- security bump for tftp vuln. CVE-2006-1061 - bug #125766

(Portage version: 2.1_pre5-r4)
author: Ned Ludd <solar@gentoo.org> 2006-03-20 15:18:23 +0000
committer: Ned Ludd <solar@gentoo.org> 2006-03-20 15:18:23 +0000
commit: 30aa6f5f2a0d441cc0c4fd786521916fa282ae86 (patch)
tree: 82eac94da6cfc9405da8848a300b800a4dd736a1 /net-misc/curl
parent: Stable on x86 (diff)
download: gentoo-2-30aa6f5f2a0d441cc0c4fd786521916fa282ae86.tar.gz
gentoo-2-30aa6f5f2a0d441cc0c4fd786521916fa282ae86.tar.bz2
gentoo-2-30aa6f5f2a0d441cc0c4fd786521916fa282ae86.zip
13 files changed, 53 insertions, 196 deletions
diff --git a/net-misc/curl/ChangeLog b/net-misc/curl/ChangeLog
index b97b30a0b9ab..640d85b90d0e 100644
--- a/net-misc/curl/ChangeLog
+++ b/net-misc/curl/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-misc/curl
 # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/curl/ChangeLog,v 1.67 2006/03/01 11:49:26 dragonheart Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/curl/ChangeLog,v 1.68 2006/03/20 15:18:22 solar Exp $
+
+*curl-7.15.3 (20 Mar 2006)
+*curl-7.15.1-r1 (20 Mar 2006)
+
+  20 Mar 2006; <solar@gentoo.org> +files/curl-7.15-libtftp.patch,
+  -curl-7.13.1.ebuild, -curl-7.13.2.ebuild, -curl-7.15.0.ebuild,
+  +curl-7.15.1-r1.ebuild, -curl-7.15.2.ebuild, +curl-7.15.3.ebuild:
+  - security bump for tftp vuln. CVE-2006-1061 - bug #125766
 
 *curl-7.15.2 (01 Mar 2006)
 
