pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2018Q1] pkgsrc/security/mcrypt



Module Name:    pkgsrc
Committed By:   spz
Date:           Sun Jun 17 11:40:03 UTC 2018

Modified Files:
        pkgsrc/security/mcrypt [pkgsrc-2018Q1]: Makefile distinfo
Added Files:
        pkgsrc/security/mcrypt/patches [pkgsrc-2018Q1]: patch-doc_mcrypt.1
            patch-src_errors.c patch-src_extra.c patch-src_gaaout.c
            patch-src_mcrypt.c patch-src_mcrypt.gaa patch-src_mcrypt__int.h
            patch-src_rfc2440.c

Log Message:
Pullup ticket #5765 - requested by bsiegert
security/mcrypt: security patches

Revisions pulled up:
- security/mcrypt/Makefile                                      1.27
- security/mcrypt/distinfo                                      1.9
- security/mcrypt/patches/patch-doc_mcrypt.1                    1.1
- security/mcrypt/patches/patch-src_errors.c                    1.1
- security/mcrypt/patches/patch-src_extra.c                     1.1
- security/mcrypt/patches/patch-src_gaaout.c                    1.1
- security/mcrypt/patches/patch-src_mcrypt.c                    1.1
- security/mcrypt/patches/patch-src_mcrypt.gaa                  1.1
- security/mcrypt/patches/patch-src_mcrypt__int.h               1.1
- security/mcrypt/patches/patch-src_rfc2440.c                   1.1

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   ginsbach
   Date:           Wed May 30 14:58:03 UTC 2018

   Modified Files:
           pkgsrc/security/mcrypt: Makefile distinfo
   Added Files:
           pkgsrc/security/mcrypt/patches: patch-doc_mcrypt.1 patch-src_errors.c
               patch-src_extra.c patch-src_gaaout.c patch-src_mcrypt.c
               patch-src_mcrypt.gaa patch-src_mcrypt__int.h patch-src_rfc2440.c

   Log Message:
   Add various patches from (Brew, Debian, Red Hat, SUSE)

   Upstream for mcrypt is effectively dead so incorporate patches from
   other OSS packaging systems.  These patches address the following:

   * CVE-2012-4409 (fix)
   * CVE-2012-4527 (fix)
   * Spelling and grammar fixes for man page
   * Fix potential format-string attacks (no vulnerability Id)
   * Fix potential buffer overflows (no vulnerability Id)
   * Make native format default as in Debian, Red Hat, and SUSE since
     openpgp format handling is seriously broken.
   * Fix ARM build [unclear if this is necessary for non-Linux systems]
   * Correct include file for OSX

   To generate a diff of this commit:
   cvs rdiff -u -r1.26 -r1.27 pkgsrc/security/mcrypt/Makefile
   cvs rdiff -u -r1.8 -r1.9 pkgsrc/security/mcrypt/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/security/mcrypt/patches/patch-doc_mcrypt.1 \
       pkgsrc/security/mcrypt/patches/patch-src_errors.c \
       pkgsrc/security/mcrypt/patches/patch-src_extra.c \
       pkgsrc/security/mcrypt/patches/patch-src_gaaout.c \
       pkgsrc/security/mcrypt/patches/patch-src_mcrypt.c \
       pkgsrc/security/mcrypt/patches/patch-src_mcrypt.gaa \
       pkgsrc/security/mcrypt/patches/patch-src_mcrypt__int.h \
       pkgsrc/security/mcrypt/patches/patch-src_rfc2440.c


To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.26.28.1 pkgsrc/security/mcrypt/Makefile
cvs rdiff -u -r1.8 -r1.8.22.1 pkgsrc/security/mcrypt/distinfo
cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/security/mcrypt/patches/patch-doc_mcrypt.1 \
    pkgsrc/security/mcrypt/patches/patch-src_errors.c \
    pkgsrc/security/mcrypt/patches/patch-src_extra.c \
    pkgsrc/security/mcrypt/patches/patch-src_gaaout.c \
    pkgsrc/security/mcrypt/patches/patch-src_mcrypt.c \
    pkgsrc/security/mcrypt/patches/patch-src_mcrypt.gaa \
    pkgsrc/security/mcrypt/patches/patch-src_mcrypt__int.h \
    pkgsrc/security/mcrypt/patches/patch-src_rfc2440.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/mcrypt/Makefile
diff -u pkgsrc/security/mcrypt/Makefile:1.26 pkgsrc/security/mcrypt/Makefile:1.26.28.1
--- pkgsrc/security/mcrypt/Makefile:1.26        Thu Mar  5 22:47:54 2015
+++ pkgsrc/security/mcrypt/Makefile     Sun Jun 17 11:40:03 2018
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.26 2015/03/05 22:47:54 tnn Exp $
+# $NetBSD: Makefile,v 1.26.28.1 2018/06/17 11:40:03 spz Exp $
 
