pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2005Q3]: pkgsrc/www/weex Pullup ticket 803 - requested by Lubo...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/505cfff66039
branches:  pkgsrc-2005Q3
changeset: 499571:505cfff66039
user:      snj <snj%pkgsrc.org@localhost>
date:      Sat Oct 08 06:08:48 2005 +0000

description:
Pullup ticket 803 - requested by Lubomir Sedlacik
security fix for weex

Revisions pulled up:
- pkgsrc/www/weex/Makefile              1.9
- pkgsrc/www/weex/distinfo              1.4
- pkgsrc/www/weex/patches/patch-ad      1.1

   Module Name:    pkgsrc
   Committed By:   salo
   Date:           Wed Oct  5 13:38:13 UTC 2005

   Modified Files:
           pkgsrc/www/weex: Makefile distinfo
   Added Files:
           pkgsrc/www/weex/patches: patch-ad

   Log Message:
   Security fix for SA17028:

   "A vulnerability in Weex can be exploited by malicious users to cause a DoS
   (Denial of Service) or to compromise a vulnerable system.

   The vulnerability is caused due to a format string error in the "log_flush()"
   function when flushing an error log entry that contains format string
   specifiers to disk. This may be exploited to execute arbitrary code on a
   user's system via a directory name containing format string specifiers.

   Successful exploitation requires that the attacker is able to create
   directories within the user's Weex home directory."

   http://secunia.com/advisories/17028/

   Patch from FreeBSD PR ports/86833.

diffstat:

 www/weex/Makefile         |   3 ++-
 www/weex/distinfo         |   3 ++-
 www/weex/patches/patch-ad |  15 +++++++++++++++
 3 files changed, 19 insertions(+), 2 deletions(-)

diffs (45 lines):

diff -r bb2d92f0c2b7 -r 505cfff66039 www/weex/Makefile
--- a/www/weex/Makefile Sat Oct 08 05:56:40 2005 +0000
+++ b/www/weex/Makefile Sat Oct 08 06:08:48 2005 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.8 2005/06/17 04:49:49 jlam Exp $
+# $NetBSD: Makefile,v 1.8.4.1 2005/10/08 06:08:48 snj Exp $
 
 DISTNAME=      weex-2.6.1
+PKGREVISION=   1
 CATEGORIES=    www
 MASTER_SITES=  http://www.enjoy.ne.jp/~gm/program/weex/arc/
 
diff -r bb2d92f0c2b7 -r 505cfff66039 www/weex/distinfo
--- a/www/weex/distinfo Sat Oct 08 05:56:40 2005 +0000
+++ b/www/weex/distinfo Sat Oct 08 06:08:48 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.3 2005/07/08 17:51:32 kristerw Exp $
+$NetBSD: distinfo,v 1.3.2.1 2005/10/08 06:08:48 snj Exp $
 
 SHA1 (weex-2.6.1.tar.gz) = 8613e7c1a1621bbe042d076883f10b330934de5e
 RMD160 (weex-2.6.1.tar.gz) = d286d24d3d87ce78fb5032d50f0d6a0ac2876a04
@@ -6,3 +6,4 @@
 SHA1 (patch-aa) = f8f092150b3556d78ab8ef66070447724c9c118d
 SHA1 (patch-ab) = 49e383c1c766d63b56256afe3293bf473ca63f6f
 SHA1 (patch-ac) = e22d816ad7177fdc3bd68f33fd1118cc8f5164d2
+SHA1 (patch-ad) = 0474aa99d979ff90aa1d9c179e7c44eccceefce2
diff -r bb2d92f0c2b7 -r 505cfff66039 www/weex/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/weex/patches/patch-ad Sat Oct 08 06:08:48 2005 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ad,v 1.1.2.2 2005/10/08 06:08:48 snj Exp $
+
+Fix for SA17028, via FreeBSD.
+
+--- src/log.c.orig     2000-05-03 16:42:05.000000000 +0200
++++ src/log.c  2005-10-05 15:31:06.000000000 +0200
+@@ -182,7 +182,7 @@
+ 
+       fp=log_open();
+       for(i=0;i<max_log;i++){
+-              fprintf(fp,log_str[i]);
++              fprintf(fp,"%s",log_str[i]);
+               free(log_str[i]);
+       }
+       free(log_str);



Home | Main Index | Thread Index | Old Index