From owner-freebsd-questions@FreeBSD.ORG Tue Jul 2 14:58:42 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 0CC3CC39 for ; Tue, 2 Jul 2013 14:58:42 +0000 (UTC) (envelope-from ryanrfrederick@gmail.com) Received: from mail-yh0-x233.google.com (mail-yh0-x233.google.com [IPv6:2607:f8b0:4002:c01::233]) by mx1.freebsd.org (Postfix) with ESMTP id C9C3F1212 for ; Tue, 2 Jul 2013 14:58:41 +0000 (UTC) Received: by mail-yh0-f51.google.com with SMTP id l109so3218186yhq.10 for ; Tue, 02 Jul 2013 07:58:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=nM7+jf8/AdXVscstv1AGjgLyK2lwp9OnUGxgSgGjngs=; b=lmN/6Ct68EmtG5N6KyEhp/6SD2E2eN6fS8BXDsoojCl7vnhMbOLrf1PQRbCJya1PqX xqjrHhoUdXkQ4Rem5cN5UxIE2uEAH3fvrIV63E6GtoQunROUooSjyojt84lulsuICeB3 2hZ2ftl48eRtWs7y7Z9QfZwrbC0G4+QUx398mMz/fAsewthQPbXcxn6mOZL7Q+EzaAXq z6beH/QqolPjE5m6tHl1q/2T2uTlZgdfPSowl2wd4G87kH25tlcbaw/0MPV1gUgVJb4I uAanuT+D1JSd2UK8onP+0LeyAUXxn0zoSG3RY3/2fXQUOgBH9KuR3QKAPNVSsGiUsgVK l3mQ== X-Received: by 10.236.116.2 with SMTP id f2mr14695766yhh.184.1372777121369; Tue, 02 Jul 2013 07:58:41 -0700 (PDT) Received: from ?IPv6:2610:1d8:a03:1:d267:e5ff:fe44:3b30? ([2610:1d8:a03:1:d267:e5ff:fe44:3b30]) by mx.google.com with ESMTPSA id g66sm27923364yhd.11.2013.07.02.07.58.40 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 02 Jul 2013 07:58:40 -0700 (PDT) Message-ID: <51D2EA9F.5030002@gmail.com> Date: Tue, 02 Jul 2013 09:58:39 -0500 From: Ryan Frederick User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Curl -7.24.0_4 heap corruption References: <7752F38E19D749DD851286B177ABE56C@S0030153310> In-Reply-To: <7752F38E19D749DD851286B177ABE56C@S0030153310> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jul 2013 14:58:42 -0000 Update your ports vulnerability database before attempting to compile curl. `portaudit -Fda` should do the trick. Ryan On 07/02/2013 08:49 AM, Reggie Euser wrote: > We're running FreeBSD 8.3-RELEASE-p3 and portaudit says: > > Affected package: curl-7.24.0_2 > Type of problem: cURL library -- heap corruption in curl_easy_unescape. > Reference: > http://portaudit.FreeBSD.org/01cf67b3-dc3b-11e2-a6cd-c48508086173.html > > 1 problem(s) in your installed packages found. > > You are advised to update or deinstall the affected package(s) immediately. > > Have updated ports tree, checked UPDATING (nothing on curl since 2010). > For last several days, portmaster curl has attempted to install > curl-7.24.0_3 - same heap corruption issue. > > Today, portmaster curl attempted to install curl-7.24.0_4. I thought, > great, the port has been updated! > > Except that the heap corruption issue persists and the update fails. > > Anyone have any insights into this issue? > > Thanks! > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"