OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Dec-2005 20:38:02 Branch: OPENPKG_2_3_SOLID Handle: 2005121019380200 Modified files: (Branch: OPENPKG_2_3_SOLID) openpkg-src/curl curl.patch curl.spec Log: Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) Summary: Revision Changes Path 1.8.2.4 +29 -0 openpkg-src/curl/curl.patch 1.65.2.4 +1 -1 openpkg-src/curl/curl.spec ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/curl/curl.patch ============================================================================ $ cvs diff -u -r1.8.2.3 -r1.8.2.4 curl.patch --- openpkg-src/curl/curl.patch 18 Oct 2005 08:30:23 -0000 1.8.2.3 +++ openpkg-src/curl/curl.patch 10 Dec 2005 19:38:02 -0000 1.8.2.4 @@ -266,3 +266,32 @@ memcpy(&ntlmbuf[size], domain, domlen); size += domlen; +------------------------------------------------------------------------------ + +Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) +http://curl.haxx.se/docs/adv_20051207.html + +Index: lib/url.c +--- lib/url.c.orig 2005-09-30 22:04:10 +0200 ++++ lib/url.c 2005-12-10 20:24:40 +0100 +@@ -2372,12 +2372,18 @@ + if(urllen < LEAST_PATH_ALLOC) + urllen=LEAST_PATH_ALLOC; + +- conn->pathbuffer=(char *)malloc(urllen); ++ /* ++ * We malloc() the buffers below urllen+2 to make room for to possibilities: ++ * 1 - an extra terminating zero ++ * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used) ++ */ ++ ++ conn->pathbuffer=(char *)malloc(urllen+2); + if(NULL == conn->pathbuffer) + return CURLE_OUT_OF_MEMORY; /* really bad error */ + conn->path = conn->pathbuffer; + +- conn->host.rawalloc=(char *)malloc(urllen); ++ conn->host.rawalloc=(char *)malloc(urllen+2); + if(NULL == conn->host.rawalloc) + return CURLE_OUT_OF_MEMORY; + conn->host.name = conn->host.rawalloc; @@ . patch -p0 <<'@@ .' Index: openpkg-src/curl/curl.spec ============================================================================ $ cvs diff -u -r1.65.2.3 -r1.65.2.4 curl.spec --- openpkg-src/curl/curl.spec 18 Oct 2005 08:30:23 -0000 1.65.2.3 +++ openpkg-src/curl/curl.spec 10 Dec 2005 19:38:02 -0000 1.65.2.4 @@ -34,7 +34,7 @@ Group: Web License: GPL Version: 7.13.0 -Release: 2.3.1 +Release: 2.3.2 # package options %option with_ssl yes @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org