diff options
author | drochner <drochner@pkgsrc.org> | 2008-03-05 19:08:05 +0000 |
---|---|---|
committer | drochner <drochner@pkgsrc.org> | 2008-03-05 19:08:05 +0000 |
commit | f45ff136c46882593507ecc7e298de5acb982641 (patch) | |
tree | c3963b7277c1004327492a5697b5f331610a1c6a | |
parent | 93a40a7c45671e7ee865ac35370835c737362988 (diff) | |
download | pkgsrc-f45ff136c46882593507ecc7e298de5acb982641.tar.gz |
fix some format string problems, should fix CVE-2008-0072
(There is no exact information available, so I've patched all uses
of non-constant strings as format specifiers.)
bump PKGREVISION
-rw-r--r-- | mail/evolution/Makefile | 4 | ||||
-rw-r--r-- | mail/evolution/distinfo | 3 | ||||
-rw-r--r-- | mail/evolution/patches/patch-ac | 40 |
3 files changed, 44 insertions, 3 deletions
diff --git a/mail/evolution/Makefile b