pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2005Q3]: pkgsrc/www/weex Pullup ticket 803 - requested by Lubo...
details: https://anonhg.NetBSD.org/pkgsrc/rev/505cfff66039
branches: pkgsrc-2005Q3
changeset: 499571:505cfff66039
user: snj <snj%pkgsrc.org@localhost>
date: Sat Oct 08 06:08:48 2005 +0000
description:
Pullup ticket 803 - requested by Lubomir Sedlacik
security fix for weex
Revisions pulled up:
- pkgsrc/www/weex/Makefile 1.9
- pkgsrc/www/weex/distinfo 1.4
- pkgsrc/www/weex/patches/patch-ad 1.1
Module Name: pkgsrc
Committed By: salo
Date: Wed Oct 5 13:38:13 UTC 2005
Modified Files:
pkgsrc/www/weex: Makefile distinfo
Added Files:
pkgsrc/www/weex/patches: patch-ad
Log Message:
Security fix for SA17028:
"A vulnerability in Weex can be exploited by malicious users to cause a DoS
(Denial of Service) or to compromise a vulnerable system.
The vulnerability is caused due to a format string error in the "log_flush()"
function when flushing an error log entry that contains format string
specifiers to disk. This may be exploited to execute arbitrary code on a
user's system via a directory name containing format string specifiers.
Successful exploitation requires that the attacker is able to create
directories within the user's Weex home directory."
http://secunia.com/advisories/17028/
Patch from FreeBSD PR ports/86833.
diffstat:
www/weex/Makefile | 3 ++-
www/weex/distinfo | 3 ++-
www/weex/patches/patch-ad | 15 +++++++++++++++
3 files changed, 19 insertions(+), 2 deletions(-)
diffs (45 lines):
diff -r bb2d92f0c2b7 -r 505cfff66039 www/weex/Makefile
--- a/www/weex/Makefile Sat Oct 08 05:56:40 2005 +0000
+++ b/www/weex/Makefile Sat Oct 08 06:08:48 2005 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.8 2005/06/17 04:49:49 jlam Exp $
+# $NetBSD: Makefile,v 1.8.4.1 2005/10/08 06:08:48 snj Exp $
DISTNAME= weex-2.6.1
+PKGREVISION= 1
CATEGORIES= www
MASTER_SITES= http://www.enjoy.ne.jp/~gm/program/weex/arc/
diff -r bb2d92f0c2b7 -r 505cfff66039 www/weex/distinfo
--- a/www/weex/distinfo Sat Oct 08 05:56:40 2005 +0000
+++ b/www/weex/distinfo Sat Oct 08 06:08:48 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.3 2005/07/08 17:51:32 kristerw Exp $
+$NetBSD: distinfo,v 1.3.2.1 2005/10/08 06:08:48 snj Exp $
SHA1 (weex-2.6.1.tar.gz) = 8613e7c1a1621bbe042d076883f10b330934de5e
RMD160 (weex-2.6.1.tar.gz) = d286d24d3d87ce78fb5032d50f0d6a0ac2876a04
@@ -6,3 +6,4 @@
SHA1 (patch-aa) = f8f092150b3556d78ab8ef66070447724c9c118d
SHA1 (patch-ab) = 49e383c1c766d63b56256afe3293bf473ca63f6f
SHA1 (patch-ac) = e22d816ad7177fdc3bd68f33fd1118cc8f5164d2
+SHA1 (patch-ad) = 0474aa99d979ff90aa1d9c179e7c44eccceefce2
diff -r bb2d92f0c2b7 -r 505cfff66039 www/weex/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/weex/patches/patch-ad Sat Oct 08 06:08:48 2005 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ad,v 1.1.2.2 2005/10/08 06:08:48 snj Exp $
+
+Fix for SA17028, via FreeBSD.
+
+--- src/log.c.orig 2000-05-03 16:42:05.000000000 +0200
++++ src/log.c 2005-10-05 15:31:06.000000000 +0200
+@@ -182,7 +182,7 @@
+
+ fp=log_open();
+ for(i=0;i<max_log;i++){
+- fprintf(fp,log_str[i]);
++ fprintf(fp,"%s",log_str[i]);
+ free(log_str[i]);
+ }
+ free(log_str);
Home |
Main Index |
Thread Index |
Old Index