Darcsweb-Url:
http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20071001094207-dd049-7520f5d2d6cdb409a68cd237188e2399de51b888.gz;
[elinks-0.11.2-2terminus2-i686
voroskoi <[EMAIL PROTECTED]>**20071001094207
secfix relbump, closes #2457
] {
addfile ./source/network/elinks/CVE-2007-5034.diff
hunk ./source/network/elinks/CVE-2007-5034.diff 1
+diff -aur elinks-0.11.2/src/protocol/http/http.c
fw_elinks-0.11.2/src/protocol/http/http.c
+--- elinks-0.11.2/src/protocol/http/http.c 2006-11-19 14:46:37.000000000
+0100
++++ fw_elinks-0.11.2/src/protocol/http/http.c 2007-10-01 11:26:47.000000000
+0200
+@@ -685,31 +685,33 @@
+ add_crlf_to_string(&header);
+ }
+
+- switch (get_opt_int("protocol.http.referer.policy")) {
+- case REFERER_NONE:
+- /* oh well */
+- break;
++ if (!use_connect) {
++ switch (get_opt_int("protocol.http.referer.policy")) {
++ case REFERER_NONE:
++ /* oh well */
++ break;
+
+- case REFERER_FAKE:
+- optstr = get_opt_str("protocol.http.referer.fake");
+- if (!optstr[0]) break;
+- add_to_string(&header, "Referer: ");
+- add_to_string(&header, optstr);
+- add_crlf_to_string(&header);
+- break;
++ case REFERER_FAKE:
++ optstr =
get_opt_str("protocol.http.referer.fake");
++ if (!optstr[0]) break;
++ add_to_string(&header, "Referer: ");
++ add_to_string(&header, optstr);
++ add_crlf_to_string(&header);
++ break;
+
+- case REFERER_TRUE:
+- if (!conn->referrer) break;
+- add_to_string(&header, "Referer: ");
+- add_url_to_http_string(&header, conn->referrer,
URI_HTTP_REFERRER);
+- add_crlf_to_string(&header);
+- break;
++ case REFERER_TRUE:
++ if (!conn->referrer) break;
++ add_to_string(&header, "Referer: ");
++ add_url_to_http_string(&header, conn->referrer,
URI_HTTP_REFERRER);
++ add_crlf_to_string(&header);
++ break;
+
+- case REFERER_SAME_URL:
+- add_to_string(&header, "Referer: ");
+- add_url_to_http_string(&header, uri, URI_HTTP_REFERRER);
+- add_crlf_to_string(&header);
+- break;
++ case REFERER_SAME_URL:
++ add_to_string(&header, "Referer: ");
++ add_url_to_http_string(&header, uri,
URI_HTTP_REFERRER);
++ add_crlf_to_string(&header);
++ break;
++ }
+ }
+
+ add_to_string(&header, "Accept: */*");
+@@ -782,7 +784,7 @@
+ add_crlf_to_string(&header);
+ }
+
+- if (conn->cached) {
++ if (!use_connect && conn->cached) {
+ if (!conn->cached->incomplete && conn->cached->head &&
conn->cached->last_modified
+ && conn->cache_mode <= CACHE_MODE_CHECK_IF_MODIFIED) {
+ add_to_string(&header, "If-Modified-Since: ");
+@@ -798,7 +800,7 @@
+ add_crlf_to_string(&header);
+ }
+
+- if (conn->from || conn->progress->start > 0) {
++ if (!use_connect && (conn->from || conn->progress->start > 0)) {
+ /* conn->from takes precedence. conn->progress.start is set
only the first
+ * time, then conn->from gets updated and in case of any retries
+ * etc we have everything interesting in conn->from already. */
+@@ -808,7 +810,9 @@
+ add_crlf_to_string(&header);
+ }
+
+- entry = find_auth(uri);
++ if (!use_connect) {
++ entry = find_auth(uri);
++ }
+ if (entry) {
+ if (entry->digest) {
+ unsigned char *response;
+@@ -848,7 +852,7 @@
+ }
+ }
+
+- if (uri->post) {
++ if (!use_connect && uri->post) {
+ /* We search for first '\n' in uri->post to get content type
+ * as set by get_form_uri(). This '\n' is dropped if any
+ * and replaced by correct '\r\n' termination here. */
+@@ -867,7 +871,7 @@
+ }
+
+ #ifdef CONFIG_COOKIES
+- {
++ if (!use_connect) {
+ struct string *cookies = send_cookies(uri);
+
+ if (cookies) {
+@@ -887,6 +891,8 @@
+ unsigned char buffer[POST_BUFFER_SIZE];
+ int n = 0;
+
++ assert(!use_connect);
++
+ while (post[0] && post[1]) {
+ int h1, h2;
+
hunk ./source/network/elinks/FrugalBuild 7
-pkgrel=2terminus1
+pkgrel=2terminus2
hunk ./source/network/elinks/FrugalBuild 16
- elinks-0.11.0-gcc4-inline.patch elinks-0.11.0-ruby.patch
CVE-2007-2027.diff)
+ elinks-0.11.0-gcc4-inline.patch elinks-0.11.0-ruby.patch \
+ CVE-2007-2027.diff CVE-2007-5034.diff)
hunk ./source/network/elinks/FrugalBuild 30
-sha1sums=('47669c38e1e5ebb35015a9a9a8f9c898821bd408'\
- '68f6c6dc3bf170aeef6b0d3a5df46bd53b7a3bef'\
- 'e11b612c791cbf371d61e943556220aff0e1b472'\
- '5cb02dfd86fe1967d2e07b47609762e22b9a236e')
+sha1sums=('47669c38e1e5ebb35015a9a9a8f9c898821bd408' \
+ '68f6c6dc3bf170aeef6b0d3a5df46bd53b7a3bef' \
+ 'e11b612c791cbf371d61e943556220aff0e1b472' \
+ '5cb02dfd86fe1967d2e07b47609762e22b9a236e' \
+ '01e58c6236d9f1ffd9fa14f6c79b8f975c1e02d7')
}
_______________________________________________
Frugalware-darcs mailing list
Frugalware-darcs@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-darcs
