diff options
author | spz <spz> | 2009-09-15 10:26:34 +0000 |
---|---|---|
committer | spz <spz> | 2009-09-15 10:26:34 +0000 |
commit | 3c23517dfd9ba1a4662d0d152a6d052a0503703c (patch) | |
tree | cd783898b50517a74a218399df1ef6846cfa829f | |
parent | ee7a64ee7a36a2ffd50674d66ca7d2723ba5bb45 (diff) | |
download | pkgsrc-3c23517dfd9ba1a4662d0d152a6d052a0503703c.tar.gz |
Pullup ticket 2893 - requested by tron
security fix
Revisions pulled up:
- pkgsrc/net/wget/Makefile 1.100
- pkgsrc/net/wget/distinfo 1.34
Files added:
pkgsrc/net/wget/patches/patch-aa 1.9
Module Name: pkgsrc
Committed By: tron
Date: Mon Sep 14 12:06:13 UTC 2009
Modified Files:
pkgsrc/net/wget: Makefile distinfo
Added Files:
pkgsrc/net/wget/patches: patch-aa
Log Message:
Add a fix for SA36540 (SSL certificate spoofing vulnerability) taken
from the source repository.
To generate a diff of this commit:
cvs rdiff -u -r1.99 -r1.100 pkgsrc/net/wget/Makefile
cvs rdiff -u -r1.33 -r1.34 pkgsrc/net/wget/distinfo
cvs rdiff -u -r0 -r1.9 pkgsrc/net/wget/patches/patch-aa
-rw-r--r-- | net/wget/Makefile | 4 | ||||
-rw-r--r-- | net/wget/distinfo | 3 | ||||
-rw-r--r-- | net/wget/patches/patch-aa | 65 |
3 files changed, 70 insertions, 2 deletions
diff --git a/net/wget/Makefile b/net/wget/Makefile index 189f938a177..78581882ecd 100644 --- a/net/wget/Makefile +++ b/net/wget/Makefile @@ -1,12 +1,14 @@ -# $NetBSD: Makefile,v 1.99 2008/07/18 09:36:39 wiz Exp $ +# $NetBSD: Makefile,v 1.99.10.1 2009/09/15 10:26:34 spz Exp $ DISTNAME= wget-1.11.4 +PKGREVISION= 1 CATEGORIES= net MASTER_SITES= ${MASTER_SITE_GNU:=wget/} MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.gnu.org/software/wget/wget.html COMMENT= Retrieve files from the 'net via HTTP and FTP +LICENSE= gnu-gpl-v3 PKG_DESTDIR_SUPPORT= user-destdir diff --git a/net/wget/distinfo b/net/wget/distinfo index 105fed49c7a..f7c5f783741 100644 --- a/net/wget/distinfo +++ b/net/wget/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.33 2008/07/18 09:36:39 wiz Exp $ +$NetBSD: distinfo,v 1.33.10.1 2009/09/15 10:26:34 spz Exp $ SHA1 (wget-1.11.4.tar.gz) = a78a3b71fd59504df3ff3dbc0a2195a1410e9eac RMD160 (wget-1.11.4.tar.gz) = 1cec99b073fcf64dd362977b0b88a55f8f47bbb8 Size (wget-1.11.4.tar.gz) = 1475149 bytes +SHA1 (patch-aa) = eb8852e90ba61f2672fb2eea16f6148e27a6ee2b diff --git a/net/wget/patches/patch-aa b/net/wget/patches/patch-aa new file mode 100644 index 00000000000..34f360aaa56 --- /dev/null +++ b/net/wget/patches/patch-aa @@ -0,0 +1,65 @@ +$NetBSD: patch-aa,v 1.9.2.2 2009/09/15 10:26:34 spz Exp $ + +Fix for SA36540 (SSL certificate spoofing vulnerability) taken from here: + +http://hg.addictivecode.org/wget/mainline/rev/2d8c76a23e7d +http://hg.addictivecode.org/wget/mainline/rev/f2d2ca32fd1b + +--- src/openssl.c.orig 2008-04-27 05:48:23.000000000 +0100 ++++ src/openssl.c 2009-09-14 13:03:13.000000000 +0100 +@@ -561,9 +561,11 @@ + - Ensure that ASN1 strings from the certificate are encoded as + UTF-8 which can be meaningfully compared to HOST. */ + ++ X509_NAME *xname = X509_get_subject_name(cert); + common_name[0] = '\0'; +- X509_NAME_get_text_by_NID (X509_get_subject_name (cert), +- NID_commonName, common_name, sizeof (common_name)); ++ X509_NAME_get_text_by_NID (xname, NID_commonName, common_name, ++ sizeof (common_name)); ++ + if (!pattern_match (common_name, host)) + { + logprintf (LOG_NOTQUIET, _("\ +@@ -571,6 +573,41 @@ + severity, escnonprint (common_name), escnonprint (host)); + success = false; + } ++ else ++ { ++ /* We now determine the length of the ASN1 string. If it differs from ++ * common_name's length, then there is a \0 before the string terminates. ++ * This can be an instance of a null-prefix attack. ++ * ++ * https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike ++ * */ ++ ++ int i = -1, j; ++ X509_NAME_ENTRY *xentry; ++ ASN1_STRING *sdata; ++ ++ if (xname) { ++ for (;;) ++ { ++ j = X509_NAME_get_index_by_NID (xname, NID_commonName, i); ++ if (j == -1) break; ++ i = j; ++ } ++ } ++ ++ xentry = X509_NAME_get_entry(xname,i); ++ sdata = X509_NAME_ENTRY_get_data(xentry); ++ if (strlen (common_name) != ASN1_STRING_length (sdata)) ++ { ++ logprintf (LOG_NOTQUIET, _("\ ++%s: certificate common name is invalid (contains a NUL character).\n\ ++This may be an indication that the host is not who it claims to be\n\ ++(that is, it is not the real %s).\n"), ++ severity, escnonprint (host)); ++ success = false; ++ } ++ } ++ + + if (success) + DEBUGP (("X509 certificate successfully verified and matches host %s\n", |