 DISTNAME=      mcrypt-2.6.8
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    security devel
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=mcrypt/}
 

Index: pkgsrc/security/mcrypt/distinfo
diff -u pkgsrc/security/mcrypt/distinfo:1.8 pkgsrc/security/mcrypt/distinfo:1.8.22.1
--- pkgsrc/security/mcrypt/distinfo:1.8 Wed Nov  4 01:17:50 2015
+++ pkgsrc/security/mcrypt/distinfo     Sun Jun 17 11:40:03 2018
@@ -1,6 +1,14 @@
-$NetBSD: distinfo,v 1.8 2015/11/04 01:17:50 agc Exp $
+$NetBSD: distinfo,v 1.8.22.1 2018/06/17 11:40:03 spz Exp $
 
 SHA1 (mcrypt-2.6.8.tar.gz) = 8ae0e866714fbbb96a0a6fa9f099089dc93f1d86
 RMD160 (mcrypt-2.6.8.tar.gz) = 5115c679ee5d34b9fb9e976c12240c48370df514
 SHA512 (mcrypt-2.6.8.tar.gz) = eae5f831e950df69eb93efc8314100b4b5dc8a535b1d00f500e6b25382efcec321346776a92dadf101b878ef46a47de2e9e81f5ddf5c73563ece4741f169c8d1
 Size (mcrypt-2.6.8.tar.gz) = 471915 bytes
+SHA1 (patch-doc_mcrypt.1) = 93ccc6b07b09535e09d65e2862571b1c592fc141
+SHA1 (patch-src_errors.c) = b8467130c6cc7f3a650d8a737e1b5a75c8db5e9e
+SHA1 (patch-src_extra.c) = f265989f7e8ad7ec6fd8afece3b8a785f49d13ae
+SHA1 (patch-src_gaaout.c) = 73001f8b98dc87354f7550e2080ac7ab3a59ceb6
+SHA1 (patch-src_mcrypt.c) = c1c99aa4dcf5912e43ab831f0ee32611ea029400
+SHA1 (patch-src_mcrypt.gaa) = 1fefccbf336a99bcb83dd05739c53a40b1f0a9ce
+SHA1 (patch-src_mcrypt__int.h) = 94caaff9bb0d48c6c6406e3f8965db82e7f93408
+SHA1 (patch-src_rfc2440.c) = 4c7b885bfa9e451f3082e3338eadcaedbbb9d6cc

Added files:

