mirror of
https://github.com/Telecominfraproject/wlan-cloud-lib-poco.git
synced 2025-10-30 02:02:30 +00:00
- no longer use reverse DNS lookups for cert hostname validation
- cert hostname validation is case insensitive and more strict - HTMLForm: in URL encoding, percent-encode more special characters - fixed thread priority issues on POSIX platforms with non-standard scheduling policy - XMLWriter no longer escapes apostrophe character - fixed GH# 316: Poco::DateTimeFormatter::append() gives wrong result for Poco::LocalDateTime - fixed GH# 305 (memcpy in Poco::Buffer uses wrong size if type != char) - Zip: fixed a crash caused by an I/O error (e.g., full disk) while creating a Zip archive
This commit is contained in:
Guenter Obiltschnig
@@ -1,12 +1,5 @@
|
||||
This is the changelog file for the POCO C++ Libraries.
|
||||
|
||||
Release 1.4.6p3 (2014-04-02)
|
||||
============================
|
||||
|
||||
- Fixed a potential security vulnerability in client-side X509
|
||||
certificate verification.
|
||||
|
||||
|
||||
Release 1.4.6p2 (2013-09-16)
|
||||
============================
|
||||
|
||||
|
||||
@@ -4,8 +4,8 @@
|
||||
|
||||
#include "winres.h"
|
||||
|
||||
#define POCO_VERSION 1,4,6,3
|
||||
#define POCO_VERSION_STR "1.4.6p3"
|
||||
#define POCO_VERSION 1,4,6,4
|
||||
#define POCO_VERSION_STR "1.4.6p4"
|
||||
|
||||
VS_VERSION_INFO VERSIONINFO
|
||||
FILEVERSION POCO_VERSION
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
//
|
||||
// Buffer.h
|
||||
//
|
||||
// $Id: //poco/1.4/Foundation/include/Poco/Buffer.h#2 $
|
||||
// $Id: //poco/1.4/Foundation/include/Poco/Buffer.h#3 $
|
||||
//
|
||||
// Library: Foundation
|
||||
// Package: Core
|
||||
@@ -81,7 +81,7 @@ public:
|
||||
if (preserveContent)
|
||||
{
|
||||
std::size_t n = newSize > _size ? _size : newSize;
|
||||
std::memcpy(ptr, _ptr, n);
|
||||
std::memcpy(ptr, _ptr, n*sizeof(T));
|
||||
}
|
||||
delete [] _ptr;
|
||||
_ptr = ptr;
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
//
|
||||
// Version.h
|
||||
//
|
||||
// $Id: //poco/1.4/Foundation/include/Poco/Version.h#18 $
|
||||
// $Id: //poco/1.4/Foundation/include/Poco/Version.h#19 $
|
||||
//
|
||||
// Library: Foundation
|
||||
// Package: Core
|
||||
@@ -54,7 +54,7 @@
|
||||
// Ax are alpha releases
|
||||
// Bx are beta releases
|
||||
//
|
||||
#define POCO_VERSION 0x01040603
|
||||
#define POCO_VERSION 0x01040604
|
||||
|
||||
|
||||
#endif // Foundation_Version_INCLUDED
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
//
|
||||
// DateTimeFormatter.cpp
|
||||
//
|
||||
// $Id: //poco/1.4/Foundation/src/DateTimeFormatter.cpp#3 $
|
||||
// $Id: //poco/1.4/Foundation/src/DateTimeFormatter.cpp#4 $
|
||||
//
|
||||
// Library: Foundation
|
||||
// Package: DateTime
|
||||
@@ -45,7 +45,7 @@ namespace Poco {
