From 230ebf43746bd0cb68ebd531b54c9a9420b7f4d5 Mon Sep 17 00:00:00 2001 From: drochner Date: Tue, 9 Feb 2010 16:05:38 +0000 Subject: add a patch from upstream to fix "data callback excessive length" which is security critical --- www/curl/Makefile | 4 ++-- www/curl/distinfo | 3 ++- www/curl/patches/patch-ab | 15 +++++++++++++++ 3 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 www/curl/patches/patch-ab (limited to 'www/curl') diff --git a/www/curl/Makefile b/www/curl/Makefile index bc6b65ca369..4fb3937b51d 100644 --- a/www/curl/Makefile +++ b/www/curl/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.94 2010/01/17 12:02:48 wiz Exp $ +# $NetBSD: Makefile,v 1.95 2010/02/09 16:05:38 drochner Exp $ DISTNAME= curl-7.19.7 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= www MASTER_SITES= http://curl.haxx.se/download/ \ ftp://ftp.sunet.se/pub/www/utilities/curl/ diff --git a/www/curl/distinfo b/www/curl/distinfo index 7aa36a68bf9..32882ddd987 100644 --- a/www/curl/distinfo +++ b/www/curl/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.62 2009/11/15 20:09:48 drochner Exp $ +$NetBSD: distinfo,v 1.63 2010/02/09 16:05:38 drochner Exp $ SHA1 (curl-7.19.7.tar.bz2) = c306ebf0f65fb90df3c9c9a12fb04fb77cc29e2c RMD160 (curl-7.19.7.tar.bz2) = b170b24af3a6d3fc3357e90fc7ae5ef34d722fb4 Size (curl-7.19.7.tar.bz2) = 2355121 bytes SHA1 (patch-aa) = dd7708e359f63552970640366855fbf8669461df +SHA1 (patch-ab) = a9aee863dc8478d0df780024a387ec9ce9bfad34 diff --git a/www/curl/patches/patch-ab b/www/curl/patches/patch-ab new file mode 100644 index 00000000000..811d1f90e86 --- /dev/null +++ b/www/curl/patches/patch-ab @@ -0,0 +1,15 @@ +$NetBSD: patch-ab,v 1.12 2010/02/09 16:05:38 drochner Exp $ + +http://curl.haxx.se/docs/adv_20100209.html + +--- lib/content_encoding.c.orig 2009-08-30 11:28:33.000000000 +0000 ++++ lib/content_encoding.c +@@ -40,7 +40,7 @@ + (doing so will reduce code size slightly). */ + #define OLD_ZLIB_SUPPORT 1 + +-#define DSIZ 0x10000 /* buffer size for decompressed data */ ++#define DSIZ CURL_MAX_WRITE_SIZE /* buffer size for decompressed data */ + + #define GZIP_MAGIC_0 0x1f + #define GZIP_MAGIC_1 0x8b -- cgit v1.2.3