SECURITY:

Update to 7.15.0. libcurl's NTLM function could overflow a stack-based buffer if given a too long user name or domain name. CAN-2005-3185.
2005-10-16 15:31:39 +00:00 · 2005-10-16 15:31:39 +00:00 · e7cffc11f6
commit e7cffc11f6
parent 68074f4cd2
5 changed files with 26 additions and 55 deletions
--- a/net/curl/Makefile
+++ b/net/curl/Makefile
@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.47 2005/05/26 23:13:28 naddy Exp $
+# $OpenBSD: Makefile,v 1.48 2005/10/16 15:31:39 naddy Exp $

 COMMENT=	"get files from FTP, Gopher, HTTP or HTTPS servers"

-DISTNAME=	curl-7.14.0
+DISTNAME=	curl-7.15.0
 CATEGORIES=	net
 MASTER_SITES=	http://curl.haxx.se/download/ \
 		ftp://ftp.sunet.se/pub/www/utilities/curl/ \
@ -22,11 +22,14 @@ PERMIT_PACKAGE_CDROM=	Yes
 PERMIT_PACKAGE_FTP=	Yes
 PERMIT_DISTFILES_CDROM=	Yes
 PERMIT_DISTFILES_FTP=	Yes
-WANTLIB=		c crypto ssl z 

-SEPARATE_BUILD=	simple
+WANTLIB=	c crypto ssl z 
+
+USE_LIBTOOL=	Yes
 CONFIGURE_STYLE=gnu
-CONFIGURE_ARGS=	${CONFIGURE_SHARED} --with-random="/dev/arandom"
+CONFIGURE_ARGS=	${CONFIGURE_SHARED} \
+		--with-random="/dev/arandom" \
+		--without-libidn

 post-install:
 	${INSTALL_DATA_DIR} ${PREFIX}/share/emacs/site-lisp
--- a/net/curl/distinfo
+++ b/net/curl/distinfo
@ -1,4 +1,4 @@
-MD5 (curl-7.14.0.tar.gz) = 3466045eab2170a393807a9eace17c55
-RMD160 (curl-7.14.0.tar.gz) = b2cbd3715cb6ccf468a640150d15ab1958b0c498
-SHA1 (curl-7.14.0.tar.gz) = 7a39f46d394ca3f4d33e0c02a0fb87271bbb6d8d
-SIZE (curl-7.14.0.tar.gz) = 2236640
+MD5 (curl-7.15.0.tar.gz) = 02bd72f1458c0cc802b33808fd0afe75
+RMD160 (curl-7.15.0.tar.gz) = af23786f36e6c9fa3c975d1b5b9d03ccf474f89e
+SHA1 (curl-7.15.0.tar.gz) = 0acde6e0ff3603cb9c04706c99123bd5ac6114e6
+SIZE (curl-7.15.0.tar.gz) = 1751006
--- a/net/curl/patches/patch-lib_Makefile_in
+++ b/net/curl/patches/patch-lib_Makefile_in
@ -0,0 +1,12 @@
+$OpenBSD: patch-lib_Makefile_in,v 1.1 2005/10/16 15:31:39 naddy Exp $
+--- lib/Makefile.in.orig	Sun Oct 16 16:15:38 2005
+++ lib/Makefile.in	Sun Oct 16 16:15:53 2005
+@@ -188,7 +188,7 @@ USE_MANUAL_FALSE = @USE_MANUAL_FALSE@
+ USE_MANUAL_TRUE = @USE_MANUAL_TRUE@
+ USE_SSLEAY = @USE_SSLEAY@
+ USE_WINDOWS_SSPI = @USE_WINDOWS_SSPI@
+-VERSION = -version-info 3:0:0
+VERSION = -version-info 3:1:0
+ VERSIONNUM = @VERSIONNUM@
+ ac_ct_AR = @ac_ct_AR@
+ ac_ct_AS = @ac_ct_AS@
--- a/net/curl/patches/patch-ltmain_sh
+++ b/net/curl/patches/patch-ltmain_sh
@ -1,44 +0,0 @@
-$OpenBSD: patch-ltmain_sh,v 1.3 2004/05/18 23:30:45 brad Exp $
--- ltmain.sh.orig	2004-04-26 02:06:09.000000000 -0400
-+++ ltmain.sh	2004-05-18 16:11:07.000000000 -0400
-@@ -5824,40 +5824,6 @@ relink_command=\"$relink_command\""
-     # Exit here if they wanted silent mode.
-     test "$show" = : && exit $EXIT_SUCCESS
- 
-    $echo "----------------------------------------------------------------------"
-    $echo "Libraries have been installed in:"
-    for libdir in $libdirs; do
-      $echo "   $libdir"
-    done
-    $echo
-    $echo "If you ever happen to want to link against installed libraries"
-    $echo "in a given directory, LIBDIR, you must either use libtool, and"
-    $echo "specify the full pathname of the library, or use the \`-LLIBDIR'"
-    $echo "flag during linking and do at least one of the following:"
-    if test -n "$shlibpath_var"; then
-      $echo "   - add LIBDIR to the \`$shlibpath_var' environment variable"
-      $echo "     during execution"
-    fi
-    if test -n "$runpath_var"; then
-      $echo "   - add LIBDIR to the \`$runpath_var' environment variable"
-      $echo "     during linking"
-    fi
-    if test -n "$hardcode_libdir_flag_spec"; then
-      libdir=LIBDIR
-      eval flag=\"$hardcode_libdir_flag_spec\"
-
-      $echo "   - use the \`$flag' linker flag"
-    fi
-    if test -n "$admincmds"; then
-      $echo "   - have your system administrator run these commands:$admincmds"
-    fi
-    if test -f /etc/ld.so.conf; then
-      $echo "   - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
-    fi
-    $echo
-    $echo "See any operating system documentation about shared libraries for"
-    $echo "more information, such as the ld(1) and ld.so(8) manual pages."
-    $echo "----------------------------------------------------------------------"
-     exit $EXIT_SUCCESS
-     ;;
- 
--- a/net/curl/pkg/PFRAG.shared
+++ b/net/curl/pkg/PFRAG.shared
@ -1,2 +1,2 @@
-@comment $OpenBSD: PFRAG.shared,v 1.7 2005/05/26 23:13:28 naddy Exp $
-@lib lib/libcurl.so.3.0
+@comment $OpenBSD: PFRAG.shared,v 1.8 2005/10/16 15:31:39 naddy Exp $
+@lib lib/libcurl.so.3.1