|
||||
|
||||
void DateTimeFormatter::append(std::string& str, const LocalDateTime& dateTime, const std::string& fmt)
|
||||
{
|
||||
DateTimeFormatter::append(str, dateTime.utc(), fmt, dateTime.tzd());
|
||||
DateTimeFormatter::append(str, dateTime._dateTime, fmt, dateTime.tzd());
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
//
|
||||
// Thread_POSIX.cpp
|
||||
//
|
||||
// $Id: //poco/1.4/Foundation/src/Thread_POSIX.cpp#9 $
|
||||
// $Id: //poco/1.4/Foundation/src/Thread_POSIX.cpp#10 $
|
||||
//
|
||||
// Library: Foundation
|
||||
// Package: Threading
|
||||
@@ -100,6 +100,7 @@ void ThreadImpl::setPriorityImpl(int prio)
|
||||
if (prio != _pData->prio)
|
||||
{
|
||||
_pData->prio = prio;
|
||||
_pData->policy = SCHED_OTHER;
|
||||
if (isRunningImpl())
|
||||
{
|
||||
struct sched_param par;
|
||||
@@ -111,7 +112,7 @@ void ThreadImpl::setPriorityImpl(int prio)
|
||||
}
|
||||
|
||||
|
||||
void ThreadImpl::setOSPriorityImpl(int prio, int policy )
|
||||
void ThreadImpl::setOSPriorityImpl(int prio, int policy)
|
||||
{
|
||||
if (prio != _pData->osPrio || policy != _pData->policy)
|
||||
{
|
||||
@@ -214,7 +215,7 @@ void ThreadImpl::startImpl(Runnable& target)
|
||||
else
|
||||
{
|
||||
struct sched_param par;
|
||||
par.sched_priority = mapPrio(_pData->prio, _pData->policy);
|
||||
par.sched_priority = _pData->osPrio;
|
||||
if (pthread_setschedparam(_pData->thread, _pData->policy, &par))
|
||||
throw SystemException("cannot set thread priority");
|
||||
}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
//
|
||||
// HTMLForm.cpp
|
||||
//
|
||||
// $Id: //poco/1.4/Net/src/HTMLForm.cpp#4 $
|
||||
// $Id: //poco/1.4/Net/src/HTMLForm.cpp#5 $
|
||||
//
|
||||
// Library: Net
|
||||
// Package: HTML
|
||||
@@ -345,9 +345,9 @@ void HTMLForm::writeUrl(std::ostream& ostr)
|
||||
{
|
||||
if (it != begin()) ostr << "&";
|
||||
std::string name;
|
||||
URI::encode(it->first, "=&+;", name);
|
||||
URI::encode(it->first, "!?#/'\",;:$&()[]*+=@", name);
|
||||
std::string value;
|
||||
URI::encode(it->second, "=&+;", value);
|
||||
URI::encode(it->second, "!?#/'\",;:$&()[]*+=@", value);
|
||||
ostr << name << "=" << value;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -695,8 +695,6 @@ NetworkInterface::NetworkInterfaceList NetworkInterface::list()
|
||||
{
|
||||
for (currIface = ifaces; currIface != 0; currIface = currIface->ifa_next)
|
||||
{
|
||||
if(currIface->ifa_addr == 0) continue;
|
||||
|
||||
IPAddress addr;
|
||||
bool haveAddr = false;
|
||||
int ifIndex(-1);
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
//
|
||||
// X509Certificate.h
|
||||
//
|
||||
// $Id: //poco/1.4/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h#2 $
|
||||
// $Id: //poco/1.4/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h#3 $
