Stuart Henderson:
> REVISION goes to 0 first. Add the upstream commit information to the
> patch.
>
> I think this should probably go in if there's still time.. What do
> you think naddy?
Obvious fix, ok
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/security/lastpass-cli/Makefile,v
> retrieving revision 1.11
> diff -u -p -r1.11 Makefile
> --- Makefile 6 Jul 2017 11:09:50 -0000 1.11
> +++ Makefile 29 Sep 2017 14:03:03 -0000
> @@ -5,6 +5,7 @@ COMMENT = LastPass command line interfac
> GH_ACCOUNT = lastpass
> GH_PROJECT = lastpass-cli
> GH_TAGNAME = v1.2.1
> +REVISION = 0
> CATEGORIES = security
>
> MAINTAINER = Bjorn Ketelaars <bjorn.ketelaars@hydroxide.nl>
> Index: patches/patch-http_c
> ===================================================================
> RCS file: patches/patch-http_c
> diff -N patches/patch-http_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-http_c 29 Sep 2017 14:03:03 -0000
> @@ -0,0 +1,19 @@
> +$OpenBSD$
> +
> +From 68cfae08b22954fe952cfe590daa4b81a7f7124b Mon Sep 17 00:00:00 2001
> +Date: Fri, 29 Sep 2017 14:06:25 +0200
> +Subject: [PATCH] use-after-free bug in http.c
> +
> +Index: http.c
> +--- http.c.orig
> ++++ http.c
> +@@ -310,8 +310,8 @@ char *http_post_lastpass_v_noexit(const char *server,
> + ret = curl_easy_perform(curl);
> + unset_interrupt_detect();
> +
> +- curl_easy_cleanup(curl);
> + curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, http_code);
> ++ curl_easy_cleanup(curl);
> + *curl_ret = ret;
> +
> + if (ret != CURLE_OK) {
--
Christian "naddy" Weisgerber naddy@mips.inka.de
No comments:
Post a Comment