rpms/w3m/F-12 bug_566101_Fix-DSO-X11.patch, NONE, 1.1 w3m-0.5.2-nulcn.patch, NONE, 1.1 w3m-0.5.2-ssl_verify_server_on.patch, NONE, 1.1 w3m.spec, 1.57, 1.58

pnemade pnemade at fedoraproject.org
Thu Jun 24 06:18:07 UTC 2010 

Author: pnemade

Update of /cvs/pkgs/rpms/w3m/F-12
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv27341

Modified Files:
	w3m.spec 
Added Files:
	bug_566101_Fix-DSO-X11.patch w3m-0.5.2-nulcn.patch 
	w3m-0.5.2-ssl_verify_server_on.patch 
Log Message:
* Thu Jun 24 2010 Parag <pnemade AT redhat.com> - 0.5.2-17
- Resolves:rh#604864-CVE-2010-2074 w3m: doesn't handle NULL in Common Name properly



bug_566101_Fix-DSO-X11.patch:
 Makefile.in |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE bug_566101_Fix-DSO-X11.patch ---
--- Makefile.in.old	2007-05-29 17:31:04.000000000 +0530
+++ Makefile.in	2010-02-17 14:19:08.000000000 +0530
@@ -193,7 +193,7 @@
 	$(CC) $(CFLAGS) -DDUMMY -c -o $@ $?
 
 $(IMGDISPLAY): w3mimgdisplay.o $(ALIB) w3mimg/w3mimg.a
-	$(CC) $(CFLAGS) -o $(IMGDISPLAY) w3mimgdisplay.o w3mimg/w3mimg.a $(LDFLAGS) $(LIBS) $(IMGLDFLAGS)
+	$(CC) $(CFLAGS) -o $(IMGDISPLAY) w3mimgdisplay.o w3mimg/w3mimg.a $(LDFLAGS) $(LIBS) $(IMGLDFLAGS) -lX11
 
 w3mimgdisplay.o: w3mimgdisplay.c w3mimg/w3mimg.h
 	$(CC) $(CFLAGS) $(IMGCFLAGS) -o $@ -c $(srcdir)/w3mimgdisplay.c

w3m-0.5.2-nulcn.patch:
 istream.c |   28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

--- NEW FILE w3m-0.5.2-nulcn.patch ---
Index: w3m-0.5.2/istream.c
===================================================================
--- w3m-0.5.2.orig/istream.c
+++ w3m-0.5.2/istream.c
@@ -447,8 +447,17 @@ ssl_check_cert_ident(X509 * x, char *hos
 
 		    if (!seen_dnsname)
 			seen_dnsname = Strnew();
+		    /* replace \0 to make full string visible to user */
+		    if (sl != strlen(sn)) {
+			int i;
+			for (i = 0; i < sl; ++i) {
+			    if (!sn[i])
+				sn[i] = '!';
+			}
+		    }
 		    Strcat_m_charp(seen_dnsname, sn, " ", NULL);
-		    if (ssl_match_cert_ident(sn, sl, hostname))
+		    if (sl == strlen(sn) /* catch \0 in SAN */
+			&& ssl_match_cert_ident(sn, sl, hostname))
 			break;
 		}
 	    }
@@ -466,16 +475,27 @@ ssl_check_cert_ident(X509 * x, char *hos
     if (match_ident == FALSE && ret == NULL) {
 	X509_NAME *xn;
 	char buf[2048];
+	int slen;
 
 	xn = X509_get_subject_name(x);
 
