aboutsummaryrefslogtreecommitdiffstats
path: root/recipes/obsolete/curl
diff options
context:
space:
mode:
authorFrans Meulenbroeks <fransmeulenbroeks@gmail.com>2010-10-08 18:35:46 +0200
committerFrans Meulenbroeks <fransmeulenbroeks@gmail.com>2010-10-08 18:59:31 +0200
commit12d705f554ed92234b7e0aa1d27549abefbdfe82 (patch)
tree798b545ee3117ad01b48cf5813eb460704f18574 /recipes/obsolete/curl
parent104b736e074f5698175dfc759978a3039bd36b53 (diff)
downloadopenembedded-12d705f554ed92234b7e0aa1d27549abefbdfe82.tar.gz
openembedded-12d705f554ed92234b7e0aa1d27549abefbdfe82.tar.bz2
openembedded-12d705f554ed92234b7e0aa1d27549abefbdfe82.zip
curl : moved unused files to obsolete dir
Signed-off-by: Frans Meulenbroeks <fransmeulenbroeks@gmail.com>
Diffstat (limited to 'recipes/obsolete/curl')
-rw-r--r--recipes/obsolete/curl/files/curl-7.18.1-CVE-2009-2417.patch83
-rw-r--r--recipes/obsolete/curl/files/curl-7.19.5-CVE-2009-2417.patch80
-rw-r--r--recipes/obsolete/curl/files/curl-add_all_algorithms.patch22
3 files changed, 185 insertions, 0 deletions
diff --git a/recipes/obsolete/curl/files/curl-7.18.1-CVE-2009-2417.patch b/recipes/obsolete/curl/files/curl-7.18.1-CVE-2009-2417.patch
new file mode 100644
index 0000000000..e7c24c0b6e
--- /dev/null
+++ b/recipes/obsolete/curl/files/curl-7.18.1-CVE-2009-2417.patch
@@ -0,0 +1,83 @@
+---
+ lib/ssluse.c | 40 +++++++++++++++++++++++++++-------------
+ 1 file changed, 27 insertions(+), 13 deletions(-)
+
+--- lib/ssluse.c.orig
++++ lib/ssluse.c
+@@ -1061,7 +1061,7 @@ static CURLcode verifyhost(struct connec
+ if(check->type == target) {
+ /* get data and length */
+ const char *altptr = (char *)ASN1_STRING_data(check->d.ia5);
+- int altlen;
++ size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
+
+ switch(target) {
+ case GEN_DNS: /* name/pattern comparison */
+@@ -1075,14 +1075,16 @@ static CURLcode verifyhost(struct connec
+ "I checked the 0.9.6 and 0.9.8 sources before my patch and
+ it always 0-terminates an IA5String."
+ */
+- if(cert_hostcheck(altptr, conn->host.name))
++ if((altlen == strlen(altptr)) &&
++ /* if this isn't true, there was an embedded zero in the name
++ string and we cannot match it. */
++ cert_hostcheck(altptr, conn->host.name))
+ matched = TRUE;
+ break;
+
+ case GEN_IPADD: /* IP address comparison */
+ /* compare alternative IP address if the data chunk is the same size
+ our server IP address is */
+- altlen = ASN1_STRING_length(check->d.ia5);
+ if((altlen == addrlen) && !memcmp(altptr, &addr, altlen))
+ matched = TRUE;
+ break;
+@@ -1122,18 +1124,27 @@ static CURLcode verifyhost(struct connec
+ string manually to avoid the problem. This code can be made
+ conditional in the future when OpenSSL has been fixed. Work-around
+ brought by Alexis S. L. Carvalho. */
+- if(tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
+- j = ASN1_STRING_length(tmp);
+- if(j >= 0) {
+- peer_CN = OPENSSL_malloc(j+1);
+- if(peer_CN) {
+- memcpy(peer_CN, ASN1_STRING_data(tmp), j);
+- peer_CN[j] = '\0';
++ if(tmp) {
++ if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
++ j = ASN1_STRING_length(tmp);
++ if(j >= 0) {
++ peer_CN = OPENSSL_malloc(j+1);
++ if(peer_CN) {
++ memcpy(peer_CN, ASN1_STRING_data(tmp), j);
++ peer_CN[j] = '\0';
++ }
+ }
+ }
++ else /* not a UTF8 name */
++ j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
++
++ if(peer_CN && ((int)strlen((char *)peer_CN) != j)) {
++ /* there was a terminating zero before the end of string, this
++ cannot match and we return failure! */
++ failf(data, "SSL: illegal cert name field");
++ res = CURLE_PEER_FAILED_VERIFICATION;
++ }
+ }
+- else /* not a UTF8 name */
+- j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
+ }
+
+ if(peer_CN == nulstr)
+@@ -1151,7 +1162,10 @@ static CURLcode verifyhost(struct connec
+ }
+ #endif /* CURL_DOES_CONVERSIONS */
+
+- if(!peer_CN) {
++ if(res)
++ /* error already detected, pass through */
++ ;
++ else if(!peer_CN) {
+ failf(data,
+ "SSL: unable to obtain common name from peer certificate");
+ return CURLE_PEER_FAILED_VERIFICATION;
diff --git a/recipes/obsolete/curl/files/curl-7.19.5-CVE-2009-2417.patch b/recipes/obsolete/curl/files/curl-7.19.5-CVE-2009-2417.patch
new file mode 100644
index 0000000000..f64232c502
--- /dev/null
+++ b/recipes/obsolete/curl/files/curl-7.19.5-CVE-2009-2417.patch
@@ -0,0 +1,80 @@
+--- lib/ssluse.c-7.19.5 2009-08-03 16:01:58.000000000 +0200
++++ lib/ssluse.c 2009-08-03 16:07:17.000000000 +0200
+@@ -1092,7 +1092,8 @@
+ if(check->type == target) {
+ /* get data and length */
+ const char *altptr = (char *)ASN1_STRING_data(check->d.ia5);
+- size_t altlen;
++ size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
++
+
+ switch(target) {
+ case GEN_DNS: /* name/pattern comparison */
+@@ -1106,14 +1107,16 @@
+ "I checked the 0.9.6 and 0.9.8 sources before my patch and
+ it always 0-terminates an IA5String."
