Wed Feb 13 19:09:07 2013 UTC ()
Pullup ticket #4066 - requested by drochner
www/curl: security patch

Revisions pulled up:
- www/curl/Makefile                                             1.123 via patch
- www/curl/distinfo                                             1.81
- www/curl/patches/patch-CVE-2013-0249                          1.1

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Fri Feb  8 15:45:42 UTC 2013

   Modified Files:
           pkgsrc/www/curl: Makefile distinfo
   Added Files:
           pkgsrc/www/curl/patches: patch-CVE-2013-0249

   Log Message:
   add patch from upstream to fix SASL buffer overflow vulnerability
   (CVE-2013-0249), bump PKGREV


(tron)
diff -r1.121 -r1.121.2.1 pkgsrc/www/curl/Makefile
diff -r1.80 -r1.80.2.1 pkgsrc/www/curl/distinfo
diff -r0 -r1.2.2.2 pkgsrc/www/curl/patches/patch-CVE-2013-0249
cvs diff -r1.121 -r1.121.2.1 pkgsrc/www/curl/Makefile (switch to unified diff)

--- pkgsrc/www/curl/Makefile 2012/12/17 23:26:47 1.121
+++ pkgsrc/www/curl/Makefile 2013/02/13 19:09:06 1.121.2.1
@@ -1,57 +1,57 @@ @@ -1,57 +1,57 @@
1# $NetBSD: Makefile,v 1.121 2012/12/17 23:26:47 agc Exp $ 1# $NetBSD: Makefile,v 1.121.2.1 2013/02/13 19:09:06 tron Exp $
2 2
3DISTNAME= curl-7.28.1 3DISTNAME= curl-7.28.1
4PKGREVISION= 1 4PKGREVISION= 3
5CATEGORIES= www 5CATEGORIES= www
6MASTER_SITES= http://curl.haxx.se/download/ \ 6MASTER_SITES= http://curl.haxx.se/download/ \
7 ftp://ftp.sunet.se/pub/www/utilities/curl/ 7 ftp://ftp.sunet.se/pub/www/utilities/curl/
8EXTRACT_SUFX= .tar.bz2 8EXTRACT_SUFX= .tar.bz2
9 9
10MAINTAINER= pkgsrc-users@NetBSD.org 10MAINTAINER= pkgsrc-users@NetBSD.org
11HOMEPAGE= http://curl.haxx.se/ 11HOMEPAGE= http://curl.haxx.se/
12COMMENT= Client that groks URLs 12COMMENT= Client that groks URLs
13# not completely, but near enough 13# not completely, but near enough
14LICENSE= mit 14LICENSE= mit
15 15
16PKG_INSTALLATION_TYPES= overwrite pkgviews 16PKG_INSTALLATION_TYPES= overwrite pkgviews
17 17
18# list it into IPv6-ready packages 18# list it into IPv6-ready packages
19BUILD_DEFS+= IPV6_READY 19BUILD_DEFS+= IPV6_READY
20 20
21USE_LIBTOOL= yes 21USE_LIBTOOL= yes
22GNU_CONFIGURE= yes 22GNU_CONFIGURE= yes
23CONFIGURE_ARGS+= --with-ssl=${BUILDLINK_PREFIX.openssl} 23CONFIGURE_ARGS+= --with-ssl=${BUILDLINK_PREFIX.openssl}
24CONFIGURE_ARGS+= --with-ca-path=${SSLCERTS} 24CONFIGURE_ARGS+= --with-ca-path=${SSLCERTS}
25CONFIGURE_ARGS+= --with-zlib=${BUILDLINK_PREFIX.zlib} 25CONFIGURE_ARGS+= --with-zlib=${BUILDLINK_PREFIX.zlib}
26PKGCONFIG_OVERRIDE= libcurl.pc.in 26PKGCONFIG_OVERRIDE= libcurl.pc.in
27 27
28INSTALLATION_DIRS= share/doc/curl share/examples/curl 28INSTALLATION_DIRS= share/doc/curl share/examples/curl
29 29
30.include "../../mk/bsd.prefs.mk" 30.include "../../mk/bsd.prefs.mk"
31 31
32.if !empty(PKGSRC_RUN_TEST:M[Yy][Ee][Ss]) 32.if !empty(PKGSRC_RUN_TEST:M[Yy][Ee][Ss])
33TEST_TARGET= check 33TEST_TARGET= check
34USE_TOOLS+= perl 34USE_TOOLS+= perl
35.endif 35.endif
36 36
37.if ${_USE_DESTDIR} == "no" 37.if ${_USE_DESTDIR} == "no"
38PRIVILEGED_STAGES+= clean 38PRIVILEGED_STAGES+= clean
39.endif 39.endif
40 40
41.include "options.mk" 41.include "options.mk"
42 42
43post-install: 43post-install:
44 for _f in MANUAL TheArtOfHttpScripting FAQ \ 44 for _f in MANUAL TheArtOfHttpScripting FAQ \
45 curl-config.pdf curl.pdf; do \ 45 curl-config.pdf curl.pdf; do \
46 ${INSTALL_DATA} ${WRKSRC}/docs/$${_f} \ 46 ${INSTALL_DATA} ${WRKSRC}/docs/$${_f} \
47 ${DESTDIR}${PREFIX}/share/doc/curl/${_f}; \ 47 ${DESTDIR}${PREFIX}/share/doc/curl/${_f}; \
48 done 48 done
49 for _f in ${WRKSRC}/docs/examples/*.c \ 49 for _f in ${WRKSRC}/docs/examples/*.c \
50 ${WRKSRC}/docs/examples/README; do \ 50 ${WRKSRC}/docs/examples/README; do \
51 ${INSTALL_DATA} $${_f} \ 51 ${INSTALL_DATA} $${_f} \
52 ${DESTDIR}${PREFIX}/share/examples/curl; \ 52 ${DESTDIR}${PREFIX}/share/examples/curl; \
53 done 53 done
54 54
55.include "../../devel/zlib/buildlink3.mk" 55.include "../../devel/zlib/buildlink3.mk"
56.include "../../security/openssl/buildlink3.mk" 56.include "../../security/openssl/buildlink3.mk"
57.include "../../mk/bsd.pkg.mk" 57.include "../../mk/bsd.pkg.mk"
cvs diff -r1.80 -r1.80.2.1 pkgsrc/www/curl/distinfo (switch to unified diff)

