* [OE-core][kirkstone][PATCH] curl: backport openssl fix CN check error code
@ 2022-07-01 16:12 Jose Quaresma
2022-07-01 18:27 ` Steve Sakoman
0 siblings, 1 reply; 4+ messages in thread
From: Jose Quaresma @ 2022-07-01 16:12 UTC (permalink / raw)
To: openembedded-core; +Cc: ricardo, daiane.angolini, Jose Quaresma
Fix out of memory [1]
OpenSSL host verification + hostname in certificate CN only seems broken in 7.82.0
[1] https://github.com/curl/curl/issues/8559
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
---
...0001-openssl-fix-CN-check-error-code.patch | 38 +++++++++++++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
2 files changed, 39 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch
diff --git a/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch b/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch
new file mode 100644
index 0000000000..c5aa8f2d60
--- /dev/null
+++ b/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch
@@ -0,0 +1,38 @@
+From 0677924c6ec7e0d68964553fb760f6d407242c54 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 8 Mar 2022 13:38:13 +0100
+Subject: [PATCH] openssl: fix CN check error code
+
+Due to a missing 'else' this returns error too easily.
+
+Regressed in: d15692ebb
+
+Reported-by: Kristoffer Gleditsch
+Fixes #8559
+Closes #8560
+
+Upstream-Status: Backported [https://github.com/curl/curl/commit/911714d617c106ed5d553bf003e34ec94ab6a136]
+
+Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
+
+---
+ lib/vtls/openssl.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 616a510..1bafe96 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -1808,7 +1808,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
+ memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen);
+ peer_CN[peerlen] = '\0';
+ }
+- result = CURLE_OUT_OF_MEMORY;
++ else
++ result = CURLE_OUT_OF_MEMORY;
+ }
+ }
+ else /* not a UTF8 name */
+--
+2.34.1
+
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
index ba3fd11820..d5dfe62a39 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -23,6 +23,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2022-27779.patch \
file://CVE-2022-27782-1.patch \
file://CVE-2022-27782-2.patch \
+ file://0001-openssl-fix-CN-check-error-code.patch \
"
SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
--
2.37.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [OE-core][kirkstone][PATCH] curl: backport openssl fix CN check error code
2022-07-01 16:12 [OE-core][kirkstone][PATCH] curl: backport openssl fix CN check error code Jose Quaresma
@ 2022-07-01 18:27 ` Steve Sakoman
2022-07-04 6:43 ` Mikko.Rapeli
0 siblings, 1 reply; 4+ messages in thread
From: Steve Sakoman @ 2022-07-01 18:27 UTC (permalink / raw)
To: Jose Quaresma; +Cc: openembedded-core, ricardo, daiane.angolini, Jose Quaresma
On Fri, Jul 1, 2022 at 6:12 AM Jose Quaresma <quaresma.jose@gmail.com> wrote:
>
> Fix out of memory [1]
>
> OpenSSL host verification + hostname in certificate CN only seems broken in 7.82.0
>
> [1] https://github.com/curl/curl/issues/8559
>
> Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
> ---
> ...0001-openssl-fix-CN-check-error-code.patch | 38 +++++++++++++++++++
> meta/recipes-support/curl/curl_7.82.0.bb | 1 +
> 2 files changed, 39 insertions(+)
> create mode 100644 meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch
>
> diff --git a/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch b/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch
> new file mode 100644
> index 0000000000..c5aa8f2d60
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/0001-openssl-fix-CN-check-error-code.patch
> @@ -0,0 +1,38 @@
> +From 0677924c6ec7e0d68964553fb760f6d407242c54 Mon Sep 17 00:00:00 2001
> +From: Daniel Stenberg <daniel@haxx.se>
> +Date: Tue, 8 Mar 2022 13:38:13 +0100
> +Subject: [PATCH] openssl: fix CN check error code
> +
> +Due to a missing 'else' this returns error too easily.
> +
> +Regressed in: d15692ebb
> +
> +Reported-by: Kristoffer Gleditsch
> +Fixes #8559
> +Closes #8560
> +
> +Upstream-Status: Backported [https://github.com/curl/curl/commit/911714d617c106ed5d553bf003e34ec94ab6a136]
Should be Backport, not Backported! The latter will get you an error:
ERROR: curl-7.82.0-r0 do_patch: Malformed Upstream-Status in patch
No need to re-submit, I've fixed it!