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 7b6dfd0546d0..3dee332e453b 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,49 +1,30 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-MD5 acf2ca29d3a679fba7f9f92837da612a ChangeLog 12764
-RMD160 7d8fe3a92df4ae2d158128f39c05e80be59d6378 ChangeLog 12764
-SHA256 0a2cd12ae456134b2b77d329185870a5921fd4b73f41d4f94a28912f535d64a8 ChangeLog 12764
-MD5 4356d56f6576bb9f8ea0cf76ece3544c curl-7.13.1.ebuild 1144
-RMD160 419fe1da5218741e66caba1b1fb443d798aeaab2 curl-7.13.1.ebuild 1144
-SHA256 4eba37b292936d0df2b435e59b83bb5cb3244068540f7bcd8737124ac50d8dc3 curl-7.13.1.ebuild 1144
-MD5 b27665f577b5129562e41d3a67287a0c curl-7.13.2.ebuild 2399
-RMD160 4982d17a34e174d84399af65e283c39c136dc8f4 curl-7.13.2.ebuild 2399
-SHA256 98d82577d51259a704af451d408931eb3355421ec08bcfcf836eb41f011c2a5a curl-7.13.2.ebuild 2399
-MD5 89d2021f8afb5ff760a8ff36d99a8c39 curl-7.15.0.ebuild 2484
-RMD160 6896778755816eed3a3891feaa1dd154aa18cc3d curl-7.15.0.ebuild 2484
-SHA256 5f4e0091c60dff53e532346bfe8435c5dbc931c8d2acfa4c0b546f1de2c3c7e3 curl-7.15.0.ebuild 2484
+MD5 8a2dc3175b1ea3bd77c14b605cadc008 ChangeLog 13083
+RMD160 3659cab27cdbf29af11abc694a2a72ed222a6a79 ChangeLog 13083
+SHA256 95927393b62d285d8f57596ad2da7ca12e909ef776efcc169144edd13fac6291 ChangeLog 13083
+MD5 9f300e88bc150fdcd1b7fcf248987848 curl-7.15.1-r1.ebuild 2340
+RMD160 12784bc78e3e9c9b77a6e7e0df4a25b3e3f36cb4 curl-7.15.1-r1.ebuild 2340
+SHA256 612310a67f3a79a145a34a0725aadbcab406c4190394352664cfb9a38dc006a8 curl-7.15.1-r1.ebuild 2340
 MD5 80aa54c72163c50a9fbfa6799ef19940 curl-7.15.1.ebuild 2233
 RMD160 4fab67185cf4c6152e83d881d95aadc2dcb23a3a curl-7.15.1.ebuild 2233
 SHA256 b7b81e392e66dca350100141825950cd0840d653d79e7c6a92ac8fbb7b55dad8 curl-7.15.1.ebuild 2233
-MD5 768b80eee0d0eafc6e76c0f860ae2e39 curl-7.15.2.ebuild 2201
-RMD160 afccb261aff3195ae3308716c8a2df7c029b8490 curl-7.15.2.ebuild 2201
-SHA256 ff99b9ed0ca6a464e9641b24424d17f6d30bd697b87b05535f01728944b4ad32 curl-7.15.2.ebuild 2201
+MD5 768b80eee0d0eafc6e76c0f860ae2e39 curl-7.15.3.ebuild 2201
+RMD160 afccb261aff3195ae3308716c8a2df7c029b8490 curl-7.15.3.ebuild 2201
+SHA256 ff99b9ed0ca6a464e9641b24424d17f6d30bd697b87b05535f01728944b4ad32 curl-7.15.3.ebuild 2201
+MD5 9359740309a1cbbeb6a7a5e065586ffd files/curl-7.15-libtftp.patch 651
+RMD160 1138e01e5c898d669a11192845c1330d99eb5bc2 files/curl-7.15-libtftp.patch 651
+SHA256 93a7f7ed54d04af4958cbc86b6c4845a667b3aaf90b455c6de8d5614a0781d79 files/curl-7.15-libtftp.patch 651
 MD5 3f45a8aa13637f8147adfe79b8cd522b files/curl-7.15.0-versionnumber.patch 550
 RMD160 72bea54e0a93d459fe51c810b4e9e4d005dbb7f1 files/curl-7.15.0-versionnumber.patch 550
 SHA256 f1eb3bafe294f7eba9882befdf7a4b16bb157b5b6d4c83be80995ec271ba0514 files/curl-7.15.0-versionnumber.patch 550
-MD5 159b437588320b2a3f726d3aa55890e5 files/digest-curl-7.13.1 65
-RMD160 143a34d5180b6fd6ec938b5d71f67fc5dab52a7c files/digest-curl-7.13.1 65
-SHA256 52b798fc11bd05ee1853bd09e54f0ac67a7cf51bdff457ea5284afcd9d34c186 files/digest-curl-7.13.1 65
-MD5 71c346cc704727e0bdaef7333521adeb files/digest-curl-7.13.2 130
