diff options
| author | drochner <drochner@pkgsrc.org> | 2011-07-29 10:27:29 +0000 |
|---|---|---|
| committer | drochner <drochner@pkgsrc.org> | 2011-07-29 10:27:29 +0000 |
| commit | 58380a6a41afdf8369ff0e46c9774d007bcba216 (patch) | |
| tree | 8519783044a854eeb38aca80ffdb47f40d7c9620 /net/libsoup24 | |
| parent | 0c502e57cdd5a0f48ac8d31a3dfb769bb8cd748e (diff) | |
| download | pkgsrc-58380a6a41afdf8369ff0e46c9774d007bcba216.tar.gz | |
add patch from upstream to fix a directory traversal problem which
could allow information disclosure by servers (CVE-2011-2524, does not
affect client applications)
Diffstat (limited to 'net/libsoup24')
| -rw-r--r-- | net/libsoup24/Makefile | 3 | ||||
| -rw-r--r-- | net/libsoup24/distinfo | 3 | ||||
| -rw-r--r-- | net/libsoup24/patches/patch-aa | 22 |
3 files changed, 26 insertions, 2 deletions
diff --git a/net/libsoup24/Makefile b/net/libsoup24/Makefile index 5b33200ebee..f5142fed807 100644 --- a/net/libsoup24/Makefile +++ b/net/libsoup24/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.32 2011/07/08 18:35:37 drochner Exp $ +# $NetBSD: Makefile,v 1.33 2011/07/29 10:27:29 drochner Exp $ DISTNAME= libsoup-2.34.2 PKGNAME= ${DISTNAME:S/libsoup/libsoup24/} +PKGREVISION= 1 CATEGORIES= net gnome MASTER_SITES= ${MASTER_SITE_GNOME:=sources/libsoup/2.34/} EXTRACT_SUFX= .tar.bz2 diff --git a/net/libsoup24/distinfo b/net/libsoup24/distinfo index bf5685b7fb6..940c7898956 100644 --- a/net/libsoup24/distinfo +++ b/net/libsoup24/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.22 2011/06/10 09:33:53 drochner Exp $ +$NetBSD: distinfo,v 1.23 2011/07/29 10:27:29 drochner Exp $ SHA1 (libsoup-2.34.2.tar.bz2) = 1812b3c78778b37d55ea2904b9763b6dd8266a1c RMD160 (libsoup-2.34.2.tar.bz2) = a3a94ca9dd6a49a3ee15efda6cf8e4ba96a66338 Size (libsoup-2.34.2.tar.bz2) = 683331 bytes +SHA1 (patch-aa) = 02d26d3f70954f1bb2d2014aab84a58d5ce14469 diff --git a/net/libsoup24/patches/patch-aa b/net/libsoup24/patches/patch-aa new file mode 100644 index 00000000000..7fbd7230647 --- /dev/null +++ b/net/libsoup24/patches/patch-aa @@ -0,0 +1,22 @@ +$NetBSD: patch-aa,v 1.3 2011/07/29 10:27:29 drochner Exp $ + +CVE-2011-2524 + +--- libsoup/soup-server.c.orig 2011-04-07 13:29:03.000000000 +0000 ++++ libsoup/soup-server.c +@@ -779,6 +779,15 @@ got_headers (SoupMessage *req, SoupClien + + uri = soup_message_get_uri (req); + decoded_path = soup_uri_decode (uri->path); ++ ++ if (strstr (decoded_path, "/../") || ++ g_str_has_suffix (decoded_path, "/..")) { ++ /* Introducing new ".." segments is not allowed */ ++ g_free (decoded_path); ++ soup_message_set_status (req, SOUP_STATUS_BAD_REQUEST); ++ return; ++ } ++ + soup_uri_set_path (uri, decoded_path); + g_free (decoded_path); + } |