diff options
| author | skrll <skrll@pkgsrc.org> | 2002-08-15 08:38:33 +0000 |
|---|---|---|
| committer | skrll <skrll@pkgsrc.org> | 2002-08-15 08:38:33 +0000 |
| commit | 3652e0b5ce4b88626d249f2cbbdf6757bb012295 (patch) | |
| tree | bd5b7af03c1df6f4f7836c39e501776c2880a511 /x11/kdelibs2/patches | |
| parent | 8c0e6366fd0f4383c4d449103e947186d264e2e0 (diff) | |
| download | pkgsrc-3652e0b5ce4b88626d249f2cbbdf6757bb012295.tar.gz | |
Bring in security fix for certificate handling.
PKGREVISION++
Diffstat (limited to 'x11/kdelibs2/patches')
| -rw-r--r-- | x11/kdelibs2/patches/patch-bt | 41 | ||||
| -rw-r--r-- | x11/kdelibs2/patches/patch-bw | 17 | ||||
| -rw-r--r-- | x11/kdelibs2/patches/patch-by | 15 |
3 files changed, 62 insertions, 11 deletions
diff --git a/x11/kdelibs2/patches/patch-bt b/x11/kdelibs2/patches/patch-bt index 216974c0636..a764b508680 100644 --- a/x11/kdelibs2/patches/patch-bt +++ b/x11/kdelibs2/patches/patch-bt @@ -1,8 +1,16 @@ -$NetBSD: patch-bt,v 1.1 2001/11/17 12:01:35 skrll Exp $ +$NetBSD: patch-bt,v 1.2 2002/08/15 08:38:34 skrll Exp $ --- kssl/kopenssl.cc.orig Wed Sep 5 00:08:18 2001 +++ kssl/kopenssl.cc -@@ -117,7 +117,7 @@ +@@ -92,6 +92,7 @@ static int (*K_SSL_CTX_use_certificate) + static int (*K_SSL_get_error) (SSL*, int) = NULL; + static STACK_OF(X509)* (*K_SSL_get_peer_cert_chain) (SSL*) = NULL; + static void (*K_X509_STORE_CTX_set_chain) (X509_STORE_CTX *, STACK_OF(X509)*) = NULL; ++static void (*K_X509_STORE_CTX_set_purpose) (X509_STORE_CTX *, int) = NULL; + static void (*K_sk_free) (STACK*) = NULL; + static int (*K_sk_num) (STACK*) = NULL; + static char* (*K_sk_value) (STACK*, int) = NULL; +@@ -117,7 +118,7 @@ void KOpenSSLProxy::destroy() { _me = NULL; } @@ -11,7 +19,7 @@ $NetBSD: patch-bt,v 1.1 2001/11/17 12:01:35 skrll Exp $ #include <qdir.h> #include <qstring.h> #include <qstringlist.h> -@@ -180,20 +180,16 @@ +@@ -180,20 +181,16 @@ KConfig *cfg; delete cfg; @@ -38,7 +46,7 @@ $NetBSD: patch-bt,v 1.1 2001/11/17 12:01:35 skrll Exp $ // FIXME: #define here for the various OS types to optimize libnamess << "libssl.so.0" << "libssl.so" -@@ -202,10 +198,16 @@ +@@ -202,10 +199,16 @@ KConfig *cfg; libnamesc << "libcrypto.so.0" << "libcrypto.so" << "libcrypto.sl"; @@ -55,7 +63,7 @@ $NetBSD: patch-bt,v 1.1 2001/11/17 12:01:35 skrll Exp $ for (QStringList::Iterator shit = libnamesc.begin(); shit != libnamesc.end(); ++shit) { -@@ -213,9 +215,9 @@ +@@ -213,9 +216,9 @@ KConfig *cfg; _cryptoLib = ll->globalLibrary(alib.latin1()); if (_cryptoLib) break; } @@ -66,7 +74,15 @@ $NetBSD: patch-bt,v 1.1 2001/11/17 12:01:35 skrll Exp $ if (_cryptoLib) { #ifdef HAVE_SSL -@@ -263,16 +265,14 @@ +@@ -254,6 +257,7 @@ KConfig *cfg; + X509**, STACK_OF(X509)**)) _cryptoLib->symbol("PKCS12_parse"); + K_EVP_PKEY_free = (void (*) (EVP_PKEY *)) _cryptoLib->symbol("EVP_PKEY_free"); + K_X509_STORE_CTX_set_chain = (void (*)(X509_STORE_CTX *, STACK_OF(X509)*)) _cryptoLib->symbol("X509_STORE_CTX_set_chain"); ++ K_X509_STORE_CTX_set_purpose = (void (*)(X509_STORE_CTX *, int)) _cryptoLib->symbol("X509_STORE_CTX_set_purpose"); + K_sk_free = (void (*) (STACK *)) _cryptoLib->symbol("sk_free"); + K_sk_num = (int (*) (STACK *)) _cryptoLib->symbol("sk_num"); + K_sk_value = (char* (*) (STACK *, int)) _cryptoLib->symbol("sk_value"); +@@ -263,16 +267,14 @@ KConfig *cfg; #endif } @@ -88,7 +104,7 @@ $NetBSD: patch-bt,v 1.1 2001/11/17 12:01:35 skrll Exp $ for (QStringList::Iterator shit = libnamess.begin(); shit != libnamess.end(); ++shit) { -@@ -280,9 +280,9 @@ +@@ -280,9 +282,9 @@ KConfig *cfg; _sslLib = ll->globalLibrary(alib.latin1()); if (_sslLib) break; } @@ -99,3 +115,14 @@ $NetBSD: patch-bt,v 1.1 2001/11/17 12:01:35 skrll Exp $ if (_sslLib) { #ifdef HAVE_SSL +@@ -742,6 +744,10 @@ char *KOpenSSLProxy::sk_value(STACK *s, + + void KOpenSSLProxy::X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x) { + if (K_X509_STORE_CTX_set_chain) (K_X509_STORE_CTX_set_chain)(v,x); ++} ++ ++void KOpenSSLProxy::X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose) { ++ if (K_X509_STORE_CTX_set_purpose) (K_X509_STORE_CTX_set_purpose)(v,purpose); + } + + diff --git a/x11/kdelibs2/patches/patch-bw b/x11/kdelibs2/patches/patch-bw index 41d61a73297..91ef000444c 100644 --- a/x11/kdelibs2/patches/patch-bw +++ b/x11/kdelibs2/patches/patch-bw @@ -1,8 +1,8 @@ -$NetBSD: patch-bw,v 1.1 2002/02/23 15:24:18 skrll Exp $ +$NetBSD: patch-bw,v 1.2 2002/08/15 08:38:34 skrll Exp $ ---- kssl/ksslcertificate.cc.orig Sat Feb 23 12:21:02 2002 +--- kssl/ksslcertificate.cc.orig Thu Aug 15 09:25:29 2002 +++ kssl/ksslcertificate.cc -@@ -79,7 +79,7 @@ +@@ -79,7 +79,7 @@ public: KSSLCertificate::KSSLCertificate() { d = new KSSLCertificatePrivate; d->m_stateCached = false; @@ -11,7 +11,16 @@ $NetBSD: patch-bw,v 1.1 2002/02/23 15:24:18 skrll Exp $ #ifdef HAVE_SSL d->m_cert = NULL; #endif -@@ -447,7 +447,7 @@ +@@ -262,6 +262,8 @@ KSSLCertificate::KSSLValidation KSSLCert + // FIXME: do all the X509_STORE_CTX_set_flags(); here + // +-----> Note that this is for 0.9.6 or better ONLY! + ++ d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX, X509_PURPOSE_SSL_SERVER); ++ + //kdDebug(7029) << "KSSL verifying.............." << endl; + certStoreCTX->error = X509_V_OK; + rc = d->kossl->X509_verify_cert(certStoreCTX); +@@ -433,7 +435,7 @@ int operator==(KSSLCertificate &x, KSSLC KSSLCertificate::KSSLCertificate(const KSSLCertificate& x) { d = new KSSLCertificatePrivate; d->m_stateCached = false; diff --git a/x11/kdelibs2/patches/patch-by b/x11/kdelibs2/patches/patch-by new file mode 100644 index 00000000000..fc074b8100d --- /dev/null +++ b/x11/kdelibs2/patches/patch-by @@ -0,0 +1,15 @@ +$NetBSD: patch-by,v 1.1 2002/08/15 08:38:34 skrll Exp $ + +--- kssl/kopenssl.h.orig Sun Jul 29 05:55:41 2001 ++++ kssl/kopenssl.h +@@ -277,6 +277,10 @@ public: + */ + void X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x); + ++ /* ++ * X509_STORE_CTX_set_purpose - set the purpose of the certificate ++ */ ++ void X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose); + + /* + * X509_verify_cert - verify the certificate |