rpms/curl/FC-5 curl-7.15.1-cve-2006-1061.patch, NONE, 1.1 curl-7.15.1-multilib.patch, NONE, 1.1 curl.spec, 1.34, 1.35

Tue Mar 21 09:49:35 UTC 2006

Author: varekova

Update of /cvs/dist/rpms/curl/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv30631

Modified Files:
	curl.spec 
Added Files:
	curl-7.15.1-cve-2006-1061.patch curl-7.15.1-multilib.patch 
Log Message:

- fix multilib problem using pkg-config
- fix cve-2006-1061 problem - cURL tftp buffer overflow
 ----------------------------------------------------------------------


curl-7.15.1-cve-2006-1061.patch:
 tftp.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletion(-)

--- NEW FILE curl-7.15.1-cve-2006-1061.patch ---
--- curl-7.15.1/lib/tftp.c.cve-200-1061	2005-12-05 21:10:37.000000000 +0100
+++ curl-7.15.1/lib/tftp.c	2006-03-20 13:44:18.020981952 +0100
@@ -271,7 +271,9 @@
       /* If we are downloading, send an RRQ */
       state->spacket.event = htons(TFTP_EVENT_RRQ);
     }
-    sprintf((char *)state->spacket.u.request.data, "%s%c%s%c",
+    snprintf((char *)state->spacket.u.request.data, 
+            sizeof(state->spacket.u.request.data),
+            "%s%c%s%c",
             filename, '\0',  mode, '\0');
     sbytes = 4 + (int)strlen(filename) + (int)strlen(mode);
     sbytes = sendto(state->sockfd, (void *)&state->spacket,

curl-7.15.1-multilib.patch:
 curl-config.in |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

--- NEW FILE curl-7.15.1-multilib.patch ---
--- curl-7.15.1/curl-config.in.pom	2005-09-04 20:15:24.000000000 +0200
+++ curl-7.15.1/curl-config.in	2006-03-20 14:12:04.485640816 +0100
@@ -50,7 +50,7 @@
 	;;
 
     --cc)
-	echo "@CC@"
+	echo "gcc"
 	;;
 
     --prefix)
@@ -143,7 +143,7 @@
        	;;
 
     --libs)
-       	echo -L at libdir@ -lcurl @LDFLAGS@ @LIBS@
+        pkg-config libcurl --libs
        	;;
 
     *)


Index: curl.spec
===================================================================
RCS file: /cvs/dist/rpms/curl/FC-5/curl.spec,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- curl.spec	23 Feb 2006 11:58:07 -0000	1.34
+++ curl.spec	21 Mar 2006 09:49:33 -0000	1.35
@@ -1,12 +1,14 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others).
 Name: curl 
 Version: 7.15.1
-Release: 2
+Release: 3
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
 Patch0: curl-7.14.1-nousr.patch
 Patch1: curl-7.15.0-curl_config-version.patch
+Patch2: curl-7.15.1-cve-2006-1061.patch
+Patch3: curl-7.15.1-multilib.patch
 URL: http://curl.haxx.se/
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: openssl-devel, libtool, pkgconfig, libidn-devel
@@ -36,6 +38,8 @@
 %setup -q 
 %patch0 -p1 -b .nousr
 %patch1 -p1 -b .ver
+%patch2 -p1 -b .cve-2006-1061
+%patch3 -p1 -b .pom
 
 %build
 aclocal
@@ -56,19 +60,6 @@
 %makeinstall
 rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 
-curlcsuffix=`echo %{_libdir} | sed s,/usr/,,`
-mv  $RPM_BUILD_ROOT%{_bindir}/curl-config $RPM_BUILD_ROOT%{_bindir}/curl-config-$curlcsuffix
-cat > $RPM_BUILD_ROOT%{_bindir}/curl-config  <<EOF
-#!/bin/sh
-if [ -e %{_bindir}/curl-config-lib64 ]; then 
-  exec %{_bindir}/curl-config-lib64 "\$@"
-elif [ -e %{_bindir}/curl-config-* ]; then 
-  curlcfile="\`ls %{_bindir}/curl-config-* | head\`"
-  exec \$curlcfile "\$@" 
-fi 
-EOF
-chmod 755 $RPM_BUILD_ROOT%{_bindir}/curl-config
-
 
 # don't need curl's copy of the certs; use openssl's
 find ${RPM_BUILD_ROOT} -name ca-bundle.crt -exec rm -f '{}' \;
@@ -105,6 +96,10 @@
 %{_mandir}/man3/*
 
 %changelog
+* Mon Mar 20 2006 Ivana Varekova <vareokva at redhat.com> - 7.15.1-3
+- fix multilib problem using pkg-config 
+- fix cve-2006-1061 problem - cURL tftp buffer overflow
+
 * Thu Feb 23 2006 Ivana Varekova <varekova at redhat.com> - 7.15.1-2
 - fix multilib problem - #181290 - 
   curl-devel.i386 not installable together with curl-devel.x86-64