-RMD160 708f3cc57c937544cb0327415556e75c74f1d3ae files/digest-curl-7.13.2 130
-SHA256 aedced092c0cb66bd3b86b94ace1dc2043cdb5110f199c4af086aec22a61489c files/digest-curl-7.13.2 130
-MD5 7bcded56c13b85b72508c00b8d3d7e73 files/digest-curl-7.15.0 65
-RMD160 1005cb7e4efffc2a5b68aae29d6b93a444a07914 files/digest-curl-7.15.0 65
-SHA256 0e3229c820e46a6624058d5cc77ae050840054e52e3a138244c205bb24c795c9 files/digest-curl-7.15.0 65
 MD5 27ebd18a112cd03c0e1e3e3bf1e13ff5 files/digest-curl-7.15.1 65
 RMD160 f3476f4843695940064cd53d9023698c3ca33d2a files/digest-curl-7.15.1 65
 SHA256 68d42f908bd6a711214873ed3d9dbde35a8d766556d1522c0c4af0aef3fd2ca8 files/digest-curl-7.15.1 65
-MD5 dc44e9bea4a708ad4a6a62442bb24895 files/digest-curl-7.15.2 241
-RMD160 950adc7b53a958c4c4740a8a6fd8f458e598f4a9 files/digest-curl-7.15.2 241
-SHA256 dfc20fa6b31f374f043005438e6bc93d8536676b4c3379528be1e6076ead0b1e files/digest-curl-7.15.2 241
+MD5 5da73178c73613470017f6ffe034605e files/digest-curl-7.15.1-r1 241
+RMD160 c18045697e94d5bbff88bdab7149ed6655666748 files/digest-curl-7.15.1-r1 241
+SHA256 0a9301fda2b9152303983b152f3e53f4c9900f6bc0fce5af99f472529c566994 files/digest-curl-7.15.1-r1 241
+MD5 868d53492ffadba614d01f9185b1d399 files/digest-curl-7.15.3 241
+RMD160 4445d656f0911de97e3e4b7935e13325542881f2 files/digest-curl-7.15.3 241
+SHA256 ab906ddff402d28446f56eac44e39a688e01aaa4a2249b570658c1065a15cd71 files/digest-curl-7.15.3 241
 MD5 8f906ffe0aa837e5e26fe03af3043461 metadata.xml 219
 RMD160 fd2bbaf1c19b4ad2d876f02846608907516e2403 metadata.xml 219
 SHA256 f39a99f0777bf9eac2d5a444a392d3b93da834a6de01613747bad25c84637138 metadata.xml 219
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.2.1-ecc0.1.6 (GNU/Linux)
-
-iD8DBQFEBYx1mdTrptrqvGERAn8gAJ9NP6GIQGrlk5SKQjgzyqBk5IqdVACeObGG
-Moug0ShBeg41IVIbcXV+VRI=
-=GkBt
------END PGP SIGNATURE-----
diff --git a/net-misc/curl/curl-7.13.1.ebuild b/net-misc/curl/curl-7.13.1.ebuild
deleted file mode 100644
index f9a5cb96b2ba..000000000000
--- a/net-misc/curl/curl-7.13.1.ebuild
+++ /dev/null
@@ -1,47 +0,0 @@
-# Copyright 1999-2005 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/curl/curl-7.13.1.ebuild,v 1.16 2005/12/13 19:53:22 dragonheart Exp $
-
-# NOTE: If you bump this ebuild, make sure you bump dev-python/pycurl!
-
-inherit eutils
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="http://curl.haxx.se/"
-SRC_URI="http://curl.haxx.se/download/${P}.tar.bz2"
-
-LICENSE="MIT X11"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ~ppc-macos ppc64 s390 sparc x86"
-IUSE="ssl ipv6 ldap"
-
-DEPEND="ssl? ( >=dev-libs/openssl-0.9.6a )
-	ldap? ( net-nds/openldap )"
-
-src_compile() {
-	econf \
-		$(use_enable ipv6) \
-		$(use_enable ldap) \
-		$(use_with ssl) \
-		--enable-http \
-		--enable-ftp \
-		--enable-gopher \
-		--enable-file \
-		--enable-dict \
-		--enable-manual \
-		--enable-telnet \
-		--enable-nonblocking \
-		--enable-largefile \
-		|| die
-	emake || die
-}
-src_test() {
-	return
-}
-
-src_install() {
-	make install DESTDIR="${D}" || die
-	dodoc CHANGES README
-	dodoc docs/FEATURES docs/INSTALL docs/INTERNALS docs/LIBCURL
-	dodoc docs/MANUAL docs/FAQ docs/BUGS docs/CONTRIBUTE
-}
