On 2017/09/29 16:00, Björn Ketelaars wrote:
> Raf Czlonka contacted me offlist concerning lastpass-cli segfaulting.
> I assisted him in fixing the bug. A patch has been sent upstream [0].
>
> I do not know when a new version will be released, and I prefer having a well
> behaving lastpass-cli in ports. My proposal would be to update the port.
>
> OK?
REVISION goes to 0 first. Add the upstream commit information to the
patch.
I think this should probably go in if there's still time.. What do
you think naddy?
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/lastpass-cli/Makefile,v
retrieving revision 1.11
diff -u -p -r1.11 Makefile
--- Makefile 6 Jul 2017 11:09:50 -0000 1.11
+++ Makefile 29 Sep 2017 14:03:03 -0000
@@ -5,6 +5,7 @@ COMMENT = LastPass command line interfac
GH_ACCOUNT = lastpass
GH_PROJECT = lastpass-cli
GH_TAGNAME = v1.2.1
+REVISION = 0
CATEGORIES = security
MAINTAINER = Bjorn Ketelaars <bjorn.ketelaars@hydroxide.nl>
Index: patches/patch-http_c
===================================================================
RCS file: patches/patch-http_c
diff -N patches/patch-http_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-http_c 29 Sep 2017 14:03:03 -0000
@@ -0,0 +1,19 @@
+$OpenBSD$
+
+From 68cfae08b22954fe952cfe590daa4b81a7f7124b Mon Sep 17 00:00:00 2001
+Date: Fri, 29 Sep 2017 14:06:25 +0200
+Subject: [PATCH] use-after-free bug in http.c
+
+Index: http.c
+--- http.c.orig
++++ http.c
+@@ -310,8 +310,8 @@ char *http_post_lastpass_v_noexit(const char *server,
+ ret = curl_easy_perform(curl);
+ unset_interrupt_detect();
+
+- curl_easy_cleanup(curl);
+ curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, http_code);
++ curl_easy_cleanup(curl);
+ *curl_ret = ret;
+
+ if (ret != CURLE_OK) {
> [0]
> https://github.com/lastpass/lastpass-cli/commit/68cfae08b22954fe952cfe590daa4b81a7f7124b
>
> --
> Björn Ketelaars
> GPG key: 0x4F0E5F21
>
>
> diff --git security/lastpass-cli/Makefile security/lastpass-cli/Makefile
> index ed60b8f5df7..ea74da15e3b 100644
> --- security/lastpass-cli/Makefile
> +++ security/lastpass-cli/Makefile
> @@ -5,6 +5,7 @@ COMMENT = LastPass command line interface tool
> GH_ACCOUNT = lastpass
> GH_PROJECT = lastpass-cli
> GH_TAGNAME = v1.2.1
> +REVISION = 1
> CATEGORIES = security
>
> MAINTAINER = Bjorn Ketelaars <bjorn.ketelaars@hydroxide.nl>
> diff --git security/lastpass-cli/patches/patch-http_c security/lastpass-cli/patches/patch-http_c
> new file mode 100644
> index 00000000000..895604edd39
> --- /dev/null
> +++ security/lastpass-cli/patches/patch-http_c
> @@ -0,0 +1,15 @@
> +$OpenBSD$
> +
> +Index: http.c
> +--- http.c.orig
> ++++ http.c
> +@@ -310,8 +310,8 @@ char *http_post_lastpass_v_noexit(const char *server,
> + ret = curl_easy_perform(curl);
> + unset_interrupt_detect();
> +
> +- curl_easy_cleanup(curl);
> + curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, http_code);
> ++ curl_easy_cleanup(curl);
> + *curl_ret = ret;
> +
> + if (ret != CURLE_OK) {
>
No comments:
Post a Comment