pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2004Q4]: pkgsrc/www/curl Pullup ticket 311 - requested by Lubo...
details: https://anonhg.NetBSD.org/pkgsrc/rev/bc75c81b7d14
branches: pkgsrc-2004Q4
changeset: 485937:bc75c81b7d14
user: snj <snj%pkgsrc.org@localhost>
date: Sat Feb 26 07:25:30 2005 +0000
description:
Pullup ticket 311 - requested by Lubomir Sedlacik
security fix for curl
Apply a manual patch that fixes a buffer overflow in the NTLM
authentication code. See http://www.securityfocus.com/archive/1/391042
for more information.
diffstat:
www/curl/Makefile | 3 ++-
www/curl/buildlink3.mk | 4 ++--
www/curl/distinfo | 3 ++-
www/curl/patches/patch-aa | 33 +++++++++++++++++++++++++++++++++
4 files changed, 39 insertions(+), 4 deletions(-)
diffs (77 lines):
diff -r ebd9f7854070 -r bc75c81b7d14 www/curl/Makefile
--- a/www/curl/Makefile Fri Feb 25 22:20:36 2005 +0000
+++ b/www/curl/Makefile Sat Feb 26 07:25:30 2005 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.45 2004/11/09 09:18:37 adam Exp $
+# $NetBSD: Makefile,v 1.45.2.1 2005/02/26 07:25:30 snj Exp $
DISTNAME= curl-7.12.2
+PKGREVISION= 1
CATEGORIES= www
MASTER_SITES= http://curl.haxx.se/download/ \
ftp://ftp.sunet.se/pub/www/utilities/curl/ \
diff -r ebd9f7854070 -r bc75c81b7d14 www/curl/buildlink3.mk
--- a/www/curl/buildlink3.mk Fri Feb 25 22:20:36 2005 +0000
+++ b/www/curl/buildlink3.mk Sat Feb 26 07:25:30 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.5 2004/10/03 00:18:25 tv Exp $
+# $NetBSD: buildlink3.mk,v 1.5.2.1 2005/02/26 07:25:30 snj Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
CURL_BUILDLINK3_MK:= ${CURL_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
.if !empty(CURL_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.curl+= curl>=7.9.1
-BUILDLINK_RECOMMENDED.curl?= curl>=7.12.1nb1
+BUILDLINK_RECOMMENDED.curl?= curl>=7.12.2nb1
BUILDLINK_PKGSRCDIR.curl?= ../../www/curl
.endif # CURL_BUILDLINK3_MK
diff -r ebd9f7854070 -r bc75c81b7d14 www/curl/distinfo
--- a/www/curl/distinfo Fri Feb 25 22:20:36 2005 +0000
+++ b/www/curl/distinfo Sat Feb 26 07:25:30 2005 +0000
@@ -1,4 +1,5 @@
-$NetBSD: distinfo,v 1.28 2004/11/09 09:18:37 adam Exp $
+$NetBSD: distinfo,v 1.28.2.1 2005/02/26 07:25:30 snj Exp $
SHA1 (curl-7.12.2.tar.bz2) = 0823103ada811175dfbfbea07ec57ff6d5a9745a
Size (curl-7.12.2.tar.bz2) = 1246427 bytes
+SHA1 (patch-aa) = 0152fac7590f448aae5b9a335a19b988e5732c55
diff -r ebd9f7854070 -r bc75c81b7d14 www/curl/patches/patch-aa
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/curl/patches/patch-aa Sat Feb 26 07:25:30 2005 +0000
@@ -0,0 +1,33 @@
+$NetBSD: patch-aa,v 1.7.10.1 2005/02/26 07:25:30 snj Exp $
+--- lib/http_ntlm.c.orig 2004-07-29 15:09:58.000000000 +0200
++++ lib/http_ntlm.c 2005-02-25 02:02:10.000000000 +0100
+@@ -103,7 +103,6 @@
+ header++;
+
+ if(checkprefix("NTLM", header)) {
+- unsigned char buffer[256];
+ header += strlen("NTLM");
+
+ while(*header && isspace((int)*header))
+@@ -123,8 +122,12 @@
+ (40) Target Information (optional) security buffer(*)
+ 32 (48) start of data block
+ */
++ size_t size;
++ unsigned char *buffer = (unsigned char *)malloc(strlen(header));
++ if (buffer == NULL)
++ return CURLNTLM_BAD;
+
+- size_t size = Curl_base64_decode(header, (char *)buffer);
++ size = Curl_base64_decode(header, (char *)buffer);
+
+ ntlm->state = NTLMSTATE_TYPE2; /* we got a type-2 */
+
+@@ -134,6 +137,7 @@
+
+ /* at index decimal 20, there's a 32bit NTLM flag field */
+
++ free(buffer);
+ }
+ else {
+ if(ntlm->state >= NTLMSTATE_TYPE1)
Home |
Main Index |
Thread Index |
Old Index