[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/curl/ curl.patch curl.sp...

Sat, 10 Dec 2005 11:37:57 -0800 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   10-Dec-2005 20:38:02
  Branch: OPENPKG_2_3_SOLID                Handle: 2005121019380200

  Modified files:           (Branch: OPENPKG_2_3_SOLID)
    openpkg-src/curl        curl.patch curl.spec

  Log:
    Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl)

  Summary:
    Revision    Changes     Path
    1.8.2.4     +29 -0      openpkg-src/curl/curl.patch
    1.65.2.4    +1  -1      openpkg-src/curl/curl.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/curl/curl.patch
  ============================================================================
  $ cvs diff -u -r1.8.2.3 -r1.8.2.4 curl.patch
  --- openpkg-src/curl/curl.patch       18 Oct 2005 08:30:23 -0000      1.8.2.3
  +++ openpkg-src/curl/curl.patch       10 Dec 2005 19:38:02 -0000      1.8.2.4
  @@ -266,3 +266,32 @@
        memcpy(&ntlmbuf[size], domain, domlen);
        size += domlen;
    
  
+------------------------------------------------------------------------------
  +
  +Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl)
  +http://curl.haxx.se/docs/adv_20051207.html
  +
  +Index: lib/url.c
  +--- lib/url.c.orig   2005-09-30 22:04:10 +0200
  ++++ lib/url.c        2005-12-10 20:24:40 +0100
  +@@ -2372,12 +2372,18 @@
  +   if(urllen < LEAST_PATH_ALLOC)
  +     urllen=LEAST_PATH_ALLOC;
  + 
  +-  conn->pathbuffer=(char *)malloc(urllen);
  ++  /*
  ++   * We malloc() the buffers below urllen+2 to make room for to 
possibilities:
  ++   * 1 - an extra terminating zero
  ++   * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used)
  ++   */
  ++
  ++  conn->pathbuffer=(char *)malloc(urllen+2);
  +   if(NULL == conn->pathbuffer)
  +     return CURLE_OUT_OF_MEMORY; /* really bad error */
  +   conn->path = conn->pathbuffer;
  + 
  +-  conn->host.rawalloc=(char *)malloc(urllen);
  ++  conn->host.rawalloc=(char *)malloc(urllen+2);
  +   if(NULL == conn->host.rawalloc)
  +     return CURLE_OUT_OF_MEMORY;
  +   conn->host.name = conn->host.rawalloc;
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/curl/curl.spec
  ============================================================================
  $ cvs diff -u -r1.65.2.3 -r1.65.2.4 curl.spec
  --- openpkg-src/curl/curl.spec        18 Oct 2005 08:30:23 -0000      1.65.2.3
  +++ openpkg-src/curl/curl.spec        10 Dec 2005 19:38:02 -0000      1.65.2.4
  @@ -34,7 +34,7 @@
   Group:        Web
   License:      GPL
   Version:      7.13.0
  -Release:      2.3.1
  +Release:      2.3.2
   
   #   package options
   %option       with_ssl   yes
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     openpkg-cvs@openpkg.org

Reply via email to