diff options
author | Frans Meulenbroeks <fransmeulenbroeks@gmail.com> | 2010-10-08 18:35:46 +0200 |
---|---|---|
committer | Frans Meulenbroeks <fransmeulenbroeks@gmail.com> | 2010-10-08 18:59:31 +0200 |
commit | 12d705f554ed92234b7e0aa1d27549abefbdfe82 (patch) | |
tree | 798b545ee3117ad01b48cf5813eb460704f18574 /recipes/obsolete/curl/files | |
parent | 104b736e074f5698175dfc759978a3039bd36b53 (diff) | |
download | openembedded-12d705f554ed92234b7e0aa1d27549abefbdfe82.tar.gz |
curl : moved unused files to obsolete dir
Signed-off-by: Frans Meulenbroeks <fransmeulenbroeks@gmail.com>
Diffstat (limited to 'recipes/obsolete/curl/files')
3 files changed, 185 insertions, 0 deletions
diff --git a/recipes/obsolete/curl/files/curl-7.18.1-CVE-2009-2417.patch b/recipes/obsolete/curl/files/curl-7.18.1-CVE-2009-2417.patch new file mode 100644 index 0000000000..e7c24c0b6e --- /dev/null +++ b/recipes/obsolete/curl/files/curl-7.18.1-CVE-2009-2417.patch @@ -0,0 +1,83 @@ +--- + lib/ssluse.c | 40 +++++++++++++++++++++++++++------------- + 1 file changed, 27 insertions(+), 13 deletions(-) + +--- lib/ssluse.c.orig ++++ lib/ssluse.c +@@ -1061,7 +1061,7 @@ static CURLcode verifyhost(struct connec + if(check->type == target) { + /* get data and length */ + const char *altptr = (char *)ASN1_STRING_data(check->d.ia5); +- int altlen; ++ size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5); + + switch(target) { + case GEN_DNS: /* name/pattern comparison */ +@@ -1075,14 +1075,16 @@ static CURLcode verifyhost(struct connec + "I checked the 0.9.6 and 0.9.8 sources before my patch and + it always 0-terminates an IA5String." + */ +- if(cert_hostcheck(altptr, conn->host.name)) ++ if((altlen == strlen(altptr)) && ++ /* if this isn't true, there was an embedded zero in the name ++ string and we cannot match it. */ ++ cert_hostcheck(altptr, conn->host.name)) + matched = TRUE; + break; + + case GEN_IPADD: /* IP address comparison */ + /* compare alternative IP address if the data chunk is the same size + our server IP address is */ +- altlen = ASN1_STRING_length(check->d.ia5); + if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) + matched = TRUE; + break; +@@ -1122,18 +1124,27 @@ static CURLcode verifyhost(struct connec + string manually to avoid the problem. This code can be made + conditional in the future when OpenSSL has been fixed. Work-around + brought by Alexis S. L. Carvalho. */ +- if(tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { +- j = ASN1_STRING_length(tmp); +- if(j >= 0) { +- peer_CN = OPENSSL_malloc(j+1); +- if(peer_CN) { +- memcpy(peer_CN, ASN1_STRING_data(tmp), j); +- peer_CN[j] = '\0'; ++ if(tmp) { ++ if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { ++ j = ASN1_STRING_length(tmp); ++ if(j >= 0) { ++ peer_CN = OPENSSL_malloc(j+1); ++ if(peer_CN) { ++ memcpy(peer_CN, ASN1_STRING_data(tmp), j); ++ peer_CN[j] = '\0'; ++ } + } + } ++ else /* not a UTF8 name */ ++ j = ASN1_STRING_to_UTF8(&peer_CN, tmp); ++ ++ if(peer_CN && ((int)strlen((char *)peer_CN) != j)) { ++ /* there was a terminating zero before the end of string, this ++ cannot match and we return failure! */ ++ failf(data, "SSL: illegal cert name field"); ++ res = CURLE_PEER_FAILED_VERIFICATION; ++ } + } +- else /* not a UTF8 name */ +- j = ASN1_STRING_to_UTF8(&peer_CN, tmp); + } + + if(peer_CN == nulstr) +@@ -1151,7 +1162,10 @@ static CURLcode verifyhost(struct connec + } + #endif /* CURL_DOES_CONVERSIONS */ + +- if(!peer_CN) { ++ if(res) ++ /* error already detected, pass through */ ++ ; ++ else if(!peer_CN) { + failf(data, + "SSL: unable to obtain common name from peer certificate"); + return CURLE_PEER_FAILED_VERIFICATION; diff --git a/recipes/obsolete/curl/files/curl-7.19.5-CVE-2009-2417.patch b/recipes/obsolete/curl/files/curl-7.19.5-CVE-2009-2417.patch new file mode 100644 index 0000000000..f64232c502 --- /dev/null +++ b/recipes/obsolete/curl/files/curl-7.19.5-CVE-2009-2417.patch @@ -0,0 +1,80 @@ +--- lib/ssluse.c-7.19.5 2009-08-03 16:01:58.000000000 +0200 ++++ lib/ssluse.c 2009-08-03 16:07:17.000000000 +0200 +@@ -1092,7 +1092,8 @@ + if(check->type == target) { + /* get data and length */ + const char *altptr = (char *)ASN1_STRING_data(check->d.ia5); +- size_t altlen; ++ size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5); ++ + + switch(target) { + case GEN_DNS: /* name/pattern comparison */ +@@ -1106,14 +1107,16 @@ + "I checked the 0.9.6 and 0.9.8 sources before my patch and + it always 0-terminates an IA5String." + */ +- if(cert_hostcheck(altptr, conn->host.name)) ++ if((altlen == strlen(altptr)) && ++ /* if this isn't true, there was an embedded zero in the name ++ string and we cannot match it. */ ++ cert_hostcheck(altptr, conn->host.name)) + matched = TRUE; + break; + + case GEN_IPADD: /* IP address comparison */ + /* compare alternative IP address if the data chunk is the same size + our server IP address is */ +- altlen = (size_t) ASN1_STRING_length(check->d.ia5); + if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) + matched = TRUE; + break; +@@ -1153,18 +1156,27 @@ + string manually to avoid the problem. This code can be made + conditional in the future when OpenSSL has been fixed. Work-around + brought by Alexis S. L. Carvalho. */ +- if(tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { +- j = ASN1_STRING_length(tmp); +- if(j >= 0) { +- peer_CN = OPENSSL_malloc(j+1); +- if(peer_CN) { +- memcpy(peer_CN, ASN1_STRING_data(tmp), j); +- peer_CN[j] = '\0'; ++ if(tmp) { ++ if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { ++ j = ASN1_STRING_length(tmp); ++ if(j >= 0) { ++ peer_CN = OPENSSL_malloc(j+1); ++ if(peer_CN) { ++ memcpy(peer_CN, ASN1_STRING_data(tmp), j); ++ peer_CN[j] = '\0'; ++ } + } + } ++ else /* not a UTF8 name */ ++ j = ASN1_STRING_to_UTF8(&peer_CN, tmp); ++ ++ if(peer_CN && ((int)strlen((char *)peer_CN) != j)) { ++ /* there was a terminating zero before the end of string, this ++ cannot match and we return failure! */ ++ failf(data, "SSL: illegal cert name field"); ++ res = CURLE_PEER_FAILED_VERIFICATION; ++ } + } +- else /* not a UTF8 name */ +- j = ASN1_STRING_to_UTF8(&peer_CN, tmp); + } + + if(peer_CN == nulstr) +@@ -1182,7 +1194,10 @@ + } + #endif /* CURL_DOES_CONVERSIONS */ + +- if(!peer_CN) { ++ if(res) ++ /* error already detected, pass through */ ++ ; ++ else if(!peer_CN) { + failf(data, + "SSL: unable to obtain common name from peer certificate"); + return CURLE_PEER_FAILED_VERIFICATION; diff --git a/recipes/obsolete/curl/files/curl-add_all_algorithms.patch b/recipes/obsolete/curl/files/curl-add_all_algorithms.patch new file mode 100644 index 0000000000..a55af12575 --- /dev/null +++ b/recipes/obsolete/curl/files/curl-add_all_algorithms.patch @@ -0,0 +1,22 @@ +--- curl-7.19.5/lib/ssluse.c 2009-01-26 15:36:22.000000000 +0100 ++++ curl-7.19.5/lib/ssluse.c 2009-07-23 15:44:12.000000000 +0200 +@@ -58,6 +58,7 @@ + #ifdef USE_SSLEAY + + #ifdef USE_OPENSSL ++#include <openssl/evp.h> + #include <openssl/rand.h> + #include <openssl/x509v3.h> + #else +@@ -627,6 +628,11 @@ + /* Lets get nice error messages */ + SSL_load_error_strings(); + ++#ifdef USE_OPENSSL ++ /* Load all algorithms (including SHA2) */ ++ OpenSSL_add_all_algorithms(); ++#endif /* USE_OPENSSL */ ++ + /* Setup all the global SSL stuff */ + if(!SSLeay_add_ssl_algorithms()) + return 0; |