From 64d64af2724c46c72e62ce5eca4be431abbf60e2 Mon Sep 17 00:00:00 2001 From: "Danilo G. Baio" Date: Thu, 5 Jul 2018 11:32:32 +0000 Subject: [PATCH] www/libwww: Update to 5.4.2, Fix security vulnerabilities This a security release for libwww to take into account security advisories CVE-2016-9063 and CVE-2017-9233. In order to take into account current and future expat security advisories, the expat source code was removed from the libwww tree. The makefiles were modified so that libwww dynamically links against the system's expat library. Patches removed were incorporated upstream. Bump PORTREVISION of dependent ports due shlib change. Changes: https://raw.githubusercontent.com/w3c/libwww/5.4.2/ChangeLog MFH: 2018Q3 Security: e375ff3f-7fec-11e8-8088-28d244aee256 --- benchmarks/flowgrind/Makefile | 2 +- devel/liboop/Makefile | 2 +- net-im/gale/Makefile | 2 +- net-mgmt/sblim-wbemcli/Makefile | 2 +- net/ntp-devel/Makefile | 2 +- net/ntp/Makefile | 1 + net/xmlrpc-c/Makefile | 1 + www/libwww/Makefile | 22 +- www/libwww/distinfo | 5 +- .../files/patch-Library__src__HTMIMImp.c | 11 - www/libwww/files/patch-Library_src_HTBound.c | 523 ------------------ .../files/patch-Library_src_SSL_HTSSL.c | 4 +- www/libwww/files/patch-configure | 10 +- www/libwww/files/patch-libwww-config.in | 11 - .../patch-modules_expat_xmlparse_xmlparse.c | 14 - .../patch-modules_expat_xmltok_xmltok__impl.c | 13 - www/libwww/pkg-plist | 15 +- 17 files changed, 31 insertions(+), 609 deletions(-) delete mode 100644 www/libwww/files/patch-Library__src__HTMIMImp.c delete mode 100644 www/libwww/files/patch-Library_src_HTBound.c delete mode 100644 www/libwww/files/patch-libwww-config.in delete mode 100644 www/libwww/files/patch-modules_expat_xmlparse_xmlparse.c delete mode 100644 www/libwww/files/patch-modules_expat_xmltok_xmltok__impl.c diff --git a/benchmarks/flowgrind/Makefile b/benchmarks/flowgrind/Makefile index e221bb2f78e0..35c58eeb0b03 100644 --- a/benchmarks/flowgrind/Makefile +++ b/benchmarks/flowgrind/Makefile @@ -4,7 +4,7 @@ PORTNAME= flowgrind PORTVERSION= 0.8.0 DISTVERSIONPREFIX= ${PORTNAME}- -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= benchmarks MAINTAINER= dbaio@FreeBSD.org diff --git a/devel/liboop/Makefile b/devel/liboop/Makefile index cb2629e8a857..f002cb17cc3a 100644 --- a/devel/liboop/Makefile +++ b/devel/liboop/Makefile @@ -3,7 +3,7 @@ PORTNAME= liboop PORTVERSION= 1.0 -PORTREVISION= 14 +PORTREVISION= 15 CATEGORIES= devel MASTER_SITES= GENTOO \ http://download.ofb.net/liboop/ diff --git a/net-im/gale/Makefile b/net-im/gale/Makefile index aa21de4d8052..0b501bc8bc52 100644 --- a/net-im/gale/Makefile +++ b/net-im/gale/Makefile @@ -3,7 +3,7 @@ PORTNAME= gale PORTVERSION= 0.99f -PORTREVISION= 10 +PORTREVISION= 11 CATEGORIES= net-im MASTER_SITES= http://download.ofb.net/${PORTNAME}/ DISTNAME= ${PORTNAME}-${PORTVERSION}ruit diff --git a/net-mgmt/sblim-wbemcli/Makefile b/net-mgmt/sblim-wbemcli/Makefile index 8f6683ec38b6..9bf49116dc28 100644 --- a/net-mgmt/sblim-wbemcli/Makefile +++ b/net-mgmt/sblim-wbemcli/Makefile @@ -2,7 +2,7 @@ PORTNAME= sblim-wbemcli PORTVERSION= 1.6.1 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= net-mgmt MASTER_SITES= SF/sblim/${PORTNAME}/${PORTVERSION} diff --git a/net/ntp-devel/Makefile b/net/ntp-devel/Makefile index 5f72cb937e32..bb89e0966de5 100644 --- a/net/ntp-devel/Makefile +++ b/net/ntp-devel/Makefile @@ -3,7 +3,7 @@ PORTNAME= ntp PORTVERSION= 4.3.93 -PORTREVISION= 7 +PORTREVISION= 8 CATEGORIES= net ipv6 MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ \ http://archive.ntp.org/ntp4/ntp-dev/ diff --git a/net/ntp/Makefile b/net/ntp/Makefile index 35ae68922e35..9937311e9d46 100644 --- a/net/ntp/Makefile +++ b/net/ntp/Makefile @@ -3,6 +3,7 @@ PORTNAME= ntp PORTVERSION= 4.2.8p11 +PORTREVISION= 1 CATEGORIES= net ipv6 MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ \ http://archive.ntp.org/ntp4/ntp-4.2/ \ diff --git a/net/xmlrpc-c/Makefile b/net/xmlrpc-c/Makefile index 51caef6739f6..6c19c268e0bd 100644 --- a/net/xmlrpc-c/Makefile +++ b/net/xmlrpc-c/Makefile @@ -3,6 +3,7 @@ PORTNAME= xmlrpc-c PORTVERSION= 1.39.13 +PORTREVISION= 1 CATEGORIES= net MASTER_SITES= SF/${PORTNAME}/Xmlrpc-c%20Super%20Stable/${PORTVERSION} diff --git a/www/libwww/Makefile b/www/libwww/Makefile index 9cda4ca953c7..5b62cb7bb13a 100644 --- a/www/libwww/Makefile +++ b/www/libwww/Makefile @@ -2,10 +2,10 @@ # $FreeBSD$ PORTNAME= libwww -PORTVERSION= 5.4.0 -PORTREVISION= 6 +PORTVERSION= 5.4.2 CATEGORIES= www devel -MASTER_SITES= http://www.w3.org/Library/Distribution/old/ +MASTER_SITES= https://www.w3.org/Library/Distribution/ \ + https://www.w3.org/Library/Distribution/old/ DISTNAME= w3c-${PORTNAME}-${PORTVERSION} MAINTAINER= dbaio@FreeBSD.org @@ -16,17 +16,17 @@ LICENSE_NAME= W3C IPR SOFTWARE NOTICE LICENSE_FILE= ${WRKSRC}/LICENSE.html LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept -GNU_CONFIGURE= yes -CONFIGURE_ARGS= --with-zlib --with-ssl=${OPENSSLBASE} -USES= gmake libtool perl5 ssl tar:tgz -USE_PERL5= build -USE_LDCONFIG= yes - BROKEN_SSL= openssl-devel +LIB_DEPENDS= libexpat.so:textproc/expat2 + +USES= gmake libtool localbase perl5 ssl tar:tgz +USE_PERL5= build +USE_LDCONFIG= yes +GNU_CONFIGURE= yes +CONFIGURE_ARGS= --enable-shared --with-zlib --with-ssl=${OPENSSLBASE} + post-install: - ${INSTALL_DATA} ${WRKSRC}/modules/expat/xmlparse/xmlparse.h \ - ${STAGEDIR}${PREFIX}/include/w3c-libwww/ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/*.so .include diff --git a/www/libwww/distinfo b/www/libwww/distinfo index f43f6854c512..7d609dea3058 100644 --- a/www/libwww/distinfo +++ b/www/libwww/distinfo @@ -1,2 +1,3 @@ -SHA256 (w3c-libwww-5.4.0.tgz) = 64841cd99a41c84679cfbc777ebfbb78bdc2a499f7f6866ccf5cead391c867ef -SIZE (w3c-libwww-5.4.0.tgz) = 1129121 +TIMESTAMP = 1530580809 +SHA256 (w3c-libwww-5.4.2.tgz) = 32b855101f65466c67ae3a3cc0fd18fa982e4b59fc98c9d4691e2da663d05f04 +SIZE (w3c-libwww-5.4.2.tgz) = 2630357 diff --git a/www/libwww/files/patch-Library__src__HTMIMImp.c