|
||||
//
|
||||
// Library: NetSSL_OpenSSL
|
||||
// Package: SSLCore
|
||||
@@ -108,7 +108,7 @@ public:
|
||||
|
||||
protected:
|
||||
static bool containsWildcards(const std::string& commonName);
|
||||
static bool matchByAlias(const std::string& alias, const std::string& hostName);
|
||||
static bool matchWildcard(const std::string& alias, const std::string& hostName);
|
||||
|
||||
private:
|
||||
enum
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
//
|
||||
// X509Certificate.cpp
|
||||
//
|
||||
// $Id: //poco/1.4/NetSSL_OpenSSL/src/X509Certificate.cpp#3 $
|
||||
// $Id: //poco/1.4/NetSSL_OpenSSL/src/X509Certificate.cpp#4 $
|
||||
//
|
||||
// Library: NetSSL_OpenSSL
|
||||
// Package: SSLCore
|
||||
@@ -120,7 +120,7 @@ bool X509Certificate::verify(const Poco::Crypto::X509Certificate& certificate, c
|
||||
{
|
||||
// a compare by IPAddress is not possible with wildcards
|
||||
// only allow compare by name
|
||||
ok = matchByAlias(*it, hostName);
|
||||
ok = matchWildcard(*it, hostName);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -140,8 +140,7 @@ bool X509Certificate::verify(const Poco::Crypto::X509Certificate& certificate, c
|
||||
}
|
||||
else
|
||||
{
|
||||
// compare by name
|
||||
ok = matchByAlias(*it, hostName);
|
||||
ok = Poco::icompare(*it, hostName) == 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -160,37 +159,19 @@ bool X509Certificate::containsWildcards(const std::string& commonName)
|
||||
}
|
||||
|
||||
|
||||
bool X509Certificate::matchByAlias(const std::string& alias, const std::string& hostName)
|
||||
bool X509Certificate::matchWildcard(const std::string& wildcard, const std::string& hostName)
|
||||
{
|
||||
const HostEntry& heData = DNS::resolve(hostName);
|
||||
// fix wildcards
|
||||
std::string aliasRep = Poco::replace(alias, ".", "\\.");
|
||||
Poco::replaceInPlace(aliasRep, "*", ".*");
|
||||
Poco::replaceInPlace(aliasRep, "..*", ".*");
|
||||
Poco::replaceInPlace(aliasRep, "?", ".?");
|
||||
Poco::replaceInPlace(aliasRep, "..?", ".?");
|
||||
// compare by name
|
||||
Poco::RegularExpression expr(aliasRep);
|
||||
bool found = false;
|
||||
const HostEntry::AliasList& aliases = heData.aliases();
|
||||
HostEntry::AliasList::const_iterator it = aliases.begin();
|
||||
HostEntry::AliasList::const_iterator itEnd = aliases.end();
|
||||
for (; it != itEnd && !found; ++it)
|
||||
{
|
||||
found = expr.match(*it);
|
||||
}
|
||||
// Handle the case where the list of aliases is empty.
|
||||
if (!found)
|
||||
{
|
||||
// Compare the resolved host name against the wildcard host name in the certificate.
|
||||
found = expr.match(heData.name());
|
||||
}
|
||||
if (!found)
|
||||
{
|
||||
// Compare the original host name against the wildcard host name in the certificate.
