- if(!peer_CN) { -+ if(res) -+ /* error already detected, pass through */ -+ ; -+ else if(!peer_CN) { - failf(data, - "SSL: unable to obtain common name from peer certificate"); - return CURLE_PEER_FAILED_VERIFICATION; diff --git a/recipes/curl/files/curl-add_all_algorithms.patch b/recipes/curl/files/curl-add_all_algorithms.patch deleted file mode 100644 index a55af12575..0000000000 --- a/recipes/curl/files/curl-add_all_algorithms.patch +++ /dev/null @@ -1,22 +0,0 @@ ---- curl-7.19.5/lib/ssluse.c 2009-01-26 15:36:22.000000000 +0100 -+++ curl-7.19.5/lib/ssluse.c 2009-07-23 15:44:12.000000000 +0200 -@@ -58,6 +58,7 @@ - #ifdef USE_SSLEAY - - #ifdef USE_OPENSSL -+#include <openssl/evp.h> - #include <openssl/rand.h> - #include <openssl/x509v3.h> - #else -@@ -627,6 +628,11 @@ - /* Lets get nice error messages */ - SSL_load_error_strings(); - -+#ifdef USE_OPENSSL -+ /* Load all algorithms (including SHA2) */ -+ OpenSSL_add_all_algorithms(); -+#endif /* USE_OPENSSL */ -+ - /* Setup all the global SSL stuff */ - if(!SSLeay_add_ssl_algorithms()) - return 0; |