Index: pkgsrc/security/mcrypt/patches/patch-doc_mcrypt.1
diff -u /dev/null pkgsrc/security/mcrypt/patches/patch-doc_mcrypt.1:1.1.2.2
--- /dev/null   Sun Jun 17 11:40:03 2018
+++ pkgsrc/security/mcrypt/patches/patch-doc_mcrypt.1   Sun Jun 17 11:40:03 2018
@@ -0,0 +1,70 @@
+$NetBSD: patch-doc_mcrypt.1,v 1.1.2.2 2018/06/17 11:40:03 spz Exp $
+
+* Spelling and grammar fixes. 
+
+  From: Red Hat, SUSE
+
+--- doc/mcrypt.1.orig  2003-09-08 17:25:41.000000000 +0000
++++ doc/mcrypt.1
+@@ -81,7 +81,7 @@ two blocks in CBC and CFB modes, but onl
+ Mcrypt uses a 32 bit CRC to check for errors in the encrypted files.
+ .PP
+ .B Extra security:
+-For the very paranoid, if mcrypt is executed with superuser priviledges it
++For the very paranoid, if mcrypt is executed with superuser privileges it
+ ensures that no important data (keys etc.) are written to disk, as swap etc.
+ Keep in mind that mcrypt was not designed to be a setuid program, so you
+ shouldn't make it one.
+@@ -165,11 +165,11 @@ license and quit.
+ .TP
+ .B \-o --keymode MODE
+ MODE may be one of the keymodes listed by the --list-keymodes parameter.
+-It actually is the convertion to the key before it is fed to the algorithm.
++It actually is the conversion to the key before it is fed to the algorithm.
+ It is recommended to leave it as is, if you do not know what it is.
+ However if you still want to use this option, you might want to
+ use the 'hex' mode which allows you to specify the key in hex
+-(and no convertion will by applied).
++(and no conversion will be applied).
+ .TP
+ .B \-h --hash HASH_ALGORITHM
+ HASH_ALGORITHM may be one of the algorithms listed by the --list-hash parameter.
+@@ -194,10 +194,10 @@ The security lies on the algorithm not o
+ default. This flag must also be specified when decrypting a bare encrypted 
+ file. 
+ When the bare flag is specified decryption and encryption are faster. This
+-may be usefull when using mcrypt to encrypt a link or something like that.
++may be useful when using mcrypt to encrypt a link or something like that.
+ .TP
+ .B --flush
+-Flushes the output (ciphertext or plaintext) immediately. Usefull if mcrypt
++Flushes the output (ciphertext or plaintext) immediately. Useful if mcrypt
+ is used with pipes.
+ .TP
+ .B --time
+@@ -205,7 +205,7 @@ Prints some timing information (encrypti
+ .TP
+ .B --nodelete
+ When this option is specified mcrypt does not delete the output file, even
+-if decryption failed. This is usefull if you want to decrypt a corrupted
++if decryption failed. This is useful if you want to decrypt a corrupted
+ file.
+ .TP
+ .B \-q --quiet
+@@ -217,13 +217,13 @@ succeeds. This is not the default in ord
+ to remove sensitive data.
+ .TP
+ .B \ --list
+-Lists all the algorithms current supported.
++Lists all the algorithms currently supported.
+ .TP
+ .B \ --list-keymodes
+-Lists all the key modes current supported.
++Lists all the key modes currently supported.
+ .TP
+ .B \ --list-hash
+-Lists all the hash algorithms current supported.
++Lists all the hash algorithms currently supported.
+ .TP
+ .B \-r --random
+ Use /dev/(s)random instead of /dev/urandom. This may need some key input
Index: pkgsrc/security/mcrypt/patches/patch-src_errors.c
diff -u /dev/null pkgsrc/security/mcrypt/patches/patch-src_errors.c:1.1.2.2
--- /dev/null   Sun Jun 17 11:40:03 2018
+++ pkgsrc/security/mcrypt/patches/patch-src_errors.c   Sun Jun 17 11:40:03 2018
@@ -0,0 +1,38 @@
+$NetBSD: patch-src_errors.c,v 1.1.2.2 2018/06/17 11:40:03 spz Exp $
+
+* Fix potential format-string attacks via filename arguments and
+  possibly others. (No vulnerability Id)
+       
+  From: Debian, Red Hat, SUSE
