pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/wget Add a fix for SA36540 (SSL certificate spoofi...
details: https://anonhg.NetBSD.org/pkgsrc/rev/823d9c9d5d15
branches: trunk
changeset: 399199:823d9c9d5d15
user: tron <tron%pkgsrc.org@localhost>
date: Mon Sep 14 12:06:12 2009 +0000
description:
Add a fix for SA36540 (SSL certificate spoofing vulnerability) taken
from the source repository.
diffstat:
net/wget/Makefile | 4 ++-
net/wget/distinfo | 3 +-
net/wget/patches/patch-aa | 65 +++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 70 insertions(+), 2 deletions(-)
diffs (99 lines):
diff -r 52671d5964d6 -r 823d9c9d5d15 net/wget/Makefile
--- a/net/wget/Makefile Mon Sep 14 11:45:22 2009 +0000
+++ b/net/wget/Makefile Mon Sep 14 12:06:12 2009 +0000
@@ -1,12 +1,14 @@
-# $NetBSD: Makefile,v 1.99 2008/07/18 09:36:39 wiz Exp $
+# $NetBSD: Makefile,v 1.100 2009/09/14 12:06:12 tron Exp $
DISTNAME= wget-1.11.4
+PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= ${MASTER_SITE_GNU:=wget/}
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
HOMEPAGE= http://www.gnu.org/software/wget/wget.html
COMMENT= Retrieve files from the 'net via HTTP and FTP
+LICENSE= gnu-gpl-v3
PKG_DESTDIR_SUPPORT= user-destdir
diff -r 52671d5964d6 -r 823d9c9d5d15 net/wget/distinfo
--- a/net/wget/distinfo Mon Sep 14 11:45:22 2009 +0000
+++ b/net/wget/distinfo Mon Sep 14 12:06:12 2009 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.33 2008/07/18 09:36:39 wiz Exp $
+$NetBSD: distinfo,v 1.34 2009/09/14 12:06:12 tron Exp $
SHA1 (wget-1.11.4.tar.gz) = a78a3b71fd59504df3ff3dbc0a2195a1410e9eac
RMD160 (wget-1.11.4.tar.gz) = 1cec99b073fcf64dd362977b0b88a55f8f47bbb8
Size (wget-1.11.4.tar.gz) = 1475149 bytes
+SHA1 (patch-aa) = eb8852e90ba61f2672fb2eea16f6148e27a6ee2b
diff -r 52671d5964d6 -r 823d9c9d5d15 net/wget/patches/patch-aa
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/wget/patches/patch-aa Mon Sep 14 12:06:12 2009 +0000
@@ -0,0 +1,65 @@
+$NetBSD: patch-aa,v 1.9 2009/09/14 12:06:13 tron Exp $
+
+Fix for SA36540 (SSL certificate spoofing vulnerability) taken from here:
+
+http://hg.addictivecode.org/wget/mainline/rev/2d8c76a23e7d
+http://hg.addictivecode.org/wget/mainline/rev/f2d2ca32fd1b
+
+--- src/openssl.c.orig 2008-04-27 05:48:23.000000000 +0100
++++ src/openssl.c 2009-09-14 13:03:13.000000000 +0100
+@@ -561,9 +561,11 @@
+ - Ensure that ASN1 strings from the certificate are encoded as
+ UTF-8 which can be meaningfully compared to HOST. */
+
++ X509_NAME *xname = X509_get_subject_name(cert);
+ common_name[0] = '\0';
+- X509_NAME_get_text_by_NID (X509_get_subject_name (cert),
+- NID_commonName, common_name, sizeof (common_name));
++ X509_NAME_get_text_by_NID (xname, NID_commonName, common_name,
++ sizeof (common_name));
++
+ if (!pattern_match (common_name, host))
+ {
+ logprintf (LOG_NOTQUIET, _("\
+@@ -571,6 +573,41 @@
+ severity, escnonprint (common_name), escnonprint (host));
+ success = false;
+ }
++ else
++ {
++ /* We now determine the length of the ASN1 string. If it differs from
++ * common_name's length, then there is a \0 before the string terminates.
++ * This can be an instance of a null-prefix attack.
++ *
++ * https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike
++ * */
++
++ int i = -1, j;
++ X509_NAME_ENTRY *xentry;
++ ASN1_STRING *sdata;
++
++ if (xname) {
++ for (;;)
++ {
++ j = X509_NAME_get_index_by_NID (xname, NID_commonName, i);
++ if (j == -1) break;
++ i = j;
++ }
++ }
++
++ xentry = X509_NAME_get_entry(xname,i);
++ sdata = X509_NAME_ENTRY_get_data(xentry);
++ if (strlen (common_name) != ASN1_STRING_length (sdata))
++ {
++ logprintf (LOG_NOTQUIET, _("\
++%s: certificate common name is invalid (contains a NUL character).\n\
++This may be an indication that the host is not who it claims to be\n\
++(that is, it is not the real %s).\n"),
++ severity, escnonprint (host));
++ success = false;
++ }
++ }
++
+
+ if (success)
+ DEBUGP (("X509 certificate successfully verified and matches host %s\n",
Home |
Main Index |
Thread Index |
Old Index