OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 10-Dec-2005 20:54:13
Branch: OPENPKG_2_5_SOLID Handle: 2005121019541200
Added files: (Branch: OPENPKG_2_5_SOLID)
openpkg-src/openpkg curl.patch
Modified files: (Branch: OPENPKG_2_5_SOLID)
openpkg-src/openpkg openpkg.spec
Log:
Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl)
Summary:
Revision Changes Path
1.6.4.1 +27 -0 openpkg-src/openpkg/curl.patch
1.454.2.4 +5 -1 openpkg-src/openpkg/openpkg.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/openpkg/curl.patch
============================================================================
$ cvs diff -u -r0 -r1.6.4.1 curl.patch
--- /dev/null 2005-12-10 20:54:11 +0100
+++ curl.patch 2005-12-10 20:54:13 +0100
@@ -0,0 +1,27 @@
+Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl)
+http://curl.haxx.se/docs/adv_20051207.html
+
+Index: lib/url.c
+--- lib/url.c.orig 2005-09-30 22:04:10 +0200
++++ lib/url.c 2005-12-10 20:24:40 +0100
+@@ -2372,12 +2372,18 @@
+ if(urllen < LEAST_PATH_ALLOC)
+ urllen=LEAST_PATH_ALLOC;
+
+- conn->pathbuffer=(char *)malloc(urllen);
++ /*
++ * We malloc() the buffers below urllen+2 to make room for to
possibilities:
++ * 1 - an extra terminating zero
++ * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used)
++ */
++
++ conn->pathbuffer=(char *)malloc(urllen+2);
+ if(NULL == conn->pathbuffer)
+ return CURLE_OUT_OF_MEMORY; /* really bad error */
+ conn->path = conn->pathbuffer;
+
+- conn->host.rawalloc=(char *)malloc(urllen);
++ conn->host.rawalloc=(char *)malloc(urllen+2);
+ if(NULL == conn->host.rawalloc)
+ return CURLE_OUT_OF_MEMORY;
+ conn->host.name = conn->host.rawalloc;
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openpkg/openpkg.spec
============================================================================
$ cvs diff -u -r1.454.2.3 -r1.454.2.4 openpkg.spec
--- openpkg-src/openpkg/openpkg.spec 16 Oct 2005 09:15:24 -0000
1.454.2.3
+++ openpkg-src/openpkg/openpkg.spec 10 Dec 2005 19:54:12 -0000
1.454.2.4
@@ -38,7 +38,7 @@
# o any cc(1)
# the package version/release
-%define V_openpkg 2.5.0
+%define V_openpkg 2.5.1
# the used software versions
%define V_rpm 4.2.1
@@ -131,6 +131,7 @@
Source60: uuid.8
Source61: uuid.pod
Source62: uuid.sh
+Source63: curl.patch
# build information
Prefix: %{l_prefix}
@@ -586,6 +587,9 @@
-e '/LINENO: error: C[+]* preprocessor/{N;N;N;N;s/.*/:/;}' \
configure
) || exit $?
+ ( cd curl-%{V_curl}
+ ${l_patch} -p0 <`SOURCE curl.patch`
+ ) || exit $?
# display verbosity header
set +x; VERBOSE "PREPARATION: Build GNU make (Build Tool)"; set -x
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
