[pkgsrc/trunk]: pkgsrc/mail/evolution fix some format string problems, should...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/19104b7f2c5b
branches:  trunk
changeset: 539439:19104b7f2c5b
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Wed Mar 05 19:08:05 2008 +0000

description:
fix some format string problems, should fix CVE-2008-0072
(There is no exact information available, so I've patched all uses
of non-constant strings as format specifiers.)
bump PKGREVISION

diffstat:

 mail/evolution/Makefile         |   4 ++--
 mail/evolution/distinfo         |   3 ++-
 mail/evolution/patches/patch-ac |  40 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 44 insertions(+), 3 deletions(-)

diffs (70 lines):

diff -r 5e476f65adfd -r 19104b7f2c5b mail/evolution/Makefile
--- a/mail/evolution/Makefile   Wed Mar 05 19:02:13 2008 +0000
+++ b/mail/evolution/Makefile   Wed Mar 05 19:08:05 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.127 2008/01/18 05:08:23 tnn Exp $
+# $NetBSD: Makefile,v 1.128 2008/03/05 19:08:05 drochner Exp $
 
 DISTNAME=              evolution-2.12.3
-PKGREVISION=           1
+PKGREVISION=           2
 CATEGORIES=            mail time gnome
 MASTER_SITES=          ${MASTER_SITE_GNOME:=sources/evolution/2.12/}
 EXTRACT_SUFX=          .tar.bz2
diff -r 5e476f65adfd -r 19104b7f2c5b mail/evolution/distinfo
--- a/mail/evolution/distinfo   Wed Mar 05 19:02:13 2008 +0000
+++ b/mail/evolution/distinfo   Wed Mar 05 19:08:05 2008 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.52 2008/01/11 13:46:38 drochner Exp $
+$NetBSD: distinfo,v 1.53 2008/03/05 19:08:05 drochner Exp $
 
 SHA1 (evolution-2.12.3.tar.bz2) = 14861dd497e935074424269f2d1e6c11be56abfe
 RMD160 (evolution-2.12.3.tar.bz2) = afe803833e213387fde3c180afc91bfc1e792262
 Size (evolution-2.12.3.tar.bz2) = 25938535 bytes
 SHA1 (patch-aa) = 6b7a9364a71ee8b9c8bd9084ceded06c7e384a7f
 SHA1 (patch-ab) = 871a322eefd1a42e7197da764d49cd1d24f6535d
+SHA1 (patch-ac) = 6ec88b37a0817fbe409c04e25b9b9cda5872ca9e
diff -r 5e476f65adfd -r 19104b7f2c5b mail/evolution/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/evolution/patches/patch-ac   Wed Mar 05 19:08:05 2008 +0000
@@ -0,0 +1,40 @@
+$NetBSD: patch-ac,v 1.15 2008/03/05 19:08:05 drochner Exp $
+
+--- mail/em-format.c.orig      2007-10-12 08:56:01.000000000 +0200
++++ mail/em-format.c
+@@ -1350,7 +1350,7 @@ emf_multipart_encrypted(EMFormat *emf, C
+       if (valid == NULL) {
+               em_format_format_error(emf, stream, ex->desc?_("Could not parse PGP/MIME message"):_("Could not parse PGP/MIME message: Unknown error"));
+               if (ex->desc)
+-                      em_format_format_error(emf, stream, ex->desc);
++                      em_format_format_error(emf, stream, "%s", ex->desc);
+               em_format_part_as(emf, stream, part, "multipart/mixed");
+       } else {
+               if (emfc == NULL)
+@@ -1515,7 +1515,7 @@ emf_multipart_signed(EMFormat *emf, Came
+               if (valid == NULL) {
+                       em_format_format_error(emf, stream, ex->desc?_("Error verifying signature"):_("Unknown error verifying signature"));
+                       if (ex->desc)
+-                              em_format_format_error(emf, stream, ex->desc);
++                              em_format_format_error(emf, stream, "%s", ex->desc);
+                       em_format_part_as(emf, stream, part, "multipart/mixed");
+               } else {
+                       if (emfc == NULL)
+@@ -1586,7 +1586,7 @@ emf_inlinepgp_signed(EMFormat *emf, Came
+       if (!valid) {
+               em_format_format_error(emf, stream, ex->desc?_("Error verifying signature"):_("Unknown error verifying signature"));
+               if (ex->desc)
+-                      em_format_format_error(emf, stream, ex->desc);
++                      em_format_format_error(emf, stream, "%s", ex->desc);
+               em_format_format_source(emf, stream, ipart);
+               /* I think this will loop: em_format_part_as(emf, stream, part, "text/plain"); */
+               camel_exception_free(ex);
+@@ -1657,7 +1657,7 @@ emf_inlinepgp_encrypted(EMFormat *emf, C
+       if (!valid) {
+               em_format_format_error(emf, stream, ex->desc?_("Could not parse PGP message"):_("Could not parse PGP message: Unknown error"));
+               if (ex->desc)
+-                      em_format_format_error(emf, stream, ex->desc);
++                      em_format_format_error(emf, stream, "%s", ex->desc);
+               em_format_format_source(emf, stream, ipart);
+               /* I think this will loop: em_format_part_as(emf, stream, part, "text/plain"); */
+               camel_exception_free(ex);