diff --git a/net-misc/curl/curl-7.13.2.ebuild b/net-misc/curl/curl-7.13.2.ebuild
deleted file mode 100644
index 0b469163ec22..000000000000
--- a/net-misc/curl/curl-7.13.2.ebuild
+++ /dev/null
@@ -1,94 +0,0 @@
-# Copyright 1999-2005 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/curl/curl-7.13.2.ebuild,v 1.12 2005/12/13 19:53:22 dragonheart Exp $
-
-# NOTE: If you bump this ebuild, make sure you bump dev-python/pycurl!
-
-inherit eutils
-
-# NOTE: To prevent breakages when upgrading, we compile all the prev
-#       versions we know. We can't slot them because only the libraries
-#       have versioning, all the binaries, manpages don't have versions. 
-
-OLD_PV=7.11.2
-OLD_PV_LIB=libcurl.so.2
-
-DESCRIPTION="A Client that groks URLs"
-HOMEPAGE="http://curl.haxx.se/"
-SRC_URI="http://curl.haxx.se/download/${PN}-${OLD_PV}.tar.bz2
-http://curl.haxx.se/download/${P}.tar.bz2"
-
-LICENSE="MIT X11"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ~ppc-macos ppc64 s390 sparc x86"
-IUSE="ssl ipv6 ldap ares"
-
-DEPEND="ssl? ( >=dev-libs/openssl-0.9.6a )
-	ldap? ( net-nds/openldap )
-	x86? ( ares? ( net-dns/c-ares ) )"
-
-_curl_has_old_ver() {
-	if test -s ${ROOT}/usr/$(get_libdir)/${OLD_PV_LIB}; then
-		return 0 # /bin/true
-	else
-		return 1
-	fi
-}
-
-src_unpack() {
-	unpack ${A}
-	epunt_cxx
-}
-
-src_compile() {
-
-	myconf="$(use_enable ldap)
-		$(use_with ssl)
-		--enable-http
-		--enable-ftp
-		--enable-gopher
-		--enable-file
-		--enable-dict
-		--enable-manual
-		--enable-telnet
-		--enable-nonblocking
-		--enable-largefile"
-
-	if use ipv6 && use ares; then
-		ewarn "c-ares support disabled because it is incompatible with ipv6."
-		ewarn "To enable ares support, emerge with USE='-ipv6'."
-		myconf="${myconf} $(use_enable ipv6)"
-	else
-		if use x86; then
-			myconf="${myconf} $(use_enable ipv6) $(use_enable ares)"
-		fi
-	fi
-
-	if _curl_has_old_ver; then
-		einfo "Detected old version of curl - installing compat libs"
-		cd ${WORKDIR}/${PN}-${OLD_PV}
-		econf ${myconf}
-		emake || die "make for old version failed"
-	fi
-
-	cd ${S}
-	econf ${myconf}
-	emake || die "install failed for current version"
-}
-
-src_install() {
-	if _curl_has_old_ver; then
-		cd ${WORKDIR}/${PN}-${OLD_PV}/lib
-		make DESTDIR=${D} install-libLTLIBRARIES || die "install failed for old version"
-	fi
-
-	cd ${S}
-	make DESTDIR="${D}" install || die "installed failed for current version"
-
-	insinto /usr/share/aclocal
-	doins docs/libcurl/libcurl.m4
-
-	dodoc CHANGES README
-	dodoc docs/FEATURES docs/INSTALL docs/INTERNALS docs/LIBCURL
-	dodoc docs/MANUAL docs/FAQ docs/BUGS docs/CONTRIBUTE
-}
diff --git a/net-misc/curl/curl-7.15.0.ebuild b/net-misc/curl/curl-7.15.1-r1.ebuild
index dad247a3290f..57bf36b446da 100644
--- a/net-misc/curl/curl-7.15.0.ebuild
+++ b/net-misc/curl/curl-7.15.1-r1.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2005 Gentoo Foundation
+# Copyright 1999-2006 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/curl/curl-7.15.0.ebuild,v 1.18 2005/11/20 00:45:15 dragonheart Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/curl/curl-7.15.1-r1.ebuild,v 1.1 2006/03/20 15:18:23 solar Exp $
 
