Pullup ticket 311 - requested by Lubomir Sedlacik

security fix for curl

Apply a manual patch that fixes a buffer overflow in the NTLM
authentication code.  See http://www.securityfocus.com/archive/1/391042
for more information.

4 files changed, 39 insertions, 4 deletions

diff --git a/www/curl/Makefile b/www/curl/Makefile
index 4c32b708869..5f88c549498 100644
--- a/www/curl/Makefile
+++ b/www/curl/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.45 2004/11/09 09:18:37 adam Exp $
+# $NetBSD: Makefile,v 1.45.2.1 2005/02/26 07:25:30 snj Exp $
 
 DISTNAME=	curl-7.12.2
+PKGREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	http://curl.haxx.se/download/ \
 		ftp://ftp.sunet.se/pub/www/utilities/curl/ \
diff --git a/www/curl/buildlink3.mk b/www/curl/buildlink3.mk
index 62c1dd7446d..3f596eeed09 100644
--- a/www/curl/buildlink3.mk
+++ b/www/curl/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.5 2004/10/03 00:18:25 tv Exp $
+# $NetBSD: buildlink3.mk,v 1.5.2.1 2005/02/26 07:25:30 snj Exp $
 
 BUILDLINK_DEPTH:=	${BUILDLINK_DEPTH}+
 CURL_BUILDLINK3_MK:=	${CURL_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+=	curl
 
 .if !empty(CURL_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.curl+=	curl>=7.9.1
-BUILDLINK_RECOMMENDED.curl?=	curl>=7.12.1nb1
+BUILDLINK_RECOMMENDED.curl?=	curl>=7.12.2nb1
 BUILDLINK_PKGSRCDIR.curl?=	../../www/curl
 .endif	# CURL_BUILDLINK3_MK
 
diff --git a/www/curl/distinfo b/www/curl/distinfo
index a5622d7d0c2..ec149fc58b1 100644
--- a/www/curl/distinfo
+++ b/www/curl/distinfo
@@ -1,4 +1,5 @@
-$NetBSD: distinfo,v 1.28 2004/11/09 09:18:37 adam Exp $
+$NetBSD: distinfo,v 1.28.2.1 2005/02/26 07:25:30 snj Exp $
 
 SHA1 (curl-7.12.2.tar.bz2) = 0823103ada811175dfbfbea07ec57ff6d5a9745a
 Size (curl-7.12.2.tar.bz2) = 1246427 bytes
+SHA1 (patch-aa) = 0152fac7590f448aae5b9a335a19b988e5732c55
diff --git a/www/curl/patches/patch-aa b/www/curl/patches/patch-aa
new file mode 100644
index 00000000000..f07e80ddf74
--- /dev/null
+++ b/www/curl/patches/patch-aa
@@ -0,0 +1,33 @@
+$NetBSD: patch-aa,v 1.7.10.1 2005/02/26 07:25:30 snj Exp $
+--- lib/http_ntlm.c.orig	2004-07-29 15:09:58.000000000 +0200
++++ lib/http_ntlm.c	2005-02-25 02:02:10.000000000 +0100
+@@ -103,7 +103,6 @@
+     header++;
+ 
+   if(checkprefix("NTLM", header)) {
+-    unsigned char buffer[256];
+     header += strlen("NTLM");
+ 
+     while(*header && isspace((int)*header))
+@@ -123,8 +122,12 @@
+          (40)    Target Information  (optional) security buffer(*)
+          32 (48) start of data block
+       */
++      size_t size;
++      unsigned char *buffer = (unsigned char *)malloc(strlen(header));
++      if (buffer == NULL)
++        return CURLNTLM_BAD;
+ 
+-      size_t size = Curl_base64_decode(header, (char *)buffer);
++      size = Curl_base64_decode(header, (char *)buffer);
+ 
+       ntlm->state = NTLMSTATE_TYPE2; /* we got a type-2 */
+ 
+@@ -134,6 +137,7 @@
+ 
+       /* at index decimal 20, there's a 32bit NTLM flag field */
+ 
++      free(buffer);
+     }
+     else {
+       if(ntlm->state >= NTLMSTATE_TYPE1)