summaryrefslogtreecommitdiffstats
path: root/x11/kdelibs4/files
diff options
context:
space:
mode:
authorlioux <lioux@FreeBSD.org>2002-08-13 01:34:11 +0000
committerlioux <lioux@FreeBSD.org>2002-08-13 01:34:11 +0000
commit898990789d11f11bf2a15a1754f7140222758ecd (patch)
tree213b59c9bbbed08c5c2d577e4c527209c2e892b8 /x11/kdelibs4/files
parentcc8d86b3e383423bd76451b00eb0e1c9d3d32b2b (diff)
downloadFreeBSD-ports-898990789d11f11bf2a15a1754f7140222758ecd.zip
FreeBSD-ports-898990789d11f11bf2a15a1754f7140222758ecd.tar.gz
o Security fix: "Konqueror (kssl to be precisely) fails to detect
certificates as invalid that have been signed by an issuer who is not allowed to do so. A patch for this problem has been commited to both the CVS HEAD branch and the KDE_3_0_BRANCH" from message by [1] o Bump PORTREVISION Submitted by: Andy Fawcett <andy@athame.co.uk>, Waldo Bastian <bastian@kde.org> [1] Reviewed by: kde Approved by: kde Obtained from: KDE CVS HEAD
Diffstat (limited to 'x11/kdelibs4/files')
-rw-r--r--x11/kdelibs4/files/patch-kopenssl.cc35
-rw-r--r--x11/kdelibs4/files/patch-kopenssl.h19
-rw-r--r--x11/kdelibs4/files/patch-ksslcertificate.cc10
3 files changed, 64 insertions, 0 deletions
diff --git a/x11/kdelibs4/files/patch-kopenssl.cc b/x11/kdelibs4/files/patch-kopenssl.cc
new file mode 100644
index 0000000..42339a3
--- /dev/null
+++ b/x11/kdelibs4/files/patch-kopenssl.cc
@@ -0,0 +1,35 @@
+Index: kio/kssl/kopenssl.cc
+===================================================================
+RCS file: /home/kde/kdelibs/kio/kssl/kopenssl.cc,v
+retrieving revision 1.58.2.1
+retrieving revision 1.58.2.2
+diff -u -3 -p -r1.58.2.1 -r1.58.2.2
+--- kio/kssl/kopenssl.cc 2002/04/10 22:00:44 1.58.2.1
++++ kio/kssl/kopenssl.cc 2002/08/12 16:45:14 1.58.2.2
+@@ -105,6 +105,7 @@ static int (*K_SSL_CTX_use_certificate)
+ static int (*K_SSL_get_error) (SSL*, int) = NULL;
+ static STACK_OF(X509)* (*K_SSL_get_peer_cert_chain) (SSL*) = NULL;
+ static void (*K_X509_STORE_CTX_set_chain) (X509_STORE_CTX *, STACK_OF(X509)*) = NULL;
++static void (*K_X509_STORE_CTX_set_purpose) (X509_STORE_CTX *, int) = NULL;
+ static void (*K_sk_free) (STACK*) = NULL;
+ static int (*K_sk_num) (STACK*) = NULL;
+ static char* (*K_sk_pop) (STACK*) = NULL;
+@@ -348,6 +349,7 @@ KConfig *cfg;
+ K_X509_REQ_free = (void (*)(X509_REQ*)) _cryptoLib->symbol("X509_REQ_free");
+ K_X509_REQ_new = (X509_REQ* (*)()) _cryptoLib->symbol("X509_REQ_new");
+ K_X509_STORE_CTX_set_chain = (void (*)(X509_STORE_CTX *, STACK_OF(X509)*)) _cryptoLib->symbol("X509_STORE_CTX_set_chain");
++ K_X509_STORE_CTX_set_purpose = (void (*)(X509_STORE_CTX *, int)) _cryptoLib->symbol("X509_STORE_CTX_set_purpose");
+ K_sk_free = (void (*) (STACK *)) _cryptoLib->symbol("sk_free");
+ K_sk_num = (int (*) (STACK *)) _cryptoLib->symbol("sk_num");
+ K_sk_pop = (char* (*) (STACK *)) _cryptoLib->symbol("sk_pop");
+@@ -930,6 +932,10 @@ char *KOpenSSLProxy::sk_value(STACK *s,
+
+ void KOpenSSLProxy::X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x) {
+ if (K_X509_STORE_CTX_set_chain) (K_X509_STORE_CTX_set_chain)(v,x);
++}
++
++void KOpenSSLProxy::X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose) {
++ if (K_X509_STORE_CTX_set_purpose) (K_X509_STORE_CTX_set_purpose)(v,purpose);
+ }
+
+
diff --git a/x11/kdelibs4/files/patch-kopenssl.h b/x11/kdelibs4/files/patch-kopenssl.h
new file mode 100644
index 0000000..b123b5b
--- /dev/null
+++ b/x11/kdelibs4/files/patch-kopenssl.h
@@ -0,0 +1,19 @@
+Index: kio/kssl/kopenssl.h
+===================================================================
+RCS file: /home/kde/kdelibs/kio/kssl/kopenssl.h,v
+retrieving revision 1.37.2.1
+retrieving revision 1.37.2.2
+diff -u -3 -p -r1.37.2.1 -r1.37.2.2
+--- kio/kssl/kopenssl.h 2002/04/10 22:00:44 1.37.2.1
++++ kio/kssl/kopenssl.h 2002/08/12 16:45:14 1.37.2.2
+@@ -309,6 +309,10 @@ public:
+ */
+ void X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x);
+
++ /*
++ * X509_STORE_CTX_set_purpose - set the purpose of the certificate
++ */
++ void X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose);
+
+ /*
+ * X509_verify_cert - verify the certificate
diff --git a/x11/kdelibs4/files/patch-ksslcertificate.cc b/x11/kdelibs4/files/patch-ksslcertificate.cc
new file mode 100644
index 0000000..0c05382
--- /dev/null
+++ b/x11/kdelibs4/files/patch-ksslcertificate.cc
@@ -0,0 +1,10 @@
+--- kio/kssl/ksslcertificate.cc.orig Sat Dec 1 01:30:03 2001
++++ kio/kssl/ksslcertificate.cc Mon Aug 12 22:28:40 2002
+@@ -544,6 +544,7 @@
+ //
+
+ // int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
++ d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX, X509_PURPOSE_SSL_SERVER);
+
+ //kdDebug(7029) << "KSSL verifying.............." << endl;
+ certStoreCTX->error = X509_V_OK;
OpenPOWER on IntegriCloud