Update to curl-7.19.4, which fixes a redirection vulnerability.

The changes in the patch files are almost the same as in Eugene's PR, although I arrived at them mostly independently :) Reformat all patch files now that I use quilt to manage them. Fix two complaints from portlint: needless use of CFLAGS and differentiation between NOPORTDOCS and NOPORTEXAMPLES. Thanks, Eugene! PR: 132358 Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
author: Peter Pentchev <roam@FreeBSD.org> 2009-03-07 03:57:38 +0000
committer: Peter Pentchev <roam@FreeBSD.org> 2009-03-07 03:57:38 +0000
commit: 1ec0906e4945a23baf1df56c0385c9ccf9ac8e67 (patch)
tree: 9b7f56d2e9ae6066ea2e877834065970cab6d44c /ftp/curl/files
parent: 1d6654bbdd297f4e4ddc43eea5cbaa487d3226bc (diff)
download: ports-1ec0906e4945a23baf1df56c0385c9ccf9ac8e67.tar.gz
ports-1ec0906e4945a23baf1df56c0385c9ccf9ac8e67.zip
11 files changed, 45 insertions, 131 deletions
diff --git a/ftp/curl/files/patch-Makefile.in b/ftp/curl/files/patch-Makefile.in
index 53b03300702e..a71a35c6fb7f 100644
--- a/ftp/curl/files/patch-Makefile.in
+++ b/ftp/curl/files/patch-Makefile.in
@@ -1,6 +1,7 @@
-diff -urN -x .svn ../../vendor/curl/Makefile.in ./Makefile.in
---- ../../vendor/curl/Makefile.in	2008-11-05 14:00:46.000000000 +0200
-+++ ./Makefile.in	2009-01-21 16:12:08.000000000 +0200
+Build and install the documentation as usual, no special handling.
+
+--- a/Makefile.in
++++ b/Makefile.in
 @@ -273,9 +273,9 @@
   libcurl.pc.in vc6curl.dsw
  
diff --git a/ftp/curl/files/patch-configure b/ftp/curl/files/patch-configure
index 3d38f47f2622..154e8d571067 100644
--- a/ftp/curl/files/patch-configure
+++ b/ftp/curl/files/patch-configure
@@ -1,14 +1,14 @@
-diff -urN -x .svn ../../vendor/curl/configure ./configure
---- ../../vendor/curl/configure	2008-11-02 00:09:51.000000000 +0200
-+++ ./configure	2009-01-21 16:12:08.000000000 +0200
-@@ -32237,8 +32237,10 @@
+Do not needlessly add /usr/include and /usr/lib to the compiler and
+linker flags if the base system OpenSSL is used.
+
+--- a/configure
++++ b/configure
+@@ -23435,7 +23435,7 @@
          PKGTEST="no"
      PREFIX_OPENSSL=$OPT_SSL
      LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff"
-+    if ! [ "$PREFIX_OPENSSL" = "/usr" ]; then
-     LDFLAGS="$LDFLAGS -L$LIB_OPENSSL"
-     CPPFLAGS="$CPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include"
-+    fi
-     ;;
-   esac
- 
+-    if  "$PREFIX_OPENSSL" != "/usr"  ; then
++    if [ "$PREFIX_OPENSSL" != "/usr" ] ; then
+       LDFLAGS="$LDFLAGS -L$LIB_OPENSSL"
+       CPPFLAGS="$CPPFLAGS -I$PREFIX_OPENSSL/include"
+     fi
diff --git a/ftp/curl/files/patch-docs::curl.1 b/ftp/curl/files/patch-docs::curl.1
deleted file mode 100644
index 456063b3d049..000000000000
--- a/ftp/curl/files/patch-docs::curl.1
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -urN -x .svn ../../vendor/curl/docs/curl.1 ./docs/curl.1
---- ../../vendor/curl/docs/curl.1	2008-10-29 23:15:24.000000000 +0200
-+++ ./docs/curl.1	2009-01-21 16:12:19.000000000 +0200
-@@ -875,7 +875,7 @@
- Tells curl to respect RFC 2616/10.3.2 and not convert POST requests into GET
- requests when following a 302 redirection. The non-RFC behaviour is ubiquitous
- in web browsers, so curl does the conversion by default to maintain
--consistency. However, a server may requires a POST to remain a POST after such
-+consistency. However, a server may require a POST to remain a POST after such
