diff options
author | snj <snj@pkgsrc.org> | 2005-02-26 07:25:30 +0000 |
---|---|---|
committer | snj <snj@pkgsrc.org> | 2005-02-26 07:25:30 +0000 |
commit | 4750acf03d6365cabcf986944c7015dc7d80db6c (patch) | |
tree | de9e6679ecf29ea4b360149db9f675f66c260b2b | |
parent | d7bda8a1902aa31955e71d31bb9a5c8a7497778c (diff) | |
download | pkgsrc-4750acf03d6365cabcf986944c7015dc7d80db6c.tar.gz |
Pullup ticket 311 - requested by Lubomir Sedlacik
security fix for curl
Apply a manual patch that fixes a buffer overflow in the NTLM
authentication code. See http://www.securityfocus.com/archive/1/391042
for more information.
-rw-r--r-- | www/curl/Makefile | 3 | ||||
-rw-r--r-- | www/curl/buildlink3.mk | 4 | ||||
-rw-r--r-- | www/curl/distinfo | 3 | ||||
-rw-r--r-- | www/curl/patches/patch-aa | 33 |
4 files changed, 39 insertions, 4 deletions
diff --git a/www/curl/Makefile b/www/curl/Makefile index 4c32b708869..5f88c549498 100644 --- a/www/curl/Makefile +++ b/www/curl/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.45 2004/11/09 09:18:37 adam Exp $ +# $NetBSD: Makefile,v 1.45.2.1 2005/02/26 07:25:30 snj Exp $ DISTNAME= curl-7.12.2 +PKGREVISION= 1 CATEGORIES= www MASTER_SITES= http://curl.haxx.se/download/ \ ftp://ftp.sunet.se/pub/www/utilities/curl/ \ diff --git a/www/curl/buildlink3.mk b/www/curl/buildlink3.mk index 62c1dd7446d..3f596eeed09 100644 --- a/www/curl/buildlink3.mk +++ b/www/curl/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.5 2004/10/03 00:18:25 tv Exp $ +# $NetBSD: buildlink3.mk,v 1.5.2.1 2005/02/26 07:25:30 snj Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ CURL_BUILDLINK3_MK:= ${CURL_BUILDLINK3_MK}+ @@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+= curl .if !empty(CURL_BUILDLINK3_MK:M+) BUILDLINK_DEPENDS.curl+= curl>=7.9.1 -BUILDLINK_RECOMMENDED.curl?= curl>=7.12.1nb1 +BUILDLINK_RECOMMENDED.curl?= curl>=7.12.2nb1 BUILDLINK_PKGSRCDIR.curl?= ../../www/curl .endif # CURL_BUILDLINK3_MK diff --git a/www/curl/distinfo b/www/curl/distinfo index a5622d7d0c2..ec149fc58b1 100644 --- a/www/curl/distinfo +++ b/www/curl/distinfo @@ -1,4 +1,5 @@ -$NetBSD: distinfo,v 1.28 2004/11/09 09:18:37 adam Exp $ +$NetBSD: distinfo,v 1.28.2.1 2005/02/26 07:25:30 snj Exp $ SHA1 (curl-7.12.2.tar.bz2) = 0823103ada811175dfbfbea07ec57ff6d5a9745a Size (curl-7.12.2.tar.bz2) = 1246427 bytes +SHA1 (patch-aa) = 0152fac7590f448aae5b9a335a19b988e5732c55 diff --git a/www/curl/patches/patch-aa b/www/curl/patches/patch-aa new file mode 100644 index 00000000000..f07e80ddf74 --- /dev/null +++ b/www/curl/patches/patch-aa @@ -0,0 +1,33 @@ +$NetBSD: patch-aa,v 1.7.10.1 2005/02/26 07:25:30 snj Exp $ +--- lib/http_ntlm.c.orig 2004-07-29 15:09:58.000000000 +0200 ++++ lib/http_ntlm.c 2005-02-25 02:02:10.000000000 +0100 +@@ -103,7 +103,6 @@ + header++; + + if(checkprefix("NTLM", header)) { +- unsigned char buffer[256]; + header += strlen("NTLM"); + + while(*header && isspace((int)*header)) +@@ -123,8 +122,12 @@ + (40) Target Information (optional) security buffer(*) + 32 (48) start of data block + */ ++ size_t size; ++ unsigned char *buffer = (unsigned char *)malloc(strlen(header)); ++ if (buffer == NULL) ++ return CURLNTLM_BAD; + +- size_t size = Curl_base64_decode(header, (char *)buffer); ++ size = Curl_base64_decode(header, (char *)buffer); + + ntlm->state = NTLMSTATE_TYPE2; /* we got a type-2 */ + +@@ -134,6 +137,7 @@ + + /* at index decimal 20, there's a 32bit NTLM flag field */ + ++ free(buffer); + } + else { + if(ntlm->state >= NTLMSTATE_TYPE1) |