From 22275203cc9f97b79ffdedcbe6b51e0086fa8cb6 Mon Sep 17 00:00:00 2001
From: Nathan Angelacos <nangel@alpinelinux.org>
Date: Sun, 15 Feb 2015 23:10:17 +0000
Subject: Version bump to 0.9.34

	Fixes for Lua 5.3 compatibility
	Move sys/fnctl.h to fnctl.h
	Applied Victor Cook's patch to rfc2388.c regarding
		crlf positioning in header data
---
 ChangeLog      | 19 ++++++++++++++++---
 configure.ac   |  2 +-
 src/h_bash.c   |  2 +-
 src/h_lua.c    |  2 +-
 src/h_script.c |  2 +-
 src/lua2c.c    |  5 +++++
 src/rfc2388.c  | 14 +++++++++++++-
 7 files changed, 38 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a5a4bf3..b98b758 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2015-02-15
+	0.9.34
+	*	Fixes for Lua 5.3 compatibility
+	*	Move sys/fnctl.h to fnctl.h
+	*	Victor Cook sent in a patch to rfc2388.c -
+		"In rfc2388.c rfc2388_handler() during processing of the header information, 
+		if a buffer read falls on the point where the next character is crlf it 
+		results in the header reading to be terminated early. When the error occurs 
+		the results are unpredictable and depend on what is then incorrectly interpreted.  
+
+		The chance of a failure depends on the length and complexity of the header data, 
+		but can become very significant."
+
 2014-06-07
 	0.9.33
 	*	Fix various security vulnerabilities - most serious is a 
@@ -13,14 +26,14 @@
 	*	Regression causing Lua always to be linked, never used
 
 2013-15-09
-        0.9.31
+	0.9.31
 	*	Modernize configure.ac
 	*	more Lua 5.2 fixes
 
 
 2013-27-06
 	0.9.30
-        * 	The Mayhem Team of CMU found an undisclosed segfault when the first 
+	* 	The Mayhem Team of CMU found an undisclosed segfault when the first 
 		command-line argument is '' or "" (null-quoted string).  Chow Loong Jin
 		supplied a patch.
 	*	Natanael Copa supplied a patch to rename the deprecated string.gfind
@@ -53,7 +66,7 @@
 	0.9.27
 	*	Daniel Griscom reported clarification on RFC 2616 compliance
 		Ralph Siemsen provided the actual man-page update
-        *       Natanael Copa fixed the Makefile.am for gnu make 3.82+
+	*       Natanael Copa fixed the Makefile.am for gnu make 3.82+
 	*       Cleanup temp files on error (Anonymous) SF bug tracker id 2991410
 	*	Pavel Chromy reported a vulnerability where the name of a the tempfile
 		on a file upload could be modified by the client
diff --git a/configure.ac b/configure.ac
index ed3c990..030a5f3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 # Process this file with autoconf to produce a configure script.
-AC_INIT([haserl],[0.9.33],[Nathan Angelacos - nangel@users.sourceforge.net],[haserl])
+AC_INIT([haserl],[0.9.34],[Nathan Angelacos - nangel@users.sourceforge.net],[haserl])
 AM_INIT_AUTOMAKE
 
 # Checks for programs.
diff --git a/src/h_bash.c b/src/h_bash.c
index e955acd..1ceee9a 100644
--- a/src/h_bash.c
+++ b/src/h_bash.c
@@ -30,7 +30,7 @@
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/stat.h>
-#include <sys/fcntl.h>
+#include <fcntl.h>
 #include <stdlib.h>
 #include <string.h>
 
diff --git a/src/h_lua.c b/src/h_lua.c
index e7fb2b4..19d7eb9 100644
--- a/src/h_lua.c
+++ b/src/h_lua.c
@@ -30,7 +30,7 @@
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/stat.h>
-#include <sys/fcntl.h>
+#include <fcntl.h>
 #include <stdlib.h>
 #include <string.h>
 
diff --git a/src/h_script.c b/src/h_script.c
index 534c672..5d5cf4e 100644
--- a/src/h_script.c
+++ b/src/h_script.c
@@ -26,7 +26,7 @@
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#include <sys/fcntl.h>
+#include <fcntl.h>
 #include <string.h>
 #include <stdlib.h>
 #include <ctype.h>
diff --git a/src/lua2c.c b/src/lua2c.c
index 063ac20..261239a 100644
--- a/src/lua2c.c
+++ b/src/lua2c.c
@@ -78,7 +78,12 @@ writer (lua_State * L, const void *p, size_t size, void *u)
 static void
 dumpit ()
 {
+#if LUA_VERSION_NUM >= 503
+  lua_dump (lua_vm, writer, NULL, 0);
+#else
   lua_dump (lua_vm, writer, NULL);
+#endif
+
 }
 
 
diff --git a/src/rfc2388.c b/src/rfc2388.c
index 971a2e1..621672c 100644
--- a/src/rfc2388.c
+++ b/src/rfc2388.c
@@ -399,6 +399,8 @@ rfc2388_handler (list_t * env)
   buffer_t buf;
   mime_var_t var;
 
+  int header_continuation;
+
   /* prevent a potential unitialized free() - ISE-TPS-2014-008 */
   var.name = NULL;
 
@@ -449,6 +451,9 @@ rfc2388_handler (list_t * env)
 
   state = DISCARD;
   str = boundary + 2;		/* skip the leading crlf */
+
+  header_continuation = 0;
+
   do
     {
       /* x is true if this token ends with a matchstr or is at the end of stream */
@@ -501,6 +506,7 @@ rfc2388_handler (list_t * env)
 		  buffer_reset (&buf);
 		  mime_var_init (&var);
 		  state = HEADER;
+                  header_continuation = 0;
 		  str = crlf;
 		}
 	    }
@@ -510,7 +516,7 @@ rfc2388_handler (list_t * env)
 	  buffer_add (&buf, sbuf.segment, sbuf.len);
 	  if (x)
 	    {
-	      if (sbuf.len == 0)
+	      if (sbuf.len == 0 && header_continuation == 0)
 		{		/* blank line */
 		  buffer_reset (&buf);
 		  state = CONTENT;
@@ -522,7 +528,13 @@ rfc2388_handler (list_t * env)
 		  mime_tag_add (&var, (char *) buf.data);
 		  buffer_reset (&buf);
 		}
+              header_continuation = 0;
 	    }
+          else
+            {
+              // expect more data
+              header_continuation = 1;
+            }
 	  break;
 
 	case CONTENT:
-- 
cgit v1.2.3