 # NOTE: If you bump this ebuild, make sure you bump dev-python/pycurl!
 
@@ -12,9 +12,7 @@ SRC_URI="http://curl.haxx.se/download/${P}.tar.bz2"
 
 LICENSE="MIT X11"
 SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ~ppc-macos ppc64 s390 sparc x86"
-# Original keywords (net-dns/c-ares needs to be keyworded!)
-#KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ppc ~ppc-macos ~ppc64 ~s390 sparc x86"
+KEYWORDS="alpha amd64 ~arm hppa ~ia64 ~mips ppc ~ppc-macos ppc64 ~s390 ~sh sparc x86"
 IUSE="ssl ipv6 ldap ares gnutls idn kerberos krb4 test"
 
 RDEPEND="gnutls? ( net-libs/gnutls )
@@ -34,8 +32,8 @@ DEPEND="${RDEPEND}
 
 src_unpack() {
 	unpack ${A}
-	epatch ${FILESDIR}/${P}-versionnumber.patch
-	epunt_cxx
+	cd ${S}
+	epatch "${FILESDIR}"/curl-7.15-libtftp.patch
 }
 
 src_compile() {
@@ -86,8 +84,8 @@ src_install() {
 	insinto /usr/share/aclocal
 	doins docs/libcurl/libcurl.m4
 
-	insinto /usr/lib/pkgconfig
-	doins libcurl.pc
+	#insinto /usr/lib/pkgconfig
+	#doins libcurl.pc
 
 	dodoc CHANGES README
 	dodoc docs/FEATURES docs/INTERNALS docs/LIBCURL
diff --git a/net-misc/curl/curl-7.15.2.ebuild b/net-misc/curl/curl-7.15.3.ebuild
index 70ea2f25e174..06d06af408dd 100644
--- a/net-misc/curl/curl-7.15.2.ebuild
+++ b/net-misc/curl/curl-7.15.3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2006 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/curl/curl-7.15.2.ebuild,v 1.1 2006/03/01 11:49:26 dragonheart Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/curl/curl-7.15.3.ebuild,v 1.1 2006/03/20 15:18:23 solar Exp $
 