- a redirection. This option is meaningful only when using \fI-L/--location\fP
- (Added in 7.19.1)
- .IP "--proxy-anyauth"
diff --git a/ftp/curl/files/patch-docs::curl.html b/ftp/curl/files/patch-docs::curl.html
deleted file mode 100644
index 5bd4b47fce9e..000000000000
--- a/ftp/curl/files/patch-docs::curl.html
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -urN -x .svn ../../vendor/curl/docs/curl.html ./docs/curl.html
---- ../../vendor/curl/docs/curl.html	2008-11-05 14:00:48.000000000 +0200
-+++ ./docs/curl.html	2009-01-21 16:12:12.000000000 +0200
-@@ -362,7 +362,7 @@
- <p class="level0"><a name="--post301"></a><span class="nroffip">--post301</span> 
- <p class="level1">Tells curl to respect RFC 2616/10.3.2 and not convert POST requests into GET requests when following a 301 redirection. The non-RFC behaviour is ubiquitous in web browsers, so curl does the conversion by default to maintain consistency. However, a server may require a POST to remain a POST after such a redirection. This option is meaningful only when using <a class="emphasis" href="#-L--location">-L/--location</a> (Added in 7.17.1) 
- <p class="level0"><a name="--post302"></a><span class="nroffip">--post302</span> 
--<p class="level1">Tells curl to respect RFC 2616/10.3.2 and not convert POST requests into GET requests when following a 302 redirection. The non-RFC behaviour is ubiquitous in web browsers, so curl does the conversion by default to maintain consistency. However, a server may requires a POST to remain a POST after such a redirection. This option is meaningful only when using <a class="emphasis" href="#-L--location">-L/--location</a> (Added in 7.19.1) 
-+<p class="level1">Tells curl to respect RFC 2616/10.3.2 and not convert POST requests into GET requests when following a 302 redirection. The non-RFC behaviour is ubiquitous in web browsers, so curl does the conversion by default to maintain consistency. However, a server may require a POST to remain a POST after such a redirection. This option is meaningful only when using <a class="emphasis" href="#-L--location">-L/--location</a> (Added in 7.19.1) 
- <p class="level0"><a name="--proxy-anyauth"></a><span class="nroffip">--proxy-anyauth</span> 
- <p class="level1">Tells curl to pick a suitable authentication method when communicating with the given proxy. This might cause an extra request/response round-trip. (Added in 7.13.2) 
- <p class="level0"><a name="--proxy-basic"></a><span class="nroffip">--proxy-basic</span> 
diff --git a/ftp/curl/files/patch-lib::ftp.c b/ftp/curl/files/patch-lib::ftp.c
index d2a0b8e3f965..640d0c116ebd 100644
--- a/ftp/curl/files/patch-lib::ftp.c
+++ b/ftp/curl/files/patch-lib::ftp.c
@@ -1,24 +1,8 @@
---- ../../../tags/curl-7.19.2-stock/lib/ftp.c	2009-01-23 18:11:47.000000000 +0200
-+++ lib/ftp.c	2009-01-26 03:31:07.000000000 +0200
-@@ -1901,7 +1901,7 @@
-     result = CURLE_COULDNT_CONNECT;
-     break;
-   }
--#ifndef CURL_DISABLE_HTTP
-+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_PROXY)
-   if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-     /* FIX: this MUST wait for a proper connect first if 'connected' is
-      * FALSE */
-@@ -1927,7 +1927,7 @@
-     if(CURLE_OK != result)
-       return result;
-   }
--#endif   /* CURL_DISABLE_HTTP */
-+#endif   /* CURL_DISABLE_HTTP || CURL_DISABLE_PROXY */
- 
-   state(conn, FTP_STOP); /* this phase is completed */
- 
-@@ -3056,7 +3056,7 @@
+Handle CURL_DISABLE_PROXY properly.