b/www/libwww/files/patch-Library__src__HTMIMImp.c deleted file mode 100644 index 00adde5158a2..000000000000 --- a/www/libwww/files/patch-Library__src__HTMIMImp.c +++ /dev/null @@ -1,11 +0,0 @@ ---- Library/src/HTMIMImp.c.orig 1999-02-22 22:10:11 UTC -+++ Library/src/HTMIMImp.c -@@ -226,7 +226,7 @@ PRIVATE int HTFindInt(char * haystack, c - int value = deflt; - if (start != NULL) { - start += strlen(needle); -- while isspace(*start) start++; -+ while (isspace(*start)) start++; - if (isdigit(*start)) { - char * end = start + 1; - char save; diff --git a/www/libwww/files/patch-Library_src_HTBound.c b/www/libwww/files/patch-Library_src_HTBound.c deleted file mode 100644 index b29e07972fe7..000000000000 --- a/www/libwww/files/patch-Library_src_HTBound.c +++ /dev/null @@ -1,523 +0,0 @@ -# CVE-2005-3183 - ---- Library/src/HTBound.c.orig 1999-02-22 22:10:10 UTC -+++ Library/src/HTBound.c -@@ -11,9 +11,12 @@ - ** - ** Authors - ** HF Henrik Frystyk -+** SV Sam Varshavchik - ** - ** History: - ** Nov 95 Written from scratch -+** SV Jun 05 Rewrote HTBoundary_put_block. Fixed many bugs+segfaults. -+** SV Jul 05 Fix double-counting of processed bytes. - ** - */ - -@@ -23,104 +26,395 @@ - #include "WWWCore.h" - #include "HTMerge.h" - #include "HTReqMan.h" -+#include "HTNetMan.h" -+#include "HTChannl.h" - #include "HTBound.h" /* Implemented here */ - --#define PUTBLOCK(b, l) (*me->target->isa->put_block)(me->target, b, l) -+#define PUTBLOCK(b, l) (me->target ? (*me->target->isa->put_block)(me->target, b, l):HT_OK) -+ - #define PUTDEBUG(b, l) (*me->debug->isa->put_block)(me->debug, b, l) - #define FREE_TARGET (*me->target->isa->_free)(me->target) - - struct _HTStream { - const HTStreamClass * isa; -+ HTNet * net; - HTStream * target; - HTStream * orig_target; - HTFormat format; - HTStream * debug; /* For preamble and epilog */ - HTRequest * request; -- BOOL body; /* Body or preamble|epilog */ -- HTEOLState state; -- int dash; /* Number of dashes */ - char * boundary; -- char * bpos; -+ -+ BOOL keptcrlf; -+ int (*state)(HTStream *, const char *, int); -+ -+ char *boundary_ptr; -+ - }; - -+PRIVATE int HTBoundary_flush (HTStream * me); -+ - /* ------------------------------------------------------------------------- */ - -+PRIVATE int start_of_line (HTStream * me, const char * b, int l); -+PRIVATE int seen_dash (HTStream * me, const char * b, int l); -+PRIVATE int seen_doubledash (HTStream * me, const char * b, int l); -+PRIVATE int seen_delimiter_nonterminal(HTStream * me, const char * b, int l); -+PRIVATE int seen_delimiter_nonterminal_CR(HTStream * me, const char * b, int l); -+PRIVATE int seen_delimiter_dash(HTStream * me, const char * b, int l); -+PRIVATE int seen_delimiter_terminal(HTStream * me, const char * b, int l); -+PRIVATE int seen_delimiter_terminal_CR(HTStream * me, const char * b, int l); -+PRIVATE int not_delimiter(HTStream * me, const char * b, int l, int extra); -+PRIVATE int seen_nothing(HTStream * me, const char * b, int l); -+PRIVATE int seen_cr(HTStream * me, const char * b, int l); -+PRIVATE void process_boundary(HTStream *me, int isterminal); -+ -+#define UNUSED(l) (l=l) /* Shut up about unused variables */ -+ - PRIVATE int HTBoundary_put_block (HTStream * me, const char * b, int l) - { -- const char *start = b; -- const char *end = b; -- while (l-- > 0) { -- if (me->state == EOL_FCR) { -- me->state = (*b == LF) ? EOL_FLF : EOL_BEGIN; -- } else if (me->state == EOL_FLF) { -- if (me->dash == 2) { -- while (l>0 && *me->bpos && *me->bpos==*b) l--, me->bpos++, b++; -- if (!*me->bpos) { -- HTTRACE(STREAM_TRACE, "Boundary.... `%s\' found\n" _ me->boundary); -- me->bpos = me->boundary; -- me->body = YES; -- me->state = EOL_DOT; -- } else if (l>0) { -- me->dash = 0; -- me->bpos = me->boundary; -- me->state = EOL_BEGIN; -- } -- } -- if (*b == '-') { -- me->dash++; -- } else if (*b != CR && *b != LF) { -- me->dash = 0; -- me->state = EOL_BEGIN; -- } -- } else if (me->state == EOL_SLF) { /* Look for closing '--' */ -- if (me->dash == 4) { -- if (end > start) { -- int status = PUTBLOCK(start, end-start); -- if (status != HT_OK) return status; -+ /* -+ ** The HTBoundary object gets attached downstream of HTMime. -+ ** The HTBoundary object creates another HTMime object downstream of -+ ** the HTBoundary object. -+ ** -+ ** When we push data downstream to the second HTBoundary object, it -+ ** updates the bytes read count in the HTNet object. -+ ** -+ ** When we return to the parent HTMime object, itupdates the -+ ** bytes read count in the HTNet object again. Oops. -+ ** -+ ** Same thing happens with the consumed byte count. We can prevent -+ ** the consumed byte counts from being updated by temporary setting -+ ** the input channel stream pointer to NULL, but for the byte counts -+ ** we have to save them and restore them before existing. -+ ** -+ ** This bug was discovered by chance when a multipart/partial response -+ ** was partially received, and as a result of double-counting the -+ ** real response got cut off (because HTMime thought that more bytes -+ ** were processed than actually were, thus it processed only the -+ ** partial count of the remaining bytes in the response). When the -+ ** multipart/partial response was received all at once this bug did -+ ** not get triggered. -+ */ -+ -+ HTHost *host=HTNet_host(me->net); -+ HTChannel *c=HTHost_channel(host); -+ HTInputStream *i=HTChannel_input(c); -+ -+ long saveBytesRead=HTNet_bytesRead(me->net); -+ long saveHeaderBytesRead=HTNet_headerBytesRead(me->net); -+ -+ if (i) -+ HTChannel_setInput(c, NULL); -+ -+ HTTRACE(STREAM_TRACE, "Boundary: processing %d bytes\n" _ l); -+ /* Main loop consumes all input */ -+ -+ while (l) -+ { -+ int n= (*me->state)(me, b, l); -+ -+ if (n == 0) -+ return HT_ERROR; -+ b += n; -+ l -= n; -+ } -+ -+ if (i) -+ HTChannel_setInput(c, i); -+ HTNet_setBytesRead(me->net, saveBytesRead); -+ HTNet_setHeaderBytesRead(me->net, saveHeaderBytesRead); -+ -+ return HT_OK; -+} -+ -+/* -+** Start of line, keptcrlf=YES if we've kept the