+
+--- src/errors.c.orig  2007-11-07 17:10:19.000000000 +0000
++++ src/errors.c
+@@ -24,24 +24,24 @@ extern int quiet;
+ 
+ void err_quit(char *errmsg)
+ {
+-      fprintf(stderr, errmsg);
++      fprintf(stderr, "%s", errmsg);
+       exit(-1);
+ }
+ 
+ void err_warn(char *errmsg)
+ {
+       if (quiet <= 1)
+-              fprintf(stderr, errmsg);
++              fprintf(stderr, "%s", errmsg);
+ }
+ 
+ void err_info(char *errmsg)
+ {
+       if (quiet == 0)
+-              fprintf(stderr, errmsg);
++              fprintf(stderr, "%s", errmsg);
+ }
+ 
+ void err_crit(char *errmsg)
+ {
+       if (quiet <= 2)
+-              fprintf(stderr, errmsg);
++              fprintf(stderr, "%s", errmsg);
+ }
Index: pkgsrc/security/mcrypt/patches/patch-src_extra.c
diff -u /dev/null pkgsrc/security/mcrypt/patches/patch-src_extra.c:1.1.2.2
--- /dev/null   Sun Jun 17 11:40:03 2018
+++ pkgsrc/security/mcrypt/patches/patch-src_extra.c    Sun Jun 17 11:40:03 2018
@@ -0,0 +1,51 @@
+$NetBSD: patch-src_extra.c,v 1.1.2.2 2018/06/17 11:40:03 spz Exp $
+
+* Fix buffer overflow when decrypting a file with a too long salt.
+  (CVE-2012-4409)
+* Fix other potential buffer overflows in check_file_head.
+  (No vulnerability Id)
+
+  From: Debian, Red Hat, SUSE
+
+--- src/extra.c.orig   2007-11-07 17:10:20.000000000 +0000
++++ src/extra.c
+@@ -223,7 +223,8 @@ int check_file_head(FILE * fstream, char
+               }
+ 
+               read_until_null(tmp_buf, fstream);
+-              strcpy(algorithm, tmp_buf);
++              strncpy(algorithm, tmp_buf, 50);
++              algorithm[49] = '\0';
+ 
+               fread(&keylen, sizeof(short int), 1, fstream);
+ #ifdef WORDS_BIGENDIAN
+@@ -233,15 +234,19 @@ int check_file_head(FILE * fstream, char
+ #endif
+ 
+               read_until_null(tmp_buf, fstream);
+-              strcpy(mode, tmp_buf);
++              strncpy(mode, tmp_buf, 50);
++              mode[49] = '\0';
+ 
+               read_until_null(tmp_buf, fstream);
+-              strcpy(keymode, tmp_buf);
++              strncpy(keymode, tmp_buf, 50);
++              keymode[49] = '\0';
+               fread(&sflag, 1, 1, fstream);
+               if (m_getbit(6, flags) == 1) { /* if the salt bit is set */
+                       if (m_getbit(0, sflag) != 0) { /* if the first bit is set */
+                               *salt_size = m_setbit(0, sflag, 0);
+                               if (*salt_size > 0) {
++                                      if (*salt_size > sizeof(tmp_buf))
++                                              err_quit(_("Salt is too long\n"));
+                                       fread(tmp_buf, 1, *salt_size,
+                                             fstream);
+                                       memmove(salt, tmp_buf, *salt_size);
+@@ -503,6 +508,7 @@ char **read_key_file(char *file, int *nu
+       }
+ 
+       *num = x;
++      fclose(FROMF);
+ 
+       return keys;
+ 
Index: pkgsrc/security/mcrypt/patches/patch-src_gaaout.c
diff -u /dev/null pkgsrc/security/mcrypt/patches/patch-src_gaaout.c:1.1.2.2
--- /dev/null   Sun Jun 17 11:40:03 2018
+++ pkgsrc/security/mcrypt/patches/patch-src_gaaout.c   Sun Jun 17 11:40:03 2018
@@ -0,0 +1,36 @@
+$NetBSD: patch-src_gaaout.c,v 1.1.2.2 2018/06/17 11:40:03 spz Exp $
+
+* Fix ARM build [XXX needed?]
+* Make native format default like in Debian, Red Hat, and SUSE since
+  openpgp format handling is seriously broken.
+
+From: Debian, Red Hat, SUSE
+
+--- src/gaaout.c.orig  2007-06-09 08:39:14.000000000 +0000
++++ src/gaaout.c
+@@ -5,6 +5,7 @@
+ 
+ 
+ #include <defines.h>
++#include "mcrypt_int.h"
+ 
+ #include <stdio.h>
+ #include <string.h>