+
+--- a/lib/ftp.c
++++ b/lib/ftp.c
+@@ -3055,7 +3055,7 @@
                                   bool *done) /* see description above */
  {
    CURLcode result;
@@ -27,21 +11,3 @@
    /* for FTP over HTTP proxy */
    struct HTTP http_proxy;
    struct FTP *ftp_save;
-@@ -3079,7 +3079,7 @@
- 
-   ftpc->response_time = RESP_TIMEOUT; /* set default response time-out */
- 
--#ifndef CURL_DISABLE_HTTP
-+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_PROXY)
-   if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-     /* BLOCKING */
-     /* We want "seamless" FTP operations through HTTP proxy tunnel */
-@@ -3102,7 +3102,7 @@
-     if(CURLE_OK != result)
-       return result;
-   }
--#endif   /* CURL_DISABLE_HTTP */
-+#endif   /* CURL_DISABLE_HTTP || CURL_DISABLE_PROXY */
- 
-   if(conn->protocol & PROT_FTPS) {
-     /* BLOCKING */
diff --git a/ftp/curl/files/patch-lib::url.c b/ftp/curl/files/patch-lib::url.c
index 07d5e78dce61..a8baee9d1dcb 100644
--- a/ftp/curl/files/patch-lib::url.c
+++ b/ftp/curl/files/patch-lib::url.c
@@ -1,6 +1,7 @@
-diff -urN -x .svn ../../vendor/curl/lib/url.c ./lib/url.c
---- ../../vendor/curl/lib/url.c	2008-11-03 18:24:56.000000000 +0200
-+++ ./lib/url.c	2009-01-21 16:12:49.000000000 +0200
+Different handling of signals and threads.
+
+--- a/lib/url.c
++++ b/lib/url.c
 @@ -719,6 +719,10 @@
      data->set.httpauth = CURLAUTH_BASIC;  /* defaults to basic */
      data->set.proxyauth = CURLAUTH_BASIC; /* defaults to basic */
diff --git a/ftp/curl/files/patch-src::main.c b/ftp/curl/files/patch-src::main.c
index 5bb8942faec7..28193e8ea82b 100644
--- a/ftp/curl/files/patch-src::main.c
+++ b/ftp/curl/files/patch-src::main.c
@@ -1,7 +1,8 @@
-diff -urN -x .svn ../../vendor/curl/src/main.c ./src/main.c
---- ../../vendor/curl/src/main.c	2008-10-29 00:12:02.000000000 +0200
-+++ ./src/main.c	2009-01-21 16:12:11.000000000 +0200
-@@ -4313,31 +4313,32 @@
+Use fstat() instead of stat() to avoid a race condition.
+
+--- a/src/main.c
++++ b/src/main.c
+@@ -4355,31 +4355,32 @@
               (-1 == create_dir_hierarchy(outfile, config->errors)))
              return CURLE_WRITE_ERROR;
  
@@ -52,38 +53,3 @@ diff -urN -x .svn ../../vendor/curl/src/main.c ./src/main.c
            }
            else {
              outs.stream = NULL; /* open when needed */
-@@ -5288,12 +5289,13 @@
- static const char *
- msdosify (const char *file_name)
- {
--  static char dos_name[PATH_MAX*2];
-+  static char dos_name[PATH_MAX + 16];
-   static const char illegal_chars_dos[] = ".+, ;=[]|<>\\\":?*";
-   static const char *illegal_chars_w95 = &illegal_chars_dos[8];
-   int idx, dot_idx;
-   const char *s = file_name;
-   char *d = dos_name;
-+  char *dlimit = dos_name + PATH_MAX;
-   const char *illegal_aliens = illegal_chars_dos;
-   size_t len = sizeof (illegal_chars_dos) - 1;
-   int lfn = 0;
-@@ -5314,7 +5316,7 @@
-     *d++ = *s++;
-   }
- 
--  for (idx = 0, dot_idx = -1; *s; s++, d++) {
-+  for (idx = 0, dot_idx = -1; *s && d < dlimit; s++, d++) {
-     if (memchr (illegal_aliens, *s, len)) {
-       /* Dots are special: DOS doesn't allow them as the leading character,
-          and a file name cannot have more than a single dot.  We leave the
-@@ -5371,6 +5373,10 @@
-       idx++;
-   }
- 
-+  if(d >= dlimit) {
-+    /* should some kind of error be raised? */
-+    d = dlimit - 1;
-+  }
-   *d = '\0';
-   return dos_name;
- }
diff --git a/ftp/curl/files/patch-tests::libtest::lib505.c b/ftp/curl/files/patch-tests::libtest::lib505.c
index 4f9926c03a19..a4bbdd72edee 100644
--- a/ftp/curl/files/patch-tests::libtest::lib505.c
+++ b/ftp/curl/files/patch-tests::libtest::lib505.c
@@ -1,6 +1,7 @@
-diff -urN -x .svn ../../vendor/curl/tests/libtest/lib505.c ./tests/libtest/lib505.c
---- ../../vendor/curl/tests/libtest/lib505.c	2008-09-22 00:15:55.000000000 +0300
-+++ ./tests/libtest/lib505.c	2009-01-21 16:12:24.000000000 +0200
+Use fstat() instead of stat() to avoid a race condition.
