summaryrefslogtreecommitdiff
path: root/www/curl
diff options
context:
space:
mode:
authorsalo <salo@pkgsrc.org>2005-02-25 00:47:30 +0000
committersalo <salo@pkgsrc.org>2005-02-25 00:47:30 +0000
commitc78c7ec44ab5484f348e6eb73db232932df1a3d8 (patch)
treed2d304da4a0a1993d6dd61a0f257e938f8a69266 /www/curl
parent51f6c66aada0b0a8513c1a22495043cefcbc426d (diff)
downloadpkgsrc-c78c7ec44ab5484f348e6eb73db232932df1a3d8.tar.gz
Fix buffer overflow in the NTLM authentication code. Patch from curl cvs.
Bump PKGREVISION.
Diffstat (limited to 'www/curl')
-rw-r--r--www/curl/Makefile3
-rw-r--r--www/curl/buildlink3.mk4
-rw-r--r--www/curl/distinfo3
-rw-r--r--www/curl/patches/patch-aa34
4 files changed, 40 insertions, 4 deletions
diff --git a/www/curl/Makefile b/www/curl/Makefile
index e4abe0fdc29..37d0ee9e2c1 100644
--- a/www/curl/Makefile
+++ b/www/curl/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.48 2005/02/18 18:05:08 wiz Exp $
+# $NetBSD: Makefile,v 1.49 2005/02/25 00:47:30 salo Exp $
DISTNAME= curl-7.13.0
+PKGREVISION= 1
CATEGORIES= www
MASTER_SITES= http://curl.haxx.se/download/ \
ftp://ftp.sunet.se/pub/www/utilities/curl/ \
diff --git a/www/curl/buildlink3.mk b/www/curl/buildlink3.mk
index 5590c7c35e5..e93a348c1a8 100644
--- a/www/curl/buildlink3.mk
+++ b/www/curl/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.6 2005/01/03 15:58:52 wiz Exp $
+# $NetBSD: buildlink3.mk,v 1.7 2005/02/25 00:47:30 salo Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
CURL_BUILDLINK3_MK:= ${CURL_BUILDLINK3_MK}+
@@ -11,7 +11,7 @@ BUILDLINK_PACKAGES:= ${BUILDLINK_PACKAGES:Ncurl}
BUILDLINK_PACKAGES+= curl
.if !empty(CURL_BUILDLINK3_MK:M+)
-BUILDLINK_DEPENDS.curl+= curl>=7.12.3
+BUILDLINK_DEPENDS.curl+= curl>=7.13.0nb1
BUILDLINK_PKGSRCDIR.curl?= ../../www/curl
.endif # CURL_BUILDLINK3_MK
diff --git a/www/curl/distinfo b/www/curl/distinfo
index cf167cd72a2..ad696b5f39c 100644
--- a/www/curl/distinfo
+++ b/www/curl/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.32 2005/02/24 14:08:30 wiz Exp $
+$NetBSD: distinfo,v 1.33 2005/02/25 00:47:30 salo Exp $
SHA1 (curl-7.13.0.tar.bz2) = 63530e49c7c55b0cb47372d87b4d2eff40d28e43
RMD160 (curl-7.13.0.tar.bz2) = e543ebdae0f703d34f287ff7e9a8ee62ddf40d7b
Size (curl-7.13.0.tar.bz2) = 1853790 bytes
+SHA1 (patch-aa) = 77f05820c243eb58c4091f89e6aaf44886d6d497
diff --git a/www/curl/patches/patch-aa b/www/curl/patches/patch-aa
new file mode 100644
index 00000000000..dcb483915fb
--- /dev/null
+++ b/www/curl/patches/patch-aa
@@ -0,0 +1,34 @@
+$NetBSD: patch-aa,v 1.8 2005/02/25 00:47:30 salo Exp $
+
+--- lib/http_ntlm.c.orig 2004-12-08 00:09:41.000000000 +0100
++++ lib/http_ntlm.c 2005-02-25 01:09:30.000000000 +0100
+@@ -103,7 +103,6 @@
+ header++;
+
+ if(checkprefix("NTLM", header)) {
+- unsigned char buffer[256];
+ header += strlen("NTLM");
+
+ while(*header && isspace((int)*header))
+@@ -123,8 +122,12 @@
+ (40) Target Information (optional) security buffer(*)
+ 32 (48) start of data block
+ */
++ size_t size;
++ unsigned char *buffer = (unsigned char *)malloc(strlen(header));
++ if (buffer == NULL)
++ return CURLNTLM_BAD;
+
+- size_t size = Curl_base64_decode(header, (char *)buffer);
++ size = Curl_base64_decode(header, (char *)buffer);
+
+ ntlm->state = NTLMSTATE_TYPE2; /* we got a type-2 */
+
+@@ -134,6 +137,7 @@
+
+ /* at index decimal 20, there's a 32bit NTLM flag field */
+
++ free(buffer);
+ }
+ else {
+ if(ntlm->state >= NTLMSTATE_TYPE1)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-05 20:04:33 +0000