+@@ -123,7 +124,7 @@ void gaa_help(void)
+ {
+       printf(_("Mcrypt encrypts and decrypts files with symmetric encryption algorithms.\nUsage: mcrypt [-dFusgbhLvrzp] [-f keyfile] [-k key1 key2 ...] [-m mode] [-o keymode] [-s keysize] [-a 
algorithm] [-c config_file] [file ...]\n\n"));
+       __gaa_helpsingle('g', "openpgp", "", _("Use the OpenPGP (RFC2440) file format."));
+-      __gaa_helpsingle(0, "no-openpgp", "", _("Use the native (mcrypt) file format."));
++      __gaa_helpsingle(0, "no-openpgp", "", _("Use the native (mcrypt) file format. (DEFAULT)"));
+       __gaa_helpsingle(0, "openpgp-z", _("INTEGER "), _("Sets the compression level for openpgp packets (0 disables)."));
+       __gaa_helpsingle('d', "decrypt", "", _("decrypts."));
+       __gaa_helpsingle('s', "keysize", _("INTEGER "), _("Set the algorithm's key size (in bytes)."));
+@@ -1036,7 +1037,7 @@ int gaa(int argc, char **argv, gaainfo *
+        gaaval->config_file=NULL; gaaval->mode=NULL; gaaval->input=NULL; gaaval->ed_specified=0;
+        gaaval->double_check=0; gaaval->noecho=1; gaaval->flush=0; gaaval->keysize=0;
+        gaaval->algorithms_directory=NULL; gaaval->modes_directory=NULL; gaaval->nodelete=0;
+-       gaaval->hash=NULL; gaaval->timer=0; gaaval->openpgp=1; gaaval->openpgp_z = 0; ;};
++       gaaval->hash=NULL; gaaval->timer=0; gaaval->openpgp=0; gaaval->openpgp_z = 0; ;};
+ 
+     }
+     inited = 1;
Index: pkgsrc/security/mcrypt/patches/patch-src_mcrypt.c
diff -u /dev/null pkgsrc/security/mcrypt/patches/patch-src_mcrypt.c:1.1.2.2
--- /dev/null   Sun Jun 17 11:40:03 2018
+++ pkgsrc/security/mcrypt/patches/patch-src_mcrypt.c   Sun Jun 17 11:40:03 2018
@@ -0,0 +1,57 @@
+$NetBSD: patch-src_mcrypt.c,v 1.1.2.2 2018/06/17 11:40:03 spz Exp $
+
+* Fix potential long filename buffer overlow (CVE-2012-4527)
+
+From: Debian, Red Hat, SUSE
+
+--- src/mcrypt.c.orig  2007-11-07 17:10:21.000000000 +0000
++++ src/mcrypt.c
+@@ -46,3 +46,3 @@ static char rcsid[] =
+ 
+-char tmperr[128];
++char tmperr[PATH_MAX + 128];
+ unsigned int stream_flag = FALSE;
+@@ -484,3 +484,3 @@ int main(int argc, char **argv)
+        if (is_normal_file(file[i]) == FALSE) {
+-          sprintf(tmperr,
++          snprintf(tmperr, sizeof(tmperr),
+                   _
+@@ -503,3 +503,3 @@ int main(int argc, char **argv)
+            && (stream_flag == TRUE) && (force == 0)) {        /* not a tty */
+-          sprintf(tmperr,
++          snprintf(tmperr, sizeof(tmperr),
+                   _
+@@ -522,3 +522,3 @@ int main(int argc, char **argv)
+            && (stream_flag == TRUE) && (force == 0)) {        /* not a tty */
+-          sprintf(tmperr,
++          snprintf(tmperr, sizeof(tmperr),
+                   _
+@@ -546,3 +546,3 @@ int main(int argc, char **argv)
+           if (strstr(outfile, ".nc") != NULL) {
+-             sprintf(tmperr,
++             snprintf(tmperr, sizeof(tmperr),
+                      _
+@@ -592,3 +592,5 @@ int main(int argc, char **argv)
+           if (stream_flag == FALSE) {
+-             sprintf(tmperr, _("File %s was decrypted.\n"), dinfile);
++             snprintf(tmperr, sizeof(tmperr),
++                      _
++                      ("File %s was decrypted.\n"), dinfile);
+              err_warn(tmperr);
+@@ -612,3 +614,3 @@ int main(int argc, char **argv)
+           if (stream_flag == FALSE) {
+-             sprintf(tmperr,
++             snprintf(tmperr, sizeof(tmperr),
+                      _
+@@ -638,3 +640,5 @@ int main(int argc, char **argv)
+           if (stream_flag == FALSE) {
+-             sprintf(tmperr, _("File %s was encrypted.\n"), einfile);
++             snprintf(tmperr, sizeof(tmperr),
