Date: Sun, 17 Jan 2016 12:55:14 +0000 (UTC) From: Raphael Kubo da Costa <rakuco@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r406314 - in head/net: libproxy libproxy-gnome libproxy-kde libproxy-perl libproxy-webkit libproxy/files Message-ID: <201601171255.u0HCtEZr094118@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rakuco Date: Sun Jan 17 12:55:14 2016 New Revision: 406314 URL: https://svnweb.freebsd.org/changeset/ports/406314 Log: Add upstream patch to fix CVE-2012-4504. Approved by: gnome (kwm) Security: 3b5c2362-bd07-11e5-b7ef-5453ed2e2b49 Security: CVE-2012-4504 Added: head/net/libproxy/files/patch-CVE-2012-4504 (contents, props changed) Modified: head/net/libproxy-gnome/Makefile head/net/libproxy-kde/Makefile head/net/libproxy-perl/Makefile head/net/libproxy-webkit/Makefile head/net/libproxy/Makefile Modified: head/net/libproxy-gnome/Makefile ============================================================================== --- head/net/libproxy-gnome/Makefile Sun Jan 17 12:53:59 2016 (r406313) +++ head/net/libproxy-gnome/Makefile Sun Jan 17 12:55:14 2016 (r406314) @@ -2,7 +2,7 @@ # $FreeBSD$ # $MCom: ports/net/libproxy-gnome/Makefile,v 1.1 2011/01/12 13:10:53 kwm Exp $ -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= net devel PKGNAMESUFFIX= -gnome Modified: head/net/libproxy-kde/Makefile ============================================================================== --- head/net/libproxy-kde/Makefile Sun Jan 17 12:53:59 2016 (r406313) +++ head/net/libproxy-kde/Makefile Sun Jan 17 12:55:14 2016 (r406314) @@ -2,7 +2,7 @@ # $FreeBSD$ # $MCom: ports/net/libproxy-kde/Makefile,v 1.1 2011/01/12 13:10:53 kwm Exp $ -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= net devel PKGNAMESUFFIX= -kde Modified: head/net/libproxy-perl/Makefile ============================================================================== --- head/net/libproxy-perl/Makefile Sun Jan 17 12:53:59 2016 (r406313) +++ head/net/libproxy-perl/Makefile Sun Jan 17 12:55:14 2016 (r406314) @@ -2,7 +2,7 @@ # $FreeBSD$ # $MCom: ports/net/libproxy-perl/Makefile,v 1.1 2011/01/12 13:10:53 kwm Exp $ -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= net lang PKGNAMESUFFIX= -perl Modified: head/net/libproxy-webkit/Makefile ============================================================================== --- head/net/libproxy-webkit/Makefile Sun Jan 17 12:53:59 2016 (r406313) +++ head/net/libproxy-webkit/Makefile Sun Jan 17 12:55:14 2016 (r406314) @@ -2,7 +2,7 @@ # $FreeBSD$ # $MCom: ports/net/libproxy-webkit/Makefile,v 1.13 2011/03/06 23:12:41 kwm Exp $ -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= net www PKGNAMESUFFIX= -webkit Modified: head/net/libproxy/Makefile ============================================================================== --- head/net/libproxy/Makefile Sun Jan 17 12:53:59 2016 (r406313) +++ head/net/libproxy/Makefile Sun Jan 17 12:55:14 2016 (r406314) @@ -4,7 +4,7 @@ PORTNAME= libproxy PORTVERSION= 0.4.6 -PORTREVISION?= 0 +PORTREVISION?= 1 CATEGORIES?= net devel MASTER_SITES= GOOGLE_CODE Added: head/net/libproxy/files/patch-CVE-2012-4504 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/libproxy/files/patch-CVE-2012-4504 Sun Jan 17 12:55:14 2016 (r406314) @@ -0,0 +1,22 @@ +commit c440553c12836664afd24a24fb3a4d10a2facd2c +Author: nicolas.dufresne@gmail.com <nicolas.dufresne@gmail.com@c587cffe-e639-0410-9787-d7902ae8ed56> +Date: Wed Oct 10 16:14:27 2012 +0000 + + Fix buffer overflow downloading large pac file + + This fixes CVE CVE-2012-4504 + +--- libproxy/url.cpp ++++ libproxy/url.cpp +@@ -474,9 +474,10 @@ char* url::get_pac() { + // Add this chunk to our content length, + // ensuring that we aren't over our max size + content_length += chunk_length; +- if (content_length >= PAC_MAX_SIZE) break; + } + ++ if (content_length >= PAC_MAX_SIZE) break; ++ + while (recvd != content_length) { + int r = recv(sock, buffer + recvd, content_length - recvd, 0); + if (r < 0) break;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601171255.u0HCtEZr094118>