pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/net/wget Add a fix for SA36540 (SSL certificate spoofi...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/823d9c9d5d15
branches:  trunk
changeset: 399199:823d9c9d5d15
user:      tron <tron%pkgsrc.org@localhost>
date:      Mon Sep 14 12:06:12 2009 +0000

description:
Add a fix for SA36540 (SSL certificate spoofing vulnerability) taken
from the source repository.

diffstat:

 net/wget/Makefile         |   4 ++-
 net/wget/distinfo         |   3 +-
 net/wget/patches/patch-aa |  65 +++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 70 insertions(+), 2 deletions(-)

diffs (99 lines):

diff -r 52671d5964d6 -r 823d9c9d5d15 net/wget/Makefile
--- a/net/wget/Makefile Mon Sep 14 11:45:22 2009 +0000
+++ b/net/wget/Makefile Mon Sep 14 12:06:12 2009 +0000
@@ -1,12 +1,14 @@
-# $NetBSD: Makefile,v 1.99 2008/07/18 09:36:39 wiz Exp $
+# $NetBSD: Makefile,v 1.100 2009/09/14 12:06:12 tron Exp $
 
 DISTNAME=      wget-1.11.4
+PKGREVISION=   1
 CATEGORIES=    net
 MASTER_SITES=  ${MASTER_SITE_GNU:=wget/}
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
 HOMEPAGE=      http://www.gnu.org/software/wget/wget.html
 COMMENT=       Retrieve files from the 'net via HTTP and FTP
+LICENSE=       gnu-gpl-v3
 
 PKG_DESTDIR_SUPPORT=   user-destdir
 
diff -r 52671d5964d6 -r 823d9c9d5d15 net/wget/distinfo
--- a/net/wget/distinfo Mon Sep 14 11:45:22 2009 +0000
+++ b/net/wget/distinfo Mon Sep 14 12:06:12 2009 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.33 2008/07/18 09:36:39 wiz Exp $
+$NetBSD: distinfo,v 1.34 2009/09/14 12:06:12 tron Exp $
 
 SHA1 (wget-1.11.4.tar.gz) = a78a3b71fd59504df3ff3dbc0a2195a1410e9eac
 RMD160 (wget-1.11.4.tar.gz) = 1cec99b073fcf64dd362977b0b88a55f8f47bbb8
 Size (wget-1.11.4.tar.gz) = 1475149 bytes
+SHA1 (patch-aa) = eb8852e90ba61f2672fb2eea16f6148e27a6ee2b
diff -r 52671d5964d6 -r 823d9c9d5d15 net/wget/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/wget/patches/patch-aa Mon Sep 14 12:06:12 2009 +0000
@@ -0,0 +1,65 @@
+$NetBSD: patch-aa,v 1.9 2009/09/14 12:06:13 tron Exp $
+
+Fix for SA36540 (SSL certificate spoofing vulnerability) taken from here:
+
+http://hg.addictivecode.org/wget/mainline/rev/2d8c76a23e7d
+http://hg.addictivecode.org/wget/mainline/rev/f2d2ca32fd1b
+
+--- src/openssl.c.orig 2008-04-27 05:48:23.000000000 +0100
++++ src/openssl.c      2009-09-14 13:03:13.000000000 +0100
+@@ -561,9 +561,11 @@
+      - Ensure that ASN1 strings from the certificate are encoded as
+        UTF-8 which can be meaningfully compared to HOST.  */
+ 
++  X509_NAME *xname = X509_get_subject_name(cert);
+   common_name[0] = '\0';
+-  X509_NAME_get_text_by_NID (X509_get_subject_name (cert),
+-                             NID_commonName, common_name, sizeof (common_name));
++  X509_NAME_get_text_by_NID (xname, NID_commonName, common_name,
++                             sizeof (common_name));
++
+   if (!pattern_match (common_name, host))
+     {
+       logprintf (LOG_NOTQUIET, _("\
+@@ -571,6 +573,41 @@
+                  severity, escnonprint (common_name), escnonprint (host));
+       success = false;
+     }
++  else
++    {
++      /* We now determine the length of the ASN1 string. If it differs from
++       * common_name's length, then there is a \0 before the string terminates.
++       * This can be an instance of a null-prefix attack.
++       *
++       * https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike
++       * */
++
++      int i = -1, j;
++      X509_NAME_ENTRY *xentry;
++      ASN1_STRING *sdata;
++
++      if (xname) {
++        for (;;)
++          {
++            j = X509_NAME_get_index_by_NID (xname, NID_commonName, i);
++            if (j == -1) break;
++            i = j;
++          }
++      }
++
++      xentry = X509_NAME_get_entry(xname,i);
++      sdata = X509_NAME_ENTRY_get_data(xentry);
++      if (strlen (common_name) != ASN1_STRING_length (sdata)) 
++        {
++          logprintf (LOG_NOTQUIET, _("\
++%s: certificate common name is invalid (contains a NUL character).\n\
++This may be an indication that the host is not who it claims to be\n\
++(that is, it is not the real %s).\n"),
++                     severity, escnonprint (host));
++          success = false;
++        }
++    }
++  
+ 
+   if (success)
+     DEBUGP (("X509 certificate successfully verified and matches host %s\n",



Home | Main Index | Thread Index | Old Index