-	if (X509_NAME_get_text_by_NID(xn, NID_commonName,
-				      buf, sizeof(buf)) == -1)
+	slen = X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf));
+	if ( slen == -1)
 	    /* FIXME: gettextize? */
 	    ret = Strnew_charp("Unable to get common name from peer cert");
-	else if (!ssl_match_cert_ident(buf, strlen(buf), hostname))
+	else if (slen != strlen(buf)
+		|| !ssl_match_cert_ident(buf, strlen(buf), hostname)) {
+	    /* replace \0 to make full string visible to user */
+	    if (slen != strlen(buf)) {
+		int i;
+		for (i = 0; i < slen; ++i) {
+		    if (!buf[i])
+			buf[i] = '!';
+		}
+	    }
 	    /* FIXME: gettextize? */
 	    ret = Sprintf("Bad cert ident %s from %s", buf, hostname);
+	}
 	else
 	    match_ident = TRUE;
     }

w3m-0.5.2-ssl_verify_server_on.patch:
 fm.h |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- NEW FILE w3m-0.5.2-ssl_verify_server_on.patch ---
verify SSL certificates by default. SSL support really is pointless without doing that.
Also disable use of SSLv2 by default as it's insecure, deprecated, dead since last century.
Index: w3m-0.5.2/fm.h
===================================================================
--- w3m-0.5.2.orig/fm.h
+++ w3m-0.5.2/fm.h
@@ -1120,7 +1120,7 @@ global int view_unseenobject init(TRUE);
 #endif
 
 #if defined(USE_SSL) && defined(USE_SSL_VERIFY)
-global int ssl_verify_server init(FALSE);
+global int ssl_verify_server init(TRUE);
 global char *ssl_cert_file init(NULL);
 global char *ssl_key_file init(NULL);
 global char *ssl_ca_path init(NULL);
@@ -1129,7 +1129,7 @@ global int ssl_path_modified init(FALSE)
 #endif				/* defined(USE_SSL) &&
 				 * defined(USE_SSL_VERIFY) */
 #ifdef USE_SSL
-global char *ssl_forbid_method init(NULL);
+global char *ssl_forbid_method init("2");
 #endif
 
 global int is_redisplay init(FALSE);


Index: w3m.spec
===================================================================
RCS file: /cvs/pkgs/rpms/w3m/F-12/w3m.spec,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -p -r1.57 -r1.58
--- w3m.spec	21 Aug 2009 16:24:33 -0000	1.57
+++ w3m.spec	24 Jun 2010 06:18:06 -0000	1.58
@@ -5,7 +5,7 @@
 
 Name:     w3m
 Version:  0.5.2
-Release:  15%{?dist}
+Release:  17%{?dist}
 License:  MIT
 URL:      http://w3m.sourceforge.net/
 BuildRoot:     %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -31,9 +31,12 @@ Source14:  filter-requires-w3m.sh
 %define __find_requires %{SOURCE14}
 
 ## fix patch
-Patch15:  w3m-0.4.1-helpcharset.patch
-Patch21:  w3m-0.5.1-gcc4.patch
-Patch24:  w3m-0.5.2-multilib.patch
+Patch0:  w3m-0.4.1-helpcharset.patch
+Patch1:  w3m-0.5.1-gcc4.patch
+Patch2:  w3m-0.5.2-multilib.patch
+Patch4:  bug_566101_Fix-DSO-X11.patch
+Patch5:  w3m-0.5.2-nulcn.patch
+Patch6:  w3m-0.5.2-ssl_verify_server_on.patch
 
 Summary:  A pager with Web browsing abilities
 Group:    Applications/Internet
@@ -68,9 +71,12 @@ linux framebuffer.
 chmod 755 doc
 chmod 755 doc-jp
 
-%patch15 -p1
-%patch21 -p1
-%patch24 -p1
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch4 -p0
+%patch5 -p1
+%patch6 -p1
 
 %if %{with_utf8}
 pushd doc-jp
@@ -140,6 +146,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_libexecdir}/w3m/w3mimgdisplay
 
 %changelog
+* Thu Jun 24 2010 Parag <pnemade AT redhat.com> - 0.5.2-17
+- Resolves:rh#604864-CVE-2010-2074 w3m: doesn't handle NULL in Common Name properly 
+
+* Wed Feb 17 2010 Parag <pnemade AT redhat.com> - 0.5.2-16
+- Resolves:rh#566101-FTBFS w3m-0.5.2-16.fc13: ImplicitDSOLinking 
+
 * Fri Aug 21 2009 Tomas Mraz <tmraz at redhat.com> - 0.5.2-15
 - rebuilt with new openssl

More information about the scm-commits mailing list