|
||||
found = expr.match(hostName);
|
||||
}
|
||||
return found;
|
||||
std::string wildcardExpr("^");
|
||||
wildcardExpr += Poco::replace(wildcard, ".", "\\.");
|
||||
Poco::replaceInPlace(wildcardExpr, "*", ".*");
|
||||
Poco::replaceInPlace(wildcardExpr, "..*", ".*");
|
||||
Poco::replaceInPlace(wildcardExpr, "?", ".?");
|
||||
Poco::replaceInPlace(wildcardExpr, "..?", ".?");
|
||||
wildcardExpr += "$";
|
||||
|
||||
Poco::RegularExpression expr(wildcardExpr, Poco::RegularExpression::RE_CASELESS);
|
||||
return expr.match(hostName);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
//
|
||||
// XMLWriter.h
|
||||
//
|
||||
// $Id: //poco/1.4/XML/include/Poco/XML/XMLWriter.h#3 $
|
||||
// $Id: //poco/1.4/XML/include/Poco/XML/XMLWriter.h#4 $
|
||||
//
|
||||
// Library: XML
|
||||
// Package: XML
|
||||
@@ -353,7 +353,6 @@ private:
|
||||
std::string _indent;
|
||||
|
||||
static const std::string MARKUP_QUOTENC;
|
||||
static const std::string MARKUP_APOSENC;
|
||||
static const std::string MARKUP_AMPENC;
|
||||
static const std::string MARKUP_LTENC;
|
||||
static const std::string MARKUP_GTENC;
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
//
|
||||
// XMLWriter.cpp
|
||||
//
|
||||
// $Id: //poco/1.4/XML/src/XMLWriter.cpp#6 $
|
||||
// $Id: //poco/1.4/XML/src/XMLWriter.cpp#7 $
|
||||
//
|
||||
// Library: XML
|
||||
// Package: XML
|
||||
@@ -52,7 +52,6 @@ const std::string XMLWriter::NEWLINE_CR = "\r";
|
||||
const std::string XMLWriter::NEWLINE_CRLF = "\r\n";
|
||||
const std::string XMLWriter::NEWLINE_LF = "\n";
|
||||
const std::string XMLWriter::MARKUP_QUOTENC = """;
|
||||
const std::string XMLWriter::MARKUP_APOSENC = "'";
|
||||
const std::string XMLWriter::MARKUP_AMPENC = "&";
|
||||
const std::string XMLWriter::MARKUP_LTENC = "<";
|
||||
const std::string XMLWriter::MARKUP_GTENC = ">";
|
||||
@@ -343,7 +342,6 @@ void XMLWriter::characters(const XMLChar ch[], int start, int length)
|
||||
switch (c)
|
||||
{
|
||||
case '"': writeMarkup(MARKUP_QUOTENC); break;
|
||||
case '\'': writeMarkup(MARKUP_APOSENC); break;
|
||||
case '&': writeMarkup(MARKUP_AMPENC); break;
|
||||
case '<': writeMarkup(MARKUP_LTENC); break;
|
||||
case '>': writeMarkup(MARKUP_GTENC); break;
|
||||
@@ -787,7 +785,6 @@ void XMLWriter::writeAttributes(const AttributeMap& attributeMap)
|
||||
switch (c)
|
||||
{
|
||||
case '"': writeMarkup(MARKUP_QUOTENC); break;
|
||||
case '\'': writeMarkup(MARKUP_APOSENC); break;
|
||||
case '&': writeMarkup(MARKUP_AMPENC); break;
|
||||
case '<': writeMarkup(MARKUP_LTENC); break;
|
||||
case '>': writeMarkup(MARKUP_GTENC); break;
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
//
|
||||
// ZipStream.cpp
|
||||
//
|
||||
// $Id: //poco/1.4/Zip/src/ZipStream.cpp#3 $
|
||||
// $Id: //poco/1.4/Zip/src/ZipStream.cpp#4 $
|
||||
//
|
||||
// Library: Zip
|
||||
// Package: Zip
|
||||
@@ -163,6 +163,11 @@ ZipStreamBuf::ZipStreamBuf(std::ostream& ostr, ZipLocalFileHeader& fileEntry, bo
|
||||
|
||||
ZipStreamBuf::~ZipStreamBuf()
|
||||
{
|
||||
// make sure destruction of streams happens in correct order
|
||||
_ptrOBuf = 0;
|
||||
_ptrOHelper = 0;
|
||||
_ptrBuf = 0;
|
||||
_ptrHelper = 0;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -1,14 +1,6 @@
|
||||
POCO C++ Libraries Release Notes
|
||||
AAAIntroduction
|
||||
|
||||
!!!Release 1.4.6p3
|
||||
|
||||
!!Summary of Changes
|
||||
|
||||
- Fixed a potential security vulnerability in client-side X509
|
||||
certificate verification.
|
||||
|
||||
|
||||
!!!Release 1.4.6p2
|
||||
|
||||
!!Summary of Changes
|
||||
|
||||
Reference in New Issue
Block a user