From ddd965984492e74c3e5fc0fb922d4362fd3aebda Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@vega.ocn.ne.jp>
Date: Wed, 4 May 2011 16:38:13 +0900
Subject: Releasing debian version 0.5.2-8

---
 debian/patches/060_check-null-cn.patch | 57 ----------------------------------
 1 file changed, 57 deletions(-)
 delete mode 100644 debian/patches/060_check-null-cn.patch

(limited to 'debian/patches/060_check-null-cn.patch')

diff --git a/debian/patches/060_check-null-cn.patch b/debian/patches/060_check-null-cn.patch
deleted file mode 100644
index fdab45c..0000000
--- a/debian/patches/060_check-null-cn.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-Description: Check for null bytes in CN/subjAltName
-Origin: http://www.openwall.com/lists/oss-security/2010/06/14/4
-Author: Ludwig Nussel <ludwig.nussel@suse.de>
-Bug-Debian: http://bugs.debian.org/587445
-
---- w3m-0.5.2.orig/istream.c
-+++ w3m-0.5.2/istream.c
-@@ -447,8 +447,17 @@ ssl_check_cert_ident(X509 * x, char *hos
- 
- 		    if (!seen_dnsname)
- 			seen_dnsname = Strnew();
-+		    /* replace \0 to make full string visible to user */
-+		    if (sl != strlen(sn)) {
-+			int i;
-+			for (i = 0; i < sl; ++i) {
-+			    if (!sn[i])
-+				sn[i] = '!';
-+			}
-+		    }
- 		    Strcat_m_charp(seen_dnsname, sn, " ", NULL);
--		    if (ssl_match_cert_ident(sn, sl, hostname))
-+		    if (sl == strlen(sn) /* catch \0 in SAN */
-+			&& ssl_match_cert_ident(sn, sl, hostname))
- 			break;
- 		}
- 	    }
-@@ -466,16 +475,27 @@ ssl_check_cert_ident(X509 * x, char *hos
-     if (match_ident == FALSE && ret == NULL) {
- 	X509_NAME *xn;
- 	char buf[2048];
-+	int slen;
- 
- 	xn = X509_get_subject_name(x);
- 
--	if (X509_NAME_get_text_by_NID(xn, NID_commonName,
--				      buf, sizeof(buf)) == -1)
-+	slen = X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf));
-+	if ( slen == -1)
- 	    /* FIXME: gettextize? */
- 	    ret = Strnew_charp("Unable to get common name from peer cert");
--	else if (!ssl_match_cert_ident(buf, strlen(buf), hostname))
-+	else if (slen != strlen(buf)
-+		|| !ssl_match_cert_ident(buf, strlen(buf), hostname)) {
-+	    /* replace \0 to make full string visible to user */
-+	    if (slen != strlen(buf)) {
-+		int i;
-+		for (i = 0; i < slen; ++i) {
-+		    if (!buf[i])
-+			buf[i] = '!';
-+		}
-+	    }
- 	    /* FIXME: gettextize? */
- 	    ret = Sprintf("Bad cert ident %s from %s", buf, hostname);
-+	}
- 	else
- 	    match_ident = TRUE;
-     }
-- 
cgit v1.2.3