Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20071001094207-dd049-7520f5d2d6cdb409a68cd237188e2399de51b888.gz;
[elinks-0.11.2-2terminus2-i686 voroskoi <[EMAIL PROTECTED]>**20071001094207 secfix relbump, closes #2457 ] { addfile ./source/network/elinks/CVE-2007-5034.diff hunk ./source/network/elinks/CVE-2007-5034.diff 1 +diff -aur elinks-0.11.2/src/protocol/http/http.c fw_elinks-0.11.2/src/protocol/http/http.c +--- elinks-0.11.2/src/protocol/http/http.c 2006-11-19 14:46:37.000000000 +0100 ++++ fw_elinks-0.11.2/src/protocol/http/http.c 2007-10-01 11:26:47.000000000 +0200 +@@ -685,31 +685,33 @@ + add_crlf_to_string(&header); + } + +- switch (get_opt_int("protocol.http.referer.policy")) { +- case REFERER_NONE: +- /* oh well */ +- break; ++ if (!use_connect) { ++ switch (get_opt_int("protocol.http.referer.policy")) { ++ case REFERER_NONE: ++ /* oh well */ ++ break; + +- case REFERER_FAKE: +- optstr = get_opt_str("protocol.http.referer.fake"); +- if (!optstr[0]) break; +- add_to_string(&header, "Referer: "); +- add_to_string(&header, optstr); +- add_crlf_to_string(&header); +- break; ++ case REFERER_FAKE: ++ optstr = get_opt_str("protocol.http.referer.fake"); ++ if (!optstr[0]) break; ++ add_to_string(&header, "Referer: "); ++ add_to_string(&header, optstr); ++ add_crlf_to_string(&header); ++ break; + +- case REFERER_TRUE: +- if (!conn->referrer) break; +- add_to_string(&header, "Referer: "); +- add_url_to_http_string(&header, conn->referrer, URI_HTTP_REFERRER); +- add_crlf_to_string(&header); +- break; ++ case REFERER_TRUE: ++ if (!conn->referrer) break; ++ add_to_string(&header, "Referer: "); ++ add_url_to_http_string(&header, conn->referrer, URI_HTTP_REFERRER); ++ add_crlf_to_string(&header); ++ break; + +- case REFERER_SAME_URL: +- add_to_string(&header, "Referer: "); +- add_url_to_http_string(&header, uri, URI_HTTP_REFERRER); +- add_crlf_to_string(&header); +- break; ++ case REFERER_SAME_URL: ++ add_to_string(&header, "Referer: "); ++ add_url_to_http_string(&header, uri, URI_HTTP_REFERRER); ++ add_crlf_to_string(&header); ++ break; ++ } + } + + add_to_string(&header, "Accept: */*"); +@@ -782,7 +784,7 @@ + add_crlf_to_string(&header); + } + +- if (conn->cached) { ++ if (!use_connect && conn->cached) { + if (!conn->cached->incomplete && conn->cached->head && conn->cached->last_modified + && conn->cache_mode <= CACHE_MODE_CHECK_IF_MODIFIED) { + add_to_string(&header, "If-Modified-Since: "); +@@ -798,7 +800,7 @@ + add_crlf_to_string(&header); + } + +- if (conn->from || conn->progress->start > 0) { ++ if (!use_connect && (conn->from || conn->progress->start > 0)) { + /* conn->from takes precedence. conn->progress.start is set only the first + * time, then conn->from gets updated and in case of any retries + * etc we have everything interesting in conn->from already. */ +@@ -808,7 +810,9 @@ + add_crlf_to_string(&header); + } + +- entry = find_auth(uri); ++ if (!use_connect) { ++ entry = find_auth(uri); ++ } + if (entry) { + if (entry->digest) { + unsigned char *response; +@@ -848,7 +852,7 @@ + } + } + +- if (uri->post) { ++ if (!use_connect && uri->post) { + /* We search for first '\n' in uri->post to get content type + * as set by get_form_uri(). This '\n' is dropped if any + * and replaced by correct '\r\n' termination here. */ +@@ -867,7 +871,7 @@ + } + + #ifdef CONFIG_COOKIES +- { ++ if (!use_connect) { + struct string *cookies = send_cookies(uri); + + if (cookies) { +@@ -887,6 +891,8 @@ + unsigned char buffer[POST_BUFFER_SIZE]; + int n = 0; + ++ assert(!use_connect); ++ + while (post[0] && post[1]) { + int h1, h2; + hunk ./source/network/elinks/FrugalBuild 7 -pkgrel=2terminus1 +pkgrel=2terminus2 hunk ./source/network/elinks/FrugalBuild 16 - elinks-0.11.0-gcc4-inline.patch elinks-0.11.0-ruby.patch CVE-2007-2027.diff) + elinks-0.11.0-gcc4-inline.patch elinks-0.11.0-ruby.patch \ + CVE-2007-2027.diff CVE-2007-5034.diff) hunk ./source/network/elinks/FrugalBuild 30 -sha1sums=('47669c38e1e5ebb35015a9a9a8f9c898821bd408'\ - '68f6c6dc3bf170aeef6b0d3a5df46bd53b7a3bef'\ - 'e11b612c791cbf371d61e943556220aff0e1b472'\ - '5cb02dfd86fe1967d2e07b47609762e22b9a236e') +sha1sums=('47669c38e1e5ebb35015a9a9a8f9c898821bd408' \ + '68f6c6dc3bf170aeef6b0d3a5df46bd53b7a3bef' \ + 'e11b612c791cbf371d61e943556220aff0e1b472' \ + '5cb02dfd86fe1967d2e07b47609762e22b9a236e' \ + '01e58c6236d9f1ffd9fa14f6c79b8f975c1e02d7') } _______________________________________________ Frugalware-darcs mailing list Frugalware-darcs@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-darcs