++                      _
++                      ("File %s was encrypted.\n"), einfile);
+              err_warn(tmperr);
+@@ -657,3 +661,3 @@ int main(int argc, char **argv)
+           if (stream_flag == FALSE) {
+-             sprintf(tmperr,
++             snprintf(tmperr, sizeof(tmperr),
+                      _
Index: pkgsrc/security/mcrypt/patches/patch-src_mcrypt.gaa
diff -u /dev/null pkgsrc/security/mcrypt/patches/patch-src_mcrypt.gaa:1.1.2.2
--- /dev/null   Sun Jun 17 11:40:03 2018
+++ pkgsrc/security/mcrypt/patches/patch-src_mcrypt.gaa Sun Jun 17 11:40:03 2018
@@ -0,0 +1,27 @@
+$NetBSD: patch-src_mcrypt.gaa,v 1.1.2.2 2018/06/17 11:40:03 spz Exp $
+
+* Make native format default like in Debian, Red Hat, and SUSE since
+  openpgp format handling is seriously broken.
+
+From: Debian, Red Hat, SUSE
+
+--- src/mcrypt.gaa.orig        2007-06-09 08:38:38.000000000 +0000
++++ src/mcrypt.gaa
+@@ -12,7 +12,7 @@ helpnode "Mcrypt encrypts and decrypts f
+ 
+ #int openpgp;
+ option (g, openpgp) { $openpgp = 1 } "Use the OpenPGP (RFC2440) file format."
+-option (no-openpgp) { $openpgp = 0 } "Use the native (mcrypt) file format."
++option (no-openpgp) { $openpgp = 0 } "Use the native (mcrypt) file format. (DEFAULT)"
+ 
+ #int openpgp_z;
+ option (openpgp-z) INT "INTEGER" { $openpgp_z = $1 } "Sets the compression level for openpgp packets (0 disables)."
+@@ -119,7 +119,7 @@ init { $force=0; $quiet=1; $real_random_
+        $config_file=NULL; $mode=NULL; $input=NULL; $ed_specified=0;
+        $double_check=0; $noecho=1; $flush=0; $keysize=0;
+        $algorithms_directory=NULL; $modes_directory=NULL; $nodelete=0;
+-       $hash=NULL; $timer=0; $openpgp=1; $openpgp_z = 0; }
++       $hash=NULL; $timer=0; $openpgp=0; $openpgp_z = 0; }
+ 
+ INCOMP kf
+ INCOMP Vq
Index: pkgsrc/security/mcrypt/patches/patch-src_mcrypt__int.h
diff -u /dev/null pkgsrc/security/mcrypt/patches/patch-src_mcrypt__int.h:1.1.2.2
--- /dev/null   Sun Jun 17 11:40:03 2018
+++ pkgsrc/security/mcrypt/patches/patch-src_mcrypt__int.h      Sun Jun 17 11:40:03 2018
@@ -0,0 +1,17 @@
+$NetBSD: patch-src_mcrypt__int.h,v 1.1.2.2 2018/06/17 11:40:03 spz Exp $
+
+* Fix ARM build [XXX needed?]
+
+From: Red Hat, SUSE
+
+--- src/mcrypt_int.h.orig      2003-09-08 17:25:50.000000000 +0000
++++ src/mcrypt_int.h
+@@ -15,3 +15,8 @@ void rol_buf(void * buffer, int buffersi
+ void mcrypt_version();
+ void mcrypt_license();
+ void usage(void);
++
++int print_list(void);
++int print_hashlist(void);
++int print_keylist(void);
++
Index: pkgsrc/security/mcrypt/patches/patch-src_rfc2440.c
diff -u /dev/null pkgsrc/security/mcrypt/patches/patch-src_rfc2440.c:1.1.2.2
--- /dev/null   Sun Jun 17 11:40:03 2018
+++ pkgsrc/security/mcrypt/patches/patch-src_rfc2440.c  Sun Jun 17 11:40:03 2018
@@ -0,0 +1,30 @@
+$NetBSD: patch-src_rfc2440.c,v 1.1.2.2 2018/06/17 11:40:03 spz Exp $
+
+* Correct include file for OSX
+* Minor consistency change (previously len was uninitialized)
+
+From: Brew, Red Hat, SUSE
+
+--- src/rfc2440.c.orig 2008-11-16 19:50:01.000000000 +0000
++++ src/rfc2440.c
+@@ -23,7 +23,11 @@
+ #include <zlib.h>
+ #endif
+ #include <stdio.h>
++#ifdef __APPLE__
++#include <malloc/malloc.h>
++#else
+ #include <malloc.h>
++#endif
+ 
+ #include "xmalloc.h"
+ #include "keys.h"
+@@ -409,7 +413,7 @@ length_decode(const uchar *buf, int pos,
+         len += (buf[pos+1] + 192);
+     }
+     else if (buf[pos] == 255) {
+-        len += (buf[pos+1] << 24);
++        len = (buf[pos+1] << 24);
+         len += (buf[pos+2] << 16);
+         len += (buf[pos+3] << 8);
+         len += buf[pos+4];



Home | Main Index | Thread Index | Old Index