Steve
> +
> +Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
> +
> +---
> + lib/vtls/openssl.c | 3 ++-
> + 1 file changed, 2 insertions(+), 1 deletion(-)
> +
> +diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
> +index 616a510..1bafe96 100644
> +--- a/lib/vtls/openssl.c
> ++++ b/lib/vtls/openssl.c
> +@@ -1808,7 +1808,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
> + memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen);
> + peer_CN[peerlen] = '\0';
> + }
> +- result = CURLE_OUT_OF_MEMORY;
> ++ else
> ++ result = CURLE_OUT_OF_MEMORY;
> + }
> + }
> + else /* not a UTF8 name */
> +--
> +2.34.1
> +
> diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
> index ba3fd11820..d5dfe62a39 100644
> --- a/meta/recipes-support/curl/curl_7.82.0.bb
> +++ b/meta/recipes-support/curl/curl_7.82.0.bb
> @@ -23,6 +23,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
> file://CVE-2022-27779.patch \
> file://CVE-2022-27782-1.patch \
> file://CVE-2022-27782-2.patch \
> + file://0001-openssl-fix-CN-check-error-code.patch \
> "
> SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
>
> --
> 2.37.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#167535): https://lists.openembedded.org/g/openembedded-core/message/167535
> Mute This Topic: https://lists.openembedded.org/mt/92113235/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core][kirkstone][PATCH] curl: backport openssl fix CN check error code
2022-07-01 18:27 ` Steve Sakoman
@ 2022-07-04 6:43 ` Mikko.Rapeli
2022-07-04 7:43 ` Richard Purdie
0 siblings, 1 reply; 4+ messages in thread
From: Mikko.Rapeli @ 2022-07-04 6:43 UTC (permalink / raw)
To: steve
Cc: quaresma.jose, openembedded-core, ricardo, daiane.angolini,
jose.quaresma
Hi,
On Fri, Jul 01, 2022 at 08:27:20AM -1000, Steve Sakoman wrote:
> Should be Backport, not Backported! The latter will get you an error:
>
> ERROR: curl-7.82.0-r0 do_patch: Malformed Upstream-Status in patch
>
> No need to re-submit, I've fixed it!
How is poky/scripts/contrib/patchreview.py setup to run so that this would
fail automatically?
I'd like to have this on my CI builds too.
Cheers,
-Mikko
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core][kirkstone][PATCH] curl: backport openssl fix CN check error code
2022-07-04 6:43 ` Mikko.Rapeli
@ 2022-07-04 7:43 ` Richard Purdie
0 siblings, 0 replies; 4+ messages in thread
From: Richard Purdie @ 2022-07-04 7:43 UTC (permalink / raw)
To: Mikko Rapeli, steve
Cc: quaresma.jose, openembedded-core, ricardo, daiane.angolini,
jose.quaresma
On Mon, 2022-07-04 at 06:43 +0000, Mikko Rapeli wrote:
> Hi,
>
> On Fri, Jul 01, 2022 at 08:27:20AM -1000, Steve Sakoman wrote:
> > Should be Backport, not Backported! The latter will get you an error:
> >
> > ERROR: curl-7.82.0-r0 do_patch: Malformed Upstream-Status in patch
> >
> > No need to re-submit, I've fixed it!
>
> How is poky/scripts/contrib/patchreview.py setup to run so that this would
> fail automatically?
>
> I'd like to have this on my CI builds too.
See insane.bbclass, do_qa_patch. The issue will be:
# skip patches not in oe-core
if '/meta/' not in fullpath:
continue
since we limited this to OE-Core originally. We probably need to make
that configurable.
Cheers,
Richard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-07-04 7:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-01 16:12 [OE-core][kirkstone][PATCH] curl: backport openssl fix CN check error code Jose Quaresma
2022-07-01 18:27 ` Steve Sakoman
2022-07-04 6:43 ` Mikko.Rapeli
2022-07-04 7:43 ` Richard Purdie
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.