[pacman-dev] small libdownload patch

Roman Kyrylych roman.kyrylych at gmail.com
Sat Dec 27 02:58:59 EST 2008


On Mon, Nov 10, 2008 at 20:35, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
> On Mon, Nov 10, 2008 at 12:24 PM, Johannes Krampf
> <Johannes.Krampf at htw-dresden.de> wrote:
>> Hi,
>>
>> I've found a small compatibility problem and static checking a minor
>> buffer overflow in libdownload. Please excuse if this should already
>> be fixed in git.
>>
>> Here's the patch, <stdint.h> is included for uintptr_t and fscanf
>> writes a trailing \0, therefore requiring 1025 bytes in the worst
>> case:
>
> Just an FYI, NetBSD's libfetch code compiles on linux with a minor
> modification. So I think we're planning on switching to that.

...and that bug is fixed there long before in FreeBSD's libfetch.
Thanks for info, Aaron! I wasn't aware that NetBSD has their own libfetch.
Looks like NetBSD's libfetch was heavily reworked in some places,
including some new features added.
The only thing it's missing from FreeBSD's lbfetch is
support for HTTP 1.1 If-Modified-Since behavior
(which was only added less than 2 weeks ago).

There's one Linux-compatability fix after 2.20:
http://cvsweb.se.netbsd.org/cgi-bin/bsdweb.cgi/pkgsrc/net/libfetch/files/ftp.c.diff?r1=1.24;r2=1.25
Not sure if it's important enough for us though.

-- 
Roman Kyrylych (Роман Кирилич)


More information about the pacman-dev mailing list