preceding CRLF from downstream -+** and we'll pass it along if we decide that this is not a boundary delimiter. -+*/ -+ -+PRIVATE int start_of_line (HTStream * me, const char * b, int l) -+{ -+ if (*b != '-') -+ return not_delimiter(me, b, l, 0); -+ -+ HTTRACE(STREAM_TRACE, "Boundary: start of line: input '-'\n"); -+ -+ me->state= seen_dash; -+ -+ return 1; -+} -+ -+/* -+** Line: - -+*/ -+ -+PRIVATE int seen_dash (HTStream * me, const char * b, int l) -+{ -+ if (*b != '-') -+ return not_delimiter(me, b, l, 1); -+ -+ HTTRACE(STREAM_TRACE, "Boundary: start of line: input '--'\n"); -+ -+ me->state= seen_doubledash; -+ me->boundary_ptr=me->boundary; -+ return 1; -+} -+ -+/* -+** Line: -- -+*/ -+ -+PRIVATE int seen_doubledash (HTStream * me, const char * b, int l) -+{ -+ me->state=seen_doubledash; -+ -+ if (*me->boundary_ptr) -+ { -+ if (*b != *me->boundary_ptr) -+ { -+ return not_delimiter(me, b, l, -+ me->boundary_ptr - me->boundary -+ + 2); - } -- HTTRACE(STREAM_TRACE, "Boundary.... Ending\n"); -- start = b; -- me->dash = 0; -- me->state = EOL_BEGIN; -- } -- if (*b == '-') { -- me->dash++; -- } else if (*b != CR && *b != LF) { -- me->dash = 0; -- me->state = EOL_BEGIN; -+ ++me->boundary_ptr; -+ return 1; - } -- me->body = NO; -- } else if (me->state == EOL_DOT) { -- int status; -- if (me->body) { -- if (me->target) FREE_TARGET; -+ -+ /* -+ ** Line: --delimiter -+ */ -+ -+ if (*b == '-') -+ { -+ HTTRACE(STREAM_TRACE, -+ "Boundary: start of line: input '--%s-'\n" -+ _ me->boundary); -+ -+ me->state=seen_delimiter_dash; -+ return 1; -+ } -+ -+ HTTRACE(STREAM_TRACE, -+ "Boundary: Found: '--%s'\n" _ me->boundary); -+ -+ return seen_delimiter_nonterminal(me, b, l); -+} -+ -+/* -+** Line: --delimiter -+** -+** Waiting for CRLF. -+*/ -+ -+ -+PRIVATE int seen_delimiter_nonterminal(HTStream * me, const char * b, int l) -+{ -+ UNUSED(l); -+ -+ me->state=seen_delimiter_nonterminal; -+ if (*b == CR) -+ me->state=seen_delimiter_nonterminal_CR; -+ -+ return 1; -+} -+ -+/* -+** Line: --delimiter -+*/ -+ -+PRIVATE int seen_delimiter_nonterminal_CR(HTStream * me, const char * b, int l) -+{ -+ HTTRACE(STREAM_TRACE, -+ "Boundary: Found: '--%s'\n" _ me->boundary); -+ -+ if (*b != LF) -+ return seen_delimiter_nonterminal(me, b, l); -+ -+ HTTRACE(STREAM_TRACE, -+ "Boundary: Found: '--%s'\n" _ me->boundary); -+ -+ process_boundary(me, NO); -+ return 1; -+} -+ -+/* -+** Line: --delimiter- -+*/ -+ -+PRIVATE int seen_delimiter_dash(HTStream * me, const char * b, int l) -+{ -+ if (*b != '-') -+ return seen_delimiter_nonterminal(me, b, l); -+ -+ HTTRACE(STREAM_TRACE, -+ "Boundary: start of line: input '--%s--'\n" -+ _ me->boundary); -+ -+ me->state=seen_delimiter_terminal; -+ return 1; -+} -+ -+/* -+** Line: --delimiter-- -+*/ -+ -+PRIVATE int seen_delimiter_terminal(HTStream * me, const char * b, int l) -+{ -+ UNUSED(l); -+ -+ me->state=seen_delimiter_terminal; -+ -+ if (*b == CR) -+ me->state=seen_delimiter_terminal_CR; -+ return 1; -+} -+/* -+** Line: --delimiter-- -+*/ -+ -+PRIVATE int seen_delimiter_terminal_CR(HTStream * me, const char * b, int l) -+{ -+ HTTRACE(STREAM_TRACE, -+ "Boundary: Found '--%s--'\n" -+ _ me->boundary); -+ -+ if (*b != LF) -+ return seen_delimiter_terminal(me, b, l); -+ HTTRACE(STREAM_TRACE, -+ "Boundary: Found '--%s--'\n" -+ _ me->boundary); -+ -+ process_boundary(me, YES); -+ return 1; -+} -+ -+/* -+** Beginning of the line does not contain a delimiter. -+** -+** -+** extra: Count of characters in a partially matched delimiter. Since it's -+** not a delimiter this is content that needs to go downstream. -+*/ -+ -+PRIVATE int not_delimiter(HTStream * me, const char * b, int l, int extra) -+{ -+ HTTRACE(STREAM_TRACE, "Boundary: not a delimiter line\n"); -+ -+ if (me->keptcrlf) -+ { -+ HTTRACE(STREAM_TRACE, "Boundary: Sending previous line's \n"); -+ /* -+ ** Did not process CRLF from previous line, because prev CRLF -+ ** is considered a part of the delimiter. See MIME RFC. -+ */ -+ -+ me->keptcrlf=NO; -+ if (PUTBLOCK("\r\n", 2) != HT_OK) -+ return 0; -+ } -+ -+ /* -+ ** Potentially matched some of: --DELIMITER -+ */ -+ -+ if (extra) -+ { -+ HTTRACE(STREAM_TRACE, "Boundary: Sending partially-matched %d characters\n" _ extra); -+ -+ if (PUTBLOCK("--", extra > 2 ? 2:extra) != HT_OK) -+ return 0; -+ -+ if (extra > 2) -+ if (PUTBLOCK(me->boundary, extra-2) != HT_OK) -+ return 0; -+ } -+ return seen_nothing(me, b, l); -+} -+ -+/* -+** We're not looking for a delimiter. Look for the next line of input -+** in the data that could potentially be a delimiter. -+*/ -+ -+PRIVATE int seen_nothing(HTStream * me, const char * b, int l) -+{ -+ int i; -+ -+ me->state=seen_nothing; -+ -+ for (i=0; i 4 && -+ strncmp(b+i, "\r\n--", 4)) -+ continue; -+ break; -+ } -+ -+ if (i == 0) -+ { -+ /* Could only be a CR here. */ -+ -+ me->state=seen_cr; -+ return 1; -+ } -+ -+ HTTRACE(STREAM_TRACE, "Boundary: Processed %d (out of %d) bytes\n" -+ _ i _ l); -+ -+ if (PUTBLOCK(b, i) != HT_OK) -+ return 0; -+ -+ return i; -+} -+ -+/* -+** State: seen a CR -+*/ -+ -+PRIVATE int seen_cr(HTStream * me, const char * b, int l) -+{ -+ HTTRACE(STREAM_TRACE, "Boundary: Processed \n"); -+ -+ if (*b != LF) -+ { -+ HTTRACE(STREAM_TRACE, "Boundary: ... didn't follow\n"); -+ if (PUTBLOCK("\r", 1) != HT_OK) -+ return 0; -+ return seen_nothing(me, b, l); -+ } -+ -+ HTTRACE(STREAM_TRACE, "Boundary: Processed \n"); -+ me->state=start_of_line; -+ me->keptcrlf=YES; -+ return 1; -+} -+ -+PRIVATE void process_boundary(HTStream *me, int isterminal) -+{ -+ HTBoundary_flush(me); -+ if (me->target) FREE_TARGET; -+ me->target=NULL; -+ me->state=start_of_line; -+ me->keptcrlf=NO; -+ -+ if (!isterminal) - me->target = HTStreamStack(WWW_MIME,me->format, - HTMerge(me->orig_target, 2), - me->request, YES); -- if (end > start) { -- if ((status = PUTBLOCK(start, end-start)) != HT_OK) -- return status; -- } -- } else { -- if (me->debug) -- if ((status = PUTDEBUG(start, end-start)) != HT_OK) -- return status; -- } -- start = b; -- if (*b == '-') me->dash++; -- me->state = EOL_SLF; -- } else if (*b == CR) { -- me->state = EOL_FCR; -- end = b; -- } else if (*b == LF) { -- if (me->state != EOL_FCR) end = b; -- me->state = EOL_FLF; -- } -- b++; -- } -- return (startbody) ? PUTBLOCK(start, b-start) : HT_OK; - } - -+ - PRIVATE int HTBoundary_put_string (HTStream * me, const char * s) - { - return HTBoundary_put_block(me, s, (int) strlen(s)); -@@ -133,6 +427,8 @@ PRIVATE int HTBoundary_put_character (HT - - PRIVATE int HTBoundary_flush (HTStream * me) - { -+ if (me->target == NULL) -+ return HT_OK; - return (*me->target->isa->flush)(me->target); - } - -@@ -182,18 +478,26 @@ PUBLIC HTStream * HTBoundary (HTReques - HTResponse_formatParam(response) : - HTAnchor_formatParam(anchor); - char * boundary = HTAssocList_findObject(type_param, "boundary"); -+ -+ UNUSED(param); -+ UNUSED(input_format); -+ - if (boundary) { - HTStream * me; - if ((me = (HTStream *) HT_CALLOC(1, sizeof(HTStream))) == NULL) - HT_OUTOFMEM("HTBoundary"); - me->isa = &HTBoundaryClass; -+ me->net = HTRequest_net(request); - me->request = request; - me->format = output_format; - me->orig_target = output_stream; - me->debug = HTRequest_debugStream(request); -- me->state = EOL_FLF; -+ -+ me->state = start_of_line; -+ me->keptcrlf=NO; -+ - StrAllocCopy(me->boundary, boundary); /* Local copy */ -- me->bpos = me->boundary; -+ - HTTRACE(STREAM_TRACE, "Boundary.... Stream created with boundary '%s\'\n" _ me->boundary); - return me; - } else { diff --git a/www/libwww/files/patch-Library_src_SSL_HTSSL.c b/www/libwww/files/patch-Library_src_SSL_HTSSL.c index 9ccd893525e8..4c586d1ae724 100644 --- a/www/libwww/files/patch-Library_src_SSL_HTSSL.c +++ b/www/libwww/files/patch-Library_src_SSL_HTSSL.c @@ -1,6 +1,6 @@ ---- Library/src/SSL/HTSSL.c.orig 2000-08-03 16:17:20 UTC +--- Library/src/SSL/HTSSL.c.orig 2018-07-04 23:30:19 UTC +++ Library/src/SSL/HTSSL.c -@@ -187,12 +187,16 @@ PUBLIC BOOL HTSSL_init (void) +@@ -214,12 +214,16 @@ PUBLIC BOOL HTSSL_init (void) /* select the protocol method */ switch (ssl_prot_method) { diff --git a/www/libwww/files/patch-configure b/www/libwww/files/patch-configure index 4c7cef922d95..f7d3daa1b12c 100644 --- a/www/libwww/files/patch-configure +++ b/www/libwww/files/patch-configure @@ -1,6 +1,6 @@ ---- configure.orig 2002-06-12 09:31:31 UTC +--- configure.orig 2018-07-04 23:24:12 UTC +++ configure -@@ -7612,8 +7612,11 @@ if test "${with_ssl+set}" = set; then +@@ -16416,8 +16416,11 @@ $as_echo "no" >&6; } if test "x$withval" = "xyes"; then withval=$ssllib SSLINC=$sslinc @@ -10,6 +10,6 @@ + LIBS="$LIBS -L$withval/lib -lssl -lcrypto" fi - LIBS="$LIBS $withval" - cat > conftest.$ac_ext <conftest.