diff options
| author | wiz <wiz@pkgsrc.org> | 2013-02-11 12:20:43 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2013-02-11 12:20:43 +0000 |
| commit | 9454f91f42efdc4641c75e796df48ba54c4c0386 (patch) | |
| tree | c4fb97d3bf96870681112a50d8fd769b6d51e4c0 /www/curl | |
| parent | 77c5b06e8ef362ea17c47eeb9be03ffb8c59c1f8 (diff) | |
| download | pkgsrc-9454f91f42efdc4641c75e796df48ba54c4c0386.tar.gz | |
Update to 7.29.0:
Fixed in 7.29.0 - February 6 2013
Release contains security-related bug fix
(already fixed in pkgsrc)
Changes:
test: offer "automake" output and check for perl better
always-multi: always use non-blocking internals
imap: Added support for sasl digest-md5 authentication
imap: Added support for sasl cram-md5 authentication
imap: Added support for sasl ntlm authentication
imap: Added support for sasl login authentication
imap: Added support for sasl plain text authentication
imap: Added support for login disabled server capability
mk-ca-bundle: add -f, support passing to stdout and more
writeout: -w now supports remote_ip/port and local_ip/port
Bugfixes:
SECURITY ADVISORY: SASL buffer overflow vulnerability
nss: prevent NSS from crashing on client auth hook failure
darwinssl: Fixed inability to disable peer verification on Snow Leopard and Lion
curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE
SCP: relative path didn't work as documented
setup_once.h: HP-UX issue workaround
configure: fix cross pkg-config detection
runtests: Do not add undefined values to @INC
build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag
multi: fix re-sending request on early connection close
HTTP: remove stray CRLF in chunk-encoded content-free request bodies
build: fix AIX compilation and usage of events/revents
VC Makefiles: add missing hostcheck
nss: clear session cache if a client certificate from file is used
nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
fix HTTP CONNECT tunnel establishment upon delayed response
--libcurl: fix for non-zero default options
FTP: reject illegal port numbers in EPSV 229 responses
build: use per-target '_CPPFLAGS' for those currently using default
configure: fix automake 1.13 compatibility
curl: ignore SIGPIPE
pop3: Added support for non-blocking SSL upgrade
pop3: Fixed default authentication detection
imap: Fixed usernames and passwords that contain escape characters
packages/DOS/common.dj: remove COFF debug info generation
imap/pop3/smtp: Fixed failure detection during TLS upgrade
pop3: Fixed no known authentication mechanism when fallback is required
formadd: reject trying to read a directory where a file is expected
formpost: support quotes, commas and semicolon in file names
docs: update the comments about loading CA certs with NSS
docs: fix typos in man pages
darwinssl: Fix bug where packets were sometimes transmitted twice
winbuild: include version info for .dll .exe
schannel: Removed extended error connection setup flag
VMS: fix and generate the VMS build config
Diffstat (limited to 'www/curl')
| -rw-r--r-- | www/curl/Makefile | 5 | ||||
| -rw-r--r-- | www/curl/distinfo | 11 | ||||
| -rw-r--r-- | www/curl/patches/patch-CVE-2013-0249 | 43 | ||||
| -rw-r--r-- | www/curl/patches/patch-aa | 32 |
4 files changed, 27 insertions, 64 deletions
diff --git a/www/curl/Makefile b/www/curl/Makefile index 79a39124d9f..acf71347c8c 100644 --- a/www/curl/Makefile +++ b/www/curl/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.123 2013/02/08 15:45:42 drochner Exp $ +# $NetBSD: Makefile,v 1.124 2013/02/11 12:20:43 wiz Exp $ -DISTNAME= curl-7.28.1 -PKGREVISION= 3 +DISTNAME= curl-7.29.0 CATEGORIES= www MASTER_SITES= http://curl.haxx.se/download/ \ ftp://ftp.sunet.se/pub/www/utilities/curl/ diff --git a/www/curl/distinfo b/www/curl/distinfo index ef03b7ceee4..563971137de 100644 --- a/www/curl/distinfo +++ b/www/curl/distinfo @@ -1,7 +1,6 @@ -$NetBSD: distinfo,v 1.81 2013/02/08 15:45:42 drochner Exp $ +$NetBSD: distinfo,v 1.82 2013/02/11 12:20:43 wiz Exp $ -SHA1 (curl-7.28.1.tar.bz2) = b5aff1afc4e40fcb78db7a5e27214e0035756f3d -RMD160 (curl-7.28.1.tar.bz2) = d4a0cb79756607c3b573970648d639744f15fc65 -Size (curl-7.28.1.tar.bz2) = 2516671 bytes -SHA1 (patch-CVE-2013-0249) = a00098804b17c59905fcd87dc69defc43f2aaf19 -SHA1 (patch-aa) = 66dc62384fa8dcd5a68f0f9af8b3c449a46fd250 +SHA1 (curl-7.29.0.tar.bz2) = 03eddd295d3d50d60a9dd1c130c8e110ff1aa95a +RMD160 (curl-7.29.0.tar.bz2) = 50c2ee716736dc0f1de26e032f525e7511912b95 +Size (curl-7.29.0.tar.bz2) = 2556495 bytes +SHA1 (patch-aa) = 07e12cd0576b87cfed74a6a2bf8dd42cb2f5a570 diff --git a/www/curl/patches/patch-CVE-2013-0249 b/www/curl/patches/patch-CVE-2013-0249 deleted file mode 100644 index 1a5972f2d30..00000000000 --- a/www/curl/patches/patch-CVE-2013-0249 +++ /dev/null @@ -1,43 +0,0 @@ -$NetBSD: patch-CVE-2013-0249,v 1.1 2013/02/08 15:45:42 drochner Exp $ - -see http://curl.haxx.se/docs/adv_20130206.html - ---- lib/curl_sasl.c.orig 2012-08-08 20:45:18.000000000 +0000 -+++ lib/curl_sasl.c -@@ -345,9 +345,7 @@ CURLcode Curl_sasl_create_digest_md5_mes - snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]); - - /* Prepare the URL string */ -- strcpy(uri, service); -- strcat(uri, "/"); -- strcat(uri, realm); -+ snprintf(uri, sizeof(uri), "%s/%s", service, realm); - - /* Calculate H(A2) */ - ctxt = Curl_MD5_init(Curl_DIGEST_MD5); -@@ -391,20 +389,11 @@ CURLcode Curl_sasl_create_digest_md5_mes - for(i = 0; i < MD5_DIGEST_LEN; i++) - snprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]); - -- strcpy(response, "username=\""); -- strcat(response, userp); -- strcat(response, "\",realm=\""); -- strcat(response, realm); -- strcat(response, "\",nonce=\""); -- strcat(response, nonce); -- strcat(response, "\",cnonce=\""); -- strcat(response, cnonce); -- strcat(response, "\",nc="); -- strcat(response, nonceCount); -- strcat(response, ",digest-uri=\""); -- strcat(response, uri); -- strcat(response, "\",response="); -- strcat(response, resp_hash_hex); -+ snprintf(response, sizeof(response), -+ "username=\"%s\",realm=\"%s\",nonce=\"%s\"," -+ "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s", -+ userp, realm, nonce, -+ cnonce, nonceCount, uri, resp_hash_hex); - - /* Base64 encode the reply */ - return Curl_base64_encode(data, response, 0, outptr, outlen); diff --git a/www/curl/patches/patch-aa b/www/curl/patches/patch-aa index c0dedcedcd9..a9978a693d6 100644 --- a/www/curl/patches/patch-aa +++ b/www/curl/patches/patch-aa @@ -1,8 +1,16 @@ -$NetBSD: patch-aa,v 1.20 2012/08/01 12:27:12 drochner Exp $ +$NetBSD: patch-aa,v 1.21 2013/02/11 12:20:44 wiz Exp $ ---- configure.orig 2012-07-27 18:25:28.000000000 +0000 +--- configure.orig 2013-02-06 09:47:26.000000000 +0000 +++ configure -@@ -15707,7 +15707,7 @@ squeeze() { +@@ -3635,6 +3635,7 @@ $as_echo "$as_me: $xc_bad_var_msg librar + ;; + esac + done ++ xc_bad_var_cflags=no + if test $xc_bad_var_cflags = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: using CFLAGS: $CFLAGS" >&5 + $as_echo "$as_me: using CFLAGS: $CFLAGS" >&6;} +@@ -16373,7 +16374,7 @@ squeeze() { # @@ -11,26 +19,26 @@ $NetBSD: patch-aa,v 1.20 2012/08/01 12:27:12 drochner Exp $ # if test "$compiler_id" = "GNU_C" || test "$compiler_id" = "CLANG"; then -@@ -20390,15 +20390,15 @@ $as_echo "#define HAVE_GSSAPI 1" >>confd - LIBS="$LIBS $gss_libs" +@@ -21261,15 +21262,15 @@ $as_echo "#define HAVE_GSSAPI 1" >>confd + LIBS="$gss_libs $LIBS" elif test "$GSSAPI_ROOT" != "yes"; then LDFLAGS="$LDFLAGS -L$GSSAPI_ROOT/lib$libsuff" -- LIBS="$LIBS -lgssapi" -+ LIBS="$LIBS -lgssapi -lkrb5" +- LIBS="-lgssapi $LIBS" ++ LIBS="-lgssapi -lkrb5 $LIBS" else -- LIBS="$LIBS -lgssapi" -+ LIBS="$LIBS -lgssapi -lkrb5" +- LIBS="-lgssapi $LIBS" ++ LIBS="-lgssapi -lkrb5 $LIBS" fi ;; esac else LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR" -- LIBS="$LIBS -lgssapi" -+ LIBS="$LIBS -lgssapi -lkrb5" +- LIBS="-lgssapi $LIBS" ++ LIBS="-lgssapi -lkrb5 $LIBS" fi else CPPFLAGS="$save_CPPFLAGS" -@@ -24033,19 +24033,19 @@ $as_echo "$as_me: WARNING: You need an l +@@ -24833,19 +24834,19 @@ $as_echo "$as_me: WARNING: You need an l $as_echo "yes" >&6; } if test "x$OPENSSL_ENABLED" = "x1"; then versioned_symbols_flavour="OPENSSL_" |