+ */
+- if(cert_hostcheck(altptr, conn->host.name))
++ if((altlen == strlen(altptr)) &&
++ /* if this isn't true, there was an embedded zero in the name
++ string and we cannot match it. */
++ cert_hostcheck(altptr, conn->host.name))
+ matched = TRUE;
+ break;
+
+ case GEN_IPADD: /* IP address comparison */
+ /* compare alternative IP address if the data chunk is the same size
+ our server IP address is */
+- altlen = (size_t) ASN1_STRING_length(check->d.ia5);
+ if((altlen == addrlen) && !memcmp(altptr, &addr, altlen))
+ matched = TRUE;
+ break;
+@@ -1153,18 +1156,27 @@
+ string manually to avoid the problem. This code can be made
+ conditional in the future when OpenSSL has been fixed. Work-around
+ brought by Alexis S. L. Carvalho. */
+- if(tmp && ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
+- j = ASN1_STRING_length(tmp);
+- if(j >= 0) {
+- peer_CN = OPENSSL_malloc(j+1);
+- if(peer_CN) {
+- memcpy(peer_CN, ASN1_STRING_data(tmp), j);
+- peer_CN[j] = '\0';
++ if(tmp) {
++ if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
++ j = ASN1_STRING_length(tmp);
++ if(j >= 0) {
++ peer_CN = OPENSSL_malloc(j+1);
++ if(peer_CN) {
++ memcpy(peer_CN, ASN1_STRING_data(tmp), j);
++ peer_CN[j] = '\0';
++ }
+ }
+ }
++ else /* not a UTF8 name */
++ j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
++
++ if(peer_CN && ((int)strlen((char *)peer_CN) != j)) {
++ /* there was a terminating zero before the end of string, this
++ cannot match and we return failure! */
++ failf(data, "SSL: illegal cert name field");
++ res = CURLE_PEER_FAILED_VERIFICATION;
++ }
+ }
+- else /* not a UTF8 name */
+- j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
+ }
+
+ if(peer_CN == nulstr)
+@@ -1182,7 +1194,10 @@
+ }
+ #endif /* CURL_DOES_CONVERSIONS */
+
+- if(!peer_CN) {
++ if(res)
++ /* error already detected, pass through */
++ ;
++ else if(!peer_CN) {
+ failf(data,
+ "SSL: unable to obtain common name from peer certificate");
+ return CURLE_PEER_FAILED_VERIFICATION;
diff --git a/recipes/obsolete/curl/files/curl-add_all_algorithms.patch b/recipes/obsolete/curl/files/curl-add_all_algorithms.patch
new file mode 100644
index 0000000000..a55af12575
--- /dev/null
+++ b/recipes/obsolete/curl/files/curl-add_all_algorithms.patch
@@ -0,0 +1,22 @@
+--- curl-7.19.5/lib/ssluse.c 2009-01-26 15:36:22.000000000 +0100
++++ curl-7.19.5/lib/ssluse.c 2009-07-23 15:44:12.000000000 +0200
+@@ -58,6 +58,7 @@
+ #ifdef USE_SSLEAY
+
+ #ifdef USE_OPENSSL
++#include <openssl/evp.h>
+ #include <openssl/rand.h>
+ #include <openssl/x509v3.h>
+ #else
+@@ -627,6 +628,11 @@
+ /* Lets get nice error messages */
+ SSL_load_error_strings();
+
++#ifdef USE_OPENSSL
++ /* Load all algorithms (including SHA2) */
++ OpenSSL_add_all_algorithms();
++#endif /* USE_OPENSSL */
++
+ /* Setup all the global SSL stuff */
+ if(!SSLeay_add_ssl_algorithms())
+ return 0;