pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/lighttpd add patch from upstream to fix sign exten...
details: https://anonhg.NetBSD.org/pkgsrc/rev/12b2c4354afa
branches: trunk
changeset: 596136:12b2c4354afa
user: drochner <drochner%pkgsrc.org@localhost>
date: Wed Nov 30 11:13:59 2011 +0000
description:
add patch from upstream to fix sign extension bug which can lead
to out-of-bounds array read
(possible DOS, CVE-2011-4362)
bump PKGREV
diffstat:
www/lighttpd/Makefile | 4 ++--
www/lighttpd/distinfo | 3 ++-
www/lighttpd/patches/patch-aa | 15 +++++++++++++++
3 files changed, 19 insertions(+), 3 deletions(-)
diffs (43 lines):
diff -r b2d7847a257c -r 12b2c4354afa www/lighttpd/Makefile
--- a/www/lighttpd/Makefile Wed Nov 30 11:10:16 2011 +0000
+++ b/www/lighttpd/Makefile Wed Nov 30 11:13:59 2011 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.28 2011/08/23 13:06:54 obache Exp $
+# $NetBSD: Makefile,v 1.29 2011/11/30 11:13:59 drochner Exp $
DISTNAME= lighttpd-1.4.29
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= www
MASTER_SITES= http://download.lighttpd.net/lighttpd/releases-1.4.x/
EXTRACT_SUFX= .tar.bz2
diff -r b2d7847a257c -r 12b2c4354afa www/lighttpd/distinfo
--- a/www/lighttpd/distinfo Wed Nov 30 11:10:16 2011 +0000
+++ b/www/lighttpd/distinfo Wed Nov 30 11:13:59 2011 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.20 2011/07/14 19:59:45 adam Exp $
+$NetBSD: distinfo,v 1.21 2011/11/30 11:13:59 drochner Exp $
SHA1 (lighttpd-1.4.29.tar.bz2) = fe8ee6dc5f5302bffef905fcdf0b35f255e59b32
RMD160 (lighttpd-1.4.29.tar.bz2) = d4369e8970001d2ebe4e49767053c341c4bd2f27
Size (lighttpd-1.4.29.tar.bz2) = 659974 bytes
+SHA1 (patch-aa) = 12969ff0e488494e83188ba8130466c8d7e0275e
diff -r b2d7847a257c -r 12b2c4354afa www/lighttpd/patches/patch-aa
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/lighttpd/patches/patch-aa Wed Nov 30 11:13:59 2011 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-aa,v 1.11 2011/11/30 11:13:59 drochner Exp $
+
+CVE-2011-4362
+
+--- src/http_auth.c.orig 2011-04-24 15:44:59.000000000 +0000
++++ src/http_auth.c
+@@ -95,7 +95,7 @@ static unsigned char * base64_decode(buf
+ ch = in[0];
+ /* run through the whole string, converting as we go */
+ for (i = 0; i < in_len; i++) {
+- ch = in[i];
++ ch = (unsigned char) in[i];
+
+ if (ch == '\0') break;
+
Home |
Main Index |
Thread Index |
Old Index