[pkgsrc/trunk]: pkgsrc/www Add patch by Ludwig Nussel to fix the certificate ...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/92c521b8749b
branches:  trunk
changeset: 577072:92c521b8749b
user:      tron <tron%pkgsrc.org@localhost>
date:      Thu Jul 01 18:50:14 2010 +0000

description:
Add patch by Ludwig Nussel to fix the certificate spoofing vulnerability
reported in CVE-2010-2074.

diffstat:

 www/w3m-img/Makefile     |   5 +--
 www/w3m/Makefile         |   5 +--
 www/w3m/distinfo         |   4 ++-
 www/w3m/patches/patch-ac |  26 +++++++++++++++++++++
 www/w3m/patches/patch-ad |  58 ++++++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 91 insertions(+), 7 deletions(-)

diffs (135 lines):

diff -r 4c3f8e85999c -r 92c521b8749b www/w3m-img/Makefile
--- a/www/w3m-img/Makefile      Thu Jul 01 18:14:19 2010 +0000
+++ b/www/w3m-img/Makefile      Thu Jul 01 18:50:14 2010 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.19 2010/01/24 13:26:12 wiz Exp $
-#
+# $NetBSD: Makefile,v 1.20 2010/07/01 18:50:15 tron Exp $
 
 PKGNAME=       w3m-img-${W3M_VERS}
-PKGREVISION=   4
+PKGREVISION=   5
 COMMENT=       Multilingualized version of a pager/text-based browser w3m with inline image support
 
 CONFLICTS+=    w3m-[0-9]*
diff -r 4c3f8e85999c -r 92c521b8749b www/w3m/Makefile
--- a/www/w3m/Makefile  Thu Jul 01 18:14:19 2010 +0000
+++ b/www/w3m/Makefile  Thu Jul 01 18:50:14 2010 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.57 2010/01/17 12:02:51 wiz Exp $
-#
+# $NetBSD: Makefile,v 1.58 2010/07/01 18:50:14 tron Exp $
 
 PKGNAME=       w3m-${W3M_VERS}
-PKGREVISION=   4
+PKGREVISION=   5
 COMMENT=       Multilingualized version of a pager/text-based browser w3m
 
 CONFLICTS+=    w3m-img-[0-9]*
diff -r 4c3f8e85999c -r 92c521b8749b www/w3m/distinfo
--- a/www/w3m/distinfo  Thu Jul 01 18:14:19 2010 +0000
+++ b/www/w3m/distinfo  Thu Jul 01 18:50:14 2010 +0000
@@ -1,8 +1,10 @@
-$NetBSD: distinfo,v 1.20 2008/12/13 08:52:13 obache Exp $
+$NetBSD: distinfo,v 1.21 2010/07/01 18:50:14 tron Exp $
 
 SHA1 (w3m-0.5.2.tar.gz) = 484522547ae6dbb342d3858a2a53a65451e273f9
 RMD160 (w3m-0.5.2.tar.gz) = 09ce72d8ef5e621a2e49496b63e22f2773edbe79
 Size (w3m-0.5.2.tar.gz) = 1906812 bytes
 SHA1 (patch-aa) = 2de78a6db9bd483416895b393935ccadab879932
 SHA1 (patch-ab) = 2d60d7a2946f13a185591c0b927cf0f8b5ea351b
+SHA1 (patch-ac) = 800d4b8c2ed93ccaa000564366ad07fabcc5bdc2
+SHA1 (patch-ad) = 7a11f6f97fb5d01a420c95bcd03e577ffd3a241f
 SHA1 (patch-ak) = ac0ee99d5ab49c431cfa496d0d2d509efd6b06fa
diff -r 4c3f8e85999c -r 92c521b8749b www/w3m/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/w3m/patches/patch-ac  Thu Jul 01 18:50:14 2010 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-ac,v 1.14 2010/07/01 18:50:15 tron Exp $
+
+Fix for CVE-2010-2074 taken from here:
+
+http://www.openwall.com/lists/oss-security/2010/06/14/4
+
+--- fm.h.orig  2007-05-30 05:47:24.000000000 +0100
++++ fm.h       2010-07-01 19:26:27.000000000 +0100
+@@ -1119,7 +1119,7 @@
+ #endif
+ 
+ #if defined(USE_SSL) && defined(USE_SSL_VERIFY)
+-global int ssl_verify_server init(FALSE);
++global int ssl_verify_server init(TRUE);
+ global char *ssl_cert_file init(NULL);
+ global char *ssl_key_file init(NULL);
+ global char *ssl_ca_path init(NULL);
+@@ -1128,7 +1128,7 @@
+ #endif                                /* defined(USE_SSL) &&
+                                * defined(USE_SSL_VERIFY) */
+ #ifdef USE_SSL
+-global char *ssl_forbid_method init(NULL);
++global char *ssl_forbid_method init("2");
+ #endif
+ 
+ global int is_redisplay init(FALSE);
diff -r 4c3f8e85999c -r 92c521b8749b www/w3m/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/w3m/patches/patch-ad  Thu Jul 01 18:50:14 2010 +0000
@@ -0,0 +1,58 @@
+$NetBSD: patch-ad,v 1.8 2010/07/01 18:50:15 tron Exp $
+
+Fix for CVE-2010-2074 taken from here:
+
+http://www.openwall.com/lists/oss-security/2010/06/14/4
+
+--- istream.c.orig     2007-05-23 16:06:05.000000000 +0100
++++ istream.c  2010-07-01 19:31:00.000000000 +0100
+@@ -447,8 +447,17 @@
+ 
+                   if (!seen_dnsname)
+                       seen_dnsname = Strnew();
++                  /* replace \0 to make full string visible to user */
++                  if (sl != strlen(sn)) {
++                      int i;
++                      for (i = 0; i < sl; ++i) {
++                          if (!sn[i])
++                              sn[i] = '!';
++                      }
++                  }
+                   Strcat_m_charp(seen_dnsname, sn, " ", NULL);
+-                  if (ssl_match_cert_ident(sn, sl, hostname))
++                  if (sl == strlen(sn) /* catch \0 in SAN */
++                      && ssl_match_cert_ident(sn, sl, hostname))
+                       break;
+               }
+           }
+@@ -466,16 +475,27 @@
+     if (match_ident == FALSE && ret == NULL) {
+       X509_NAME *xn;
+       char buf[2048];
++      int slen;
+ 
+       xn = X509_get_subject_name(x);
+ 
+-      if (X509_NAME_get_text_by_NID(xn, NID_commonName,
+-                                    buf, sizeof(buf)) == -1)
++      slen = X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf));
++      if ( slen == -1)
+           /* FIXME: gettextize? */
+           ret = Strnew_charp("Unable to get common name from peer cert");
+-      else if (!ssl_match_cert_ident(buf, strlen(buf), hostname))
++      else if (slen != strlen(buf)
++              || !ssl_match_cert_ident(buf, strlen(buf), hostname)) {
++          /* replace \0 to make full string visible to user */
++          if (slen != strlen(buf)) {
++              int i;
++              for (i = 0; i < slen; ++i) {
++                  if (!buf[i])
++                      buf[i] = '!';
++              }
++          }
+           /* FIXME: gettextize? */
+           ret = Sprintf("Bad cert ident %s from %s", buf, hostname);
++      }
+       else
+           match_ident = TRUE;
+     }