OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 10-Dec-2005 20:33:10
Branch: OPENPKG_2_5_SOLID Handle: 2005121019331000
Added files: (Branch: OPENPKG_2_5_SOLID)
openpkg-src/curl curl.patch
Modified files: (Branch: OPENPKG_2_5_SOLID)
openpkg-src/curl curl.spec
Log:
Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl)
Summary:
Revision Changes Path
1.10.4.1 +27 -0 openpkg-src/curl/curl.patch
1.72.2.3 +3 -1 openpkg-src/curl/curl.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/curl/curl.patch
============================================================================
$ cvs diff -u -r0 -r1.10.4.1 curl.patch
--- /dev/null 2005-12-10 20:33:00 +0100
+++ curl.patch 2005-12-10 20:33:10 +0100
@@ -0,0 +1,27 @@
+Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl)
+http://curl.haxx.se/docs/adv_20051207.html
+
+Index: lib/url.c
+--- lib/url.c.orig 2005-09-30 22:04:10 +0200
++++ lib/url.c 2005-12-10 20:24:40 +0100
+@@ -2372,12 +2372,18 @@
+ if(urllen < LEAST_PATH_ALLOC)
+ urllen=LEAST_PATH_ALLOC;
+
+- conn->pathbuffer=(char *)malloc(urllen);
++ /*
++ * We malloc() the buffers below urllen+2 to make room for to
possibilities:
++ * 1 - an extra terminating zero
++ * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used)
++ */
++
++ conn->pathbuffer=(char *)malloc(urllen+2);
+ if(NULL == conn->pathbuffer)
+ return CURLE_OUT_OF_MEMORY; /* really bad error */
+ conn->path = conn->pathbuffer;
+
+- conn->host.rawalloc=(char *)malloc(urllen);
++ conn->host.rawalloc=(char *)malloc(urllen+2);
+ if(NULL == conn->host.rawalloc)
+ return CURLE_OUT_OF_MEMORY;
+ conn->host.name = conn->host.rawalloc;
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/curl/curl.spec
============================================================================
$ cvs diff -u -r1.72.2.2 -r1.72.2.3 curl.spec
--- openpkg-src/curl/curl.spec 13 Oct 2005 18:14:45 -0000 1.72.2.2
+++ openpkg-src/curl/curl.spec 10 Dec 2005 19:33:10 -0000 1.72.2.3
@@ -33,7 +33,7 @@
Group: Web
License: GPL
Version: 7.15.0
-Release: 2.5.0
+Release: 2.5.1
# package options
%option with_ssl yes
@@ -42,6 +42,7 @@
# list of sources
Source0: http://curl.haxx.se/download/curl-%{version}.tar.bz2
+Patch0: curl.patch
# build information
Prefix: %{l_prefix}
@@ -79,6 +80,7 @@
%prep
%setup -q
+ %patch -p0
%build
%{l_shtool} subst \
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [email protected]
