Wed Feb 13 19:09:07 2013 UTC ()
Pullup ticket #4066 - requested by drochner
www/curl: security patch
Revisions pulled up:
- www/curl/Makefile 1.123 via patch
- www/curl/distinfo 1.81
- www/curl/patches/patch-CVE-2013-0249 1.1
---
Module Name: pkgsrc
Committed By: drochner
Date: Fri Feb 8 15:45:42 UTC 2013
Modified Files:
pkgsrc/www/curl: Makefile distinfo
Added Files:
pkgsrc/www/curl/patches: patch-CVE-2013-0249
Log Message:
add patch from upstream to fix SASL buffer overflow vulnerability
(CVE-2013-0249), bump PKGREV
(tron)
diff -r1.121 -r1.121.2.1 pkgsrc/www/curl/Makefile
diff -r1.80 -r1.80.2.1 pkgsrc/www/curl/distinfo
diff -r0 -r1.2.2.2 pkgsrc/www/curl/patches/patch-CVE-2013-0249
--- pkgsrc/www/curl/Makefile 2012/12/17 23:26:47 1.121
+++ pkgsrc/www/curl/Makefile 2013/02/13 19:09:06 1.121.2.1
| @@ -1,17 +1,17 @@ | | | @@ -1,17 +1,17 @@ |
1 | # $NetBSD: Makefile,v 1.121 2012/12/17 23:26:47 agc Exp $ | | 1 | # $NetBSD: Makefile,v 1.121.2.1 2013/02/13 19:09:06 tron Exp $ |
2 | | | 2 | |
3 | DISTNAME= curl-7.28.1 | | 3 | DISTNAME= curl-7.28.1 |
4 | PKGREVISION= 1 | | 4 | PKGREVISION= 3 |
5 | CATEGORIES= www | | 5 | CATEGORIES= www |
6 | MASTER_SITES= http://curl.haxx.se/download/ \ | | 6 | MASTER_SITES= http://curl.haxx.se/download/ \ |
7 | ftp://ftp.sunet.se/pub/www/utilities/curl/ | | 7 | ftp://ftp.sunet.se/pub/www/utilities/curl/ |
8 | EXTRACT_SUFX= .tar.bz2 | | 8 | EXTRACT_SUFX= .tar.bz2 |
9 | | | 9 | |
10 | MAINTAINER= pkgsrc-users@NetBSD.org | | 10 | MAINTAINER= pkgsrc-users@NetBSD.org |
11 | HOMEPAGE= http://curl.haxx.se/ | | 11 | HOMEPAGE= http://curl.haxx.se/ |
12 | COMMENT= Client that groks URLs | | 12 | COMMENT= Client that groks URLs |
13 | # not completely, but near enough | | 13 | # not completely, but near enough |
14 | LICENSE= mit | | 14 | LICENSE= mit |
15 | | | 15 | |
16 | PKG_INSTALLATION_TYPES= overwrite pkgviews | | 16 | PKG_INSTALLATION_TYPES= overwrite pkgviews |
17 | | | 17 | |
--- pkgsrc/www/curl/distinfo 2012/12/06 16:24:29 1.80
+++ pkgsrc/www/curl/distinfo 2013/02/13 19:09:06 1.80.2.1
| @@ -1,6 +1,7 @@ | | | @@ -1,6 +1,7 @@ |
1 | $NetBSD: distinfo,v 1.80 2012/12/06 16:24:29 adam Exp $ | | 1 | $NetBSD: distinfo,v 1.80.2.1 2013/02/13 19:09:06 tron Exp $ |
2 | | | 2 | |
3 | SHA1 (curl-7.28.1.tar.bz2) = b5aff1afc4e40fcb78db7a5e27214e0035756f3d | | 3 | SHA1 (curl-7.28.1.tar.bz2) = b5aff1afc4e40fcb78db7a5e27214e0035756f3d |
4 | RMD160 (curl-7.28.1.tar.bz2) = d4a0cb79756607c3b573970648d639744f15fc65 | | 4 | RMD160 (curl-7.28.1.tar.bz2) = d4a0cb79756607c3b573970648d639744f15fc65 |
5 | Size (curl-7.28.1.tar.bz2) = 2516671 bytes | | 5 | Size (curl-7.28.1.tar.bz2) = 2516671 bytes |
| | | 6 | SHA1 (patch-CVE-2013-0249) = a00098804b17c59905fcd87dc69defc43f2aaf19 |
6 | SHA1 (patch-aa) = 66dc62384fa8dcd5a68f0f9af8b3c449a46fd250 | | 7 | SHA1 (patch-aa) = 66dc62384fa8dcd5a68f0f9af8b3c449a46fd250 |
$NetBSD: patch-CVE-2013-0249,v 1.2.2.2 2013/02/13 19:09:06 tron Exp $
see http://curl.haxx.se/docs/adv_20130206.html
--- lib/curl_sasl.c.orig 2012-08-08 20:45:18.000000000 +0000
+++ lib/curl_sasl.c
@@ -345,9 +345,7 @@ CURLcode Curl_sasl_create_digest_md5_mes
snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]);
/* Prepare the URL string */
- strcpy(uri, service);
- strcat(uri, "/");
- strcat(uri, realm);
+ snprintf(uri, sizeof(uri), "%s/%s", service, realm);
/* Calculate H(A2) */
ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
@@ -391,20 +389,11 @@ CURLcode Curl_sasl_create_digest_md5_mes
for(i = 0; i < MD5_DIGEST_LEN; i++)
snprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]);
- strcpy(response, "username=\"");
- strcat(response, userp);
- strcat(response, "\",realm=\"");
- strcat(response, realm);
- strcat(response, "\",nonce=\"");
- strcat(response, nonce);
- strcat(response, "\",cnonce=\"");
- strcat(response, cnonce);
- strcat(response, "\",nc=");
- strcat(response, nonceCount);
- strcat(response, ",digest-uri=\"");
- strcat(response, uri);
- strcat(response, "\",response=");
- strcat(response, resp_hash_hex);
+ snprintf(response, sizeof(response),
+ "username=\"%s\",realm=\"%s\",nonce=\"%s\","
+ "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s",
+ userp, realm, nonce,
+ cnonce, nonceCount, uri, resp_hash_hex);
/* Base64 encode the reply */
return Curl_base64_encode(data, response, 0, outptr, outlen);