On Fri, Jul 1, 2022 at 6:12 AM Jose Quaresma <[email protected]> wrote: > > Fix out of memory [1] > > OpenSSL host verification + hostname in certificate CN only seems broken in > 7.82.0 > > [1] https://github.com/curl/curl/issues/8559 > > Signed-off-by: Jose Quaresma <[email protected]> > --- > ...0001-openssl-fix-CN-check-error-code.patch | 38 +++++++++++++++++++ > meta/recipes-support/curl/curl_7.82.0.bb | 1 + > 2 files changed, 39 insertions(+) > create mode 100644 > meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch > > diff --git > a/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch > b/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch > new file mode 100644 > index 0000000000..c5aa8f2d60 > --- /dev/null > +++ > b/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch > @@ -0,0 +1,38 @@ > +From 0677924c6ec7e0d68964553fb760f6d407242c54 Mon Sep 17 00:00:00 2001 > +From: Daniel Stenberg <[email protected]> > +Date: Tue, 8 Mar 2022 13:38:13 +0100 > +Subject: [PATCH] openssl: fix CN check error code > + > +Due to a missing 'else' this returns error too easily. > + > +Regressed in: d15692ebb > + > +Reported-by: Kristoffer Gleditsch > +Fixes #8559 > +Closes #8560 > + > +Upstream-Status: Backported > [https://github.com/curl/curl/commit/911714d617c106ed5d553bf003e34ec94ab6a136]
Should be Backport, not Backported! The latter will get you an error: ERROR: curl-7.82.0-r0 do_patch: Malformed Upstream-Status in patch No need to re-submit, I've fixed it! Steve > + > +Signed-off-by: Jose Quaresma <[email protected]> > + > +--- > + lib/vtls/openssl.c | 3 ++- > + 1 file changed, 2 insertions(+), 1 deletion(-) > + > +diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c > +index 616a510..1bafe96 100644 > +--- a/lib/vtls/openssl.c > ++++ b/lib/vtls/openssl.c > +@@ -1808,7 +1808,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, > struct connectdata *conn, > + memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen); > + peer_CN[peerlen] = '\0'; > + } > +- result = CURLE_OUT_OF_MEMORY; > ++ else > ++ result = CURLE_OUT_OF_MEMORY; > + } > + } > + else /* not a UTF8 name */ > +-- > +2.34.1 > + > diff --git a/meta/recipes-support/curl/curl_7.82.0.bb > b/meta/recipes-support/curl/curl_7.82.0.bb > index ba3fd11820..d5dfe62a39 100644 > --- a/meta/recipes-support/curl/curl_7.82.0.bb > +++ b/meta/recipes-support/curl/curl_7.82.0.bb > @@ -23,6 +23,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ > file://CVE-2022-27779.patch \ > file://CVE-2022-27782-1.patch \ > file://CVE-2022-27782-2.patch \ > + file://0001-openssl-fix-CN-check-error-code.patch \ > " > SRC_URI[sha256sum] = > "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" > > -- > 2.37.0 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#167539): https://lists.openembedded.org/g/openembedded-core/message/167539 Mute This Topic: https://lists.openembedded.org/mt/92113235/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