 # NOTE: If you bump this ebuild, make sure you bump dev-python/pycurl!
 
diff --git a/net-misc/curl/files/curl-7.15-libtftp.patch b/net-misc/curl/files/curl-7.15-libtftp.patch
new file mode 100644
index 000000000000..c92c66417f2e
--- /dev/null
+++ b/net-misc/curl/files/curl-7.15-libtftp.patch
@@ -0,0 +1,12 @@
+diff -Nrup curl-7.15.1/lib/tftp.c curl-7.15.1/lib/tftp.c
+--- curl-7.15.1/lib/tftp.c	2005-12-05 15:10:37.000000000 -0500
++++ curl-7.15.1/lib/tftp.c	2006-03-18 20:16:02.000000000 -0500
+@@ -271,7 +271,7 @@ static void tftp_send_first(tftp_state_d
+       /* If we are downloading, send an RRQ */
+       state->spacket.event = htons(TFTP_EVENT_RRQ);
+     }
+-    sprintf((char *)state->spacket.u.request.data, "%s%c%s%c",
++    snprintf((char *)state->spacket.u.request.data, 512, "%s%c%s%c",
+             filename, '\0',  mode, '\0');
+     sbytes = 4 + (int)strlen(filename) + (int)strlen(mode);
+     sbytes = sendto(state->sockfd, (void *)&state->spacket,
diff --git a/net-misc/curl/files/digest-curl-7.13.1 b/net-misc/curl/files/digest-curl-7.13.1
deleted file mode 100644
index 1ac48c652545..000000000000
--- a/net-misc/curl/files/digest-curl-7.13.1
+++ /dev/null
@@ -1 +0,0 @@
-MD5 d673f68dbab2553acdbfb5435bd1cd48 curl-7.13.1.tar.bz2 1860688
diff --git a/net-misc/curl/files/digest-curl-7.13.2 b/net-misc/curl/files/digest-curl-7.13.2
deleted file mode 100644
index 833fa116dd4b..000000000000
--- a/net-misc/curl/files/digest-curl-7.13.2
+++ /dev/null
@@ -1,2 +0,0 @@
-MD5 542fbdafd2fb051477fa544770b566de curl-7.11.2.tar.bz2 1141204
-MD5 5916bb359223800afa234a1cf5145b78 curl-7.13.2.tar.bz2 1891406
diff --git a/net-misc/curl/files/digest-curl-7.15.0 b/net-misc/curl/files/digest-curl-7.15.0
deleted file mode 100644
index 711cdc3ee81c..000000000000
--- a/net-misc/curl/files/digest-curl-7.15.0
+++ /dev/null
@@ -1 +0,0 @@
-MD5 e3b130320d3704af375c097606f49c01 curl-7.15.0.tar.bz2 1426714
diff --git a/net-misc/curl/files/digest-curl-7.15.1-r1 b/net-misc/curl/files/digest-curl-7.15.1-r1
new file mode 100644
index 000000000000..b801ba19eb94
--- /dev/null
+++ b/net-misc/curl/files/digest-curl-7.15.1-r1
@@ -0,0 +1,3 @@
+MD5 d330d48580bfade58c82d4f295f171f0 curl-7.15.1.tar.bz2 1437950
+RMD160 c733937754b579d45de8c26cf4dfa6c5cec82fae curl-7.15.1.tar.bz2 1437950
+SHA256 8b1ea75a91ef7d1e00086865eba9a4cf8baefcb212ce451a61348e00b8756324 curl-7.15.1.tar.bz2 1437950
diff --git a/net-misc/curl/files/digest-curl-7.15.2 b/net-misc/curl/files/digest-curl-7.15.2
deleted file mode 100644
index ad92fd333c73..000000000000
--- a/net-misc/curl/files/digest-curl-7.15.2
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 6c08e7891fe0db49af65fd10abfd69b1 curl-7.15.2.tar.bz2 1460095
-RMD160 4a9dfadc9cc7ee61c0a025a5e3bd8d83db5628bc curl-7.15.2.tar.bz2 1460095
-SHA256 5e856952b1e5ba802206e038b85da1791001c321a1a022a563639fa116222b2b curl-7.15.2.tar.bz2 1460095
diff --git a/net-misc/curl/files/digest-curl-7.15.3 b/net-misc/curl/files/digest-curl-7.15.3
new file mode 100644
index 000000000000..027befc70ff9
--- /dev/null
+++ b/net-misc/curl/files/digest-curl-7.15.3
@@ -0,0 +1,3 @@
+MD5 d71b2ee8febfde2c7dc30a43638ec0d9 curl-7.15.3.tar.bz2 1467043
+RMD160 35172fe66d5e6cc1df05e6160ffdf086448730f3 curl-7.15.3.tar.bz2 1467043
+SHA256 77771db616dee02f21b94c409ed423a72fa7f2b2d65c27395137b0f920388440 curl-7.15.3.tar.bz2 1467043
author	Ned Ludd <solar@gentoo.org>	2006-03-20 15:18:23 +0000
committer	Ned Ludd <solar@gentoo.org>	2006-03-20 15:18:23 +0000
commit	30aa6f5f2a0d441cc0c4fd786521916fa282ae86 (patch)
tree	82eac94da6cfc9405da8848a300b800a4dd736a1 /net-misc/curl
parent	Stable on x86 (diff)
download	gentoo-2-30aa6f5f2a0d441cc0c4fd786521916fa282ae86.tar.gz gentoo-2-30aa6f5f2a0d441cc0c4fd786521916fa282ae86.tar.bz2 gentoo-2-30aa6f5f2a0d441cc0c4fd786521916fa282ae86.zip