[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/curl/ curl.patch curl.sp...

Sat, 10 Dec 2005 11:35:39 -0800 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   10-Dec-2005 20:35:43
  Branch: OPENPKG_2_4_SOLID                Handle: 2005121019354300

  Modified files:           (Branch: OPENPKG_2_4_SOLID)
    openpkg-src/curl        curl.patch curl.spec

  Log:
    Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl)

  Summary:
    Revision    Changes     Path
    1.10.2.2    +29 -0      openpkg-src/curl/curl.patch
    1.70.2.3    +1  -1      openpkg-src/curl/curl.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/curl/curl.patch
  ============================================================================
  $ cvs diff -u -r1.10.2.1 -r1.10.2.2 curl.patch
  --- openpkg-src/curl/curl.patch       18 Oct 2005 08:27:40 -0000      1.10.2.1
  +++ openpkg-src/curl/curl.patch       10 Dec 2005 19:35:43 -0000      1.10.2.2
  @@ -19,3 +19,32 @@
        memcpy(&ntlmbuf[size], domain, domlen);
        size += domlen;
    
  +-----------------------------------------------------------------------------
  +
  +Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl)
  +http://curl.haxx.se/docs/adv_20051207.html
  +
  +Index: lib/url.c
  +--- lib/url.c.orig   2005-09-30 22:04:10 +0200
  ++++ lib/url.c        2005-12-10 20:24:40 +0100
  +@@ -2372,12 +2372,18 @@
  +   if(urllen < LEAST_PATH_ALLOC)
  +     urllen=LEAST_PATH_ALLOC;
  + 
  +-  conn->pathbuffer=(char *)malloc(urllen);
  ++  /*
  ++   * We malloc() the buffers below urllen+2 to make room for to 
possibilities:
  ++   * 1 - an extra terminating zero
  ++   * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used)
  ++   */
  ++
  ++  conn->pathbuffer=(char *)malloc(urllen+2);
  +   if(NULL == conn->pathbuffer)
  +     return CURLE_OUT_OF_MEMORY; /* really bad error */
  +   conn->path = conn->pathbuffer;
  + 
  +-  conn->host.rawalloc=(char *)malloc(urllen);
  ++  conn->host.rawalloc=(char *)malloc(urllen+2);
  +   if(NULL == conn->host.rawalloc)
  +     return CURLE_OUT_OF_MEMORY;
  +   conn->host.name = conn->host.rawalloc;
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/curl/curl.spec
  ============================================================================
  $ cvs diff -u -r1.70.2.2 -r1.70.2.3 curl.spec
  --- openpkg-src/curl/curl.spec        18 Oct 2005 08:27:40 -0000      1.70.2.2
  +++ openpkg-src/curl/curl.spec        10 Dec 2005 19:35:43 -0000      1.70.2.3
  @@ -33,7 +33,7 @@
   Group:        Web
   License:      GPL
   Version:      7.14.0
  -Release:      2.4.1
  +Release:      2.4.2
   
   #   package options
   %option       with_ssl   yes
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [email protected]

Reply via email to