--- pkgsrc/www/curl/distinfo 2012/12/06 16:24:29 1.80
+++ pkgsrc/www/curl/distinfo 2013/02/13 19:09:06 1.80.2.1
@@ -1,6 +1,7 @@ @@ -1,6 +1,7 @@
1$NetBSD: distinfo,v 1.80 2012/12/06 16:24:29 adam Exp $ 1$NetBSD: distinfo,v 1.80.2.1 2013/02/13 19:09:06 tron Exp $
2 2
3SHA1 (curl-7.28.1.tar.bz2) = b5aff1afc4e40fcb78db7a5e27214e0035756f3d 3SHA1 (curl-7.28.1.tar.bz2) = b5aff1afc4e40fcb78db7a5e27214e0035756f3d
4RMD160 (curl-7.28.1.tar.bz2) = d4a0cb79756607c3b573970648d639744f15fc65 4RMD160 (curl-7.28.1.tar.bz2) = d4a0cb79756607c3b573970648d639744f15fc65
5Size (curl-7.28.1.tar.bz2) = 2516671 bytes 5Size (curl-7.28.1.tar.bz2) = 2516671 bytes
 6SHA1 (patch-CVE-2013-0249) = a00098804b17c59905fcd87dc69defc43f2aaf19
6SHA1 (patch-aa) = 66dc62384fa8dcd5a68f0f9af8b3c449a46fd250 7SHA1 (patch-aa) = 66dc62384fa8dcd5a68f0f9af8b3c449a46fd250
File Added: pkgsrc/www/curl/patches/Attic/patch-CVE-2013-0249
$NetBSD: patch-CVE-2013-0249,v 1.2.2.2 2013/02/13 19:09:06 tron Exp $

see http://curl.haxx.se/docs/adv_20130206.html

--- lib/curl_sasl.c.orig	2012-08-08 20:45:18.000000000 +0000
+++ lib/curl_sasl.c
@@ -345,9 +345,7 @@ CURLcode Curl_sasl_create_digest_md5_mes
     snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]);
 
   /* Prepare the URL string */
-  strcpy(uri, service);
-  strcat(uri, "/");
-  strcat(uri, realm);
+  snprintf(uri, sizeof(uri), "%s/%s", service, realm);
 
   /* Calculate H(A2) */
   ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
@@ -391,20 +389,11 @@ CURLcode Curl_sasl_create_digest_md5_mes
   for(i = 0; i < MD5_DIGEST_LEN; i++)
     snprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]);
 
-  strcpy(response, "username=\"");
-  strcat(response, userp);
-  strcat(response, "\",realm=\"");
-  strcat(response, realm);
-  strcat(response, "\",nonce=\"");
-  strcat(response, nonce);
-  strcat(response, "\",cnonce=\"");
-  strcat(response, cnonce);
-  strcat(response, "\",nc=");
-  strcat(response, nonceCount);
-  strcat(response, ",digest-uri=\"");
-  strcat(response, uri);
-  strcat(response, "\",response=");
-  strcat(response, resp_hash_hex);
+  snprintf(response, sizeof(response),
+           "username=\"%s\",realm=\"%s\",nonce=\"%s\","
+           "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s",
+           userp, realm, nonce,
+           cnonce, nonceCount, uri, resp_hash_hex);
 
   /* Base64 encode the reply */
   return Curl_base64_encode(data, response, 0, outptr, outlen);