$ac_ext + /* end confdefs.h. */ + diff --git a/www/libwww/files/patch-libwww-config.in b/www/libwww/files/patch-libwww-config.in deleted file mode 100644 index 5ab0aa41d5bf..000000000000 --- a/www/libwww/files/patch-libwww-config.in +++ /dev/null @@ -1,11 +0,0 @@ ---- libwww-config.in.orig 1999-06-23 18:05:01 UTC -+++ libwww-config.in -@@ -48,7 +48,7 @@ while test $# -gt 0; do - echo -I@includedir@ -I@includedir@/@PACKAGE@ @DEFS@ - ;; - --libs) -- echo -L@libdir@ @LWWWXML@ @LWWWZIP@ @LWWWWAIS@ @LWWWSQL@ -lwwwinit -lwwwapp -lwwwhtml -lwwwtelnet -lwwwnews -lwwwhttp -lwwwmime -lwwwgopher -lwwwftp -lwwwfile -lwwwdir -lwwwcache -lwwwstream -lwwwmux -lwwwtrans -lwwwcore -lwwwutils @LWWWMD5@ @LIBS@ -+ echo -L@libdir@ @LWWWXML@ @LWWWZIP@ @LWWWWAIS@ @LWWWSQL@ @LWWWSSL@ -lwwwinit -lwwwapp -lwwwhtml -lwwwtelnet -lwwwnews -lwwwhttp -lwwwmime -lwwwgopher -lwwwftp -lwwwfile -lwwwdir -lwwwcache -lwwwstream -lwwwmux -lwwwtrans -lwwwcore -lwwwutils @LWWWMD5@ @LIBS@ - ;; - *) - echo "${usage}" 1>&2 diff --git a/www/libwww/files/patch-modules_expat_xmlparse_xmlparse.c b/www/libwww/files/patch-modules_expat_xmlparse_xmlparse.c deleted file mode 100644 index 7619921c0932..000000000000 --- a/www/libwww/files/patch-modules_expat_xmlparse_xmlparse.c +++ /dev/null @@ -1,14 +0,0 @@ -# CVE-2009-3560 - ---- modules/expat/xmlparse/xmlparse.c.orig 2000-08-28 08:52:01 UTC -+++ modules/expat/xmlparse/xmlparse.c -@@ -2199,6 +2199,9 @@ doProlog(XML_Parser parser, - return XML_ERROR_UNCLOSED_TOKEN; - case XML_TOK_PARTIAL_CHAR: - return XML_ERROR_PARTIAL_CHAR; -+ case -XML_TOK_PROLOG_S: -+ tok = -tok; -+ break; - case XML_TOK_NONE: - #ifdef XML_DTD - if (enc != encoding) diff --git a/www/libwww/files/patch-modules_expat_xmltok_xmltok__impl.c b/www/libwww/files/patch-modules_expat_xmltok_xmltok__impl.c deleted file mode 100644 index 0e59c5cc57dd..000000000000 --- a/www/libwww/files/patch-modules_expat_xmltok_xmltok__impl.c +++ /dev/null @@ -1,13 +0,0 @@ -# CVE-2009-3720 - ---- modules/expat/xmltok/xmltok_impl.c.orig 2000-08-28 08:52:01 UTC -+++ modules/expat/xmltok/xmltok_impl.c -@@ -1753,7 +1753,7 @@ void PREFIX(updatePosition)(const ENCODI - const char *end, - POSITION *pos) - { -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - #define LEAD_CASE(n) \ - case BT_LEAD ## n: \ diff --git a/www/libwww/pkg-plist b/www/libwww/pkg-plist index 2103f66e73ee..46538a5c9470 100644 --- a/www/libwww/pkg-plist +++ b/www/libwww/pkg-plist @@ -160,7 +160,6 @@ include/w3c-libwww/WWWWAIS.h include/w3c-libwww/WWWXML.h include/w3c-libwww/WWWZip.h include/w3c-libwww/wwwsys.h -include/w3c-libwww/xmlparse.h include/wwwconf.h lib/libmd5.a lib/libmd5.so @@ -225,7 +224,7 @@ lib/libwwwnews.so.0.1.0 lib/libwwwssl.a lib/libwwwssl.so lib/libwwwssl.so.0 -lib/libwwwssl.so.0.1.0 +lib/libwwwssl.so.0.0.0 lib/libwwwstream.a lib/libwwwstream.so lib/libwwwstream.so.0 @@ -245,19 +244,11 @@ lib/libwwwutils.so.0.1.0 lib/libwwwxml.a lib/libwwwxml.so lib/libwwwxml.so.0 -lib/libwwwxml.so.0.1.0 +lib/libwwwxml.so.0.0.0 lib/libwwwzip.a lib/libwwwzip.so lib/libwwwzip.so.0 -lib/libwwwzip.so.0.1.0 -lib/libxmlparse.a -lib/libxmlparse.so -lib/libxmlparse.so.0 -lib/libxmlparse.so.0.1.0 -lib/libxmltok.a -lib/libxmltok.so -lib/libxmltok.so.0 -lib/libxmltok.so.0.1.0 +lib/libwwwzip.so.0.0.0 share/w3c-libwww/back.xbm share/w3c-libwww/binary.xbm share/w3c-libwww/binhex.xbm