+
+--- a/tests/libtest/lib505.c
++++ b/tests/libtest/lib505.c
 @@ -56,12 +56,24 @@
      return -1;
    }
diff --git a/ftp/curl/files/patch-tests::libtest::lib541.c b/ftp/curl/files/patch-tests::libtest::lib541.c
index 3f9b54766614..a6157d08da8a 100644
--- a/ftp/curl/files/patch-tests::libtest::lib541.c
+++ b/ftp/curl/files/patch-tests::libtest::lib541.c
@@ -1,6 +1,7 @@
-diff -urN -x .svn ../../vendor/curl/tests/libtest/lib541.c ./tests/libtest/lib541.c
---- ../../vendor/curl/tests/libtest/lib541.c	2008-09-22 00:15:55.000000000 +0300
-+++ ./tests/libtest/lib541.c	2009-01-21 16:12:25.000000000 +0200
+Use fstat() instead of stat() to avoid a race condition.
+
+--- a/tests/libtest/lib541.c
++++ b/tests/libtest/lib541.c
 @@ -48,12 +48,24 @@
      return -1;
    }
diff --git a/ftp/curl/files/patch-tests::runtests.pl b/ftp/curl/files/patch-tests::runtests.pl
index 18fdf7c9c222..5dd94891cb9a 100644
--- a/ftp/curl/files/patch-tests::runtests.pl
+++ b/ftp/curl/files/patch-tests::runtests.pl
@@ -1,6 +1,7 @@
-diff -urN -x .svn ../../vendor/curl/tests/runtests.pl ./tests/runtests.pl
---- ../../vendor/curl/tests/runtests.pl	2008-10-27 22:11:37.000000000 +0200
-+++ ./tests/runtests.pl	2009-01-21 16:12:22.000000000 +0200
+Do not use valgrind.
+
+--- a/tests/runtests.pl
++++ b/tests/runtests.pl
 @@ -88,7 +88,7 @@
      );
  
diff --git a/ftp/curl/files/patch-tests::server::getpart.c b/ftp/curl/files/patch-tests::server::getpart.c
index b2c3ab0d958d..1fbb297bb789 100644
--- a/ftp/curl/files/patch-tests::server::getpart.c
+++ b/ftp/curl/files/patch-tests::server::getpart.c
@@ -1,6 +1,7 @@
-diff -urN -x .svn ../../vendor/curl/tests/server/getpart.c ./tests/server/getpart.c
---- ../../vendor/curl/tests/server/getpart.c	2008-10-23 17:42:39.000000000 +0300
-+++ ./tests/server/getpart.c	2009-01-21 16:12:27.000000000 +0200
+Properly allocate a buffer as large as needed.
+
+--- a/tests/server/getpart.c
++++ b/tests/server/getpart.c
 @@ -87,7 +87,7 @@
      needed_len = len + *stringlen + 1; /* recalculate */
    }
author	Peter Pentchev <roam@FreeBSD.org>	2009-03-07 03:57:38 +0000
committer	Peter Pentchev <roam@FreeBSD.org>	2009-03-07 03:57:38 +0000
commit	1ec0906e4945a23baf1df56c0385c9ccf9ac8e67 (patch)
tree	9b7f56d2e9ae6066ea2e877834065970cab6d44c /ftp/curl/files
parent	1d6654bbdd297f4e4ddc43eea5cbaa487d3226bc (diff)
download	ports-1ec0906e4945a23baf1df56c0385c9ccf9ac8e67.tar.gz ports-1ec0906e4945a23baf1df56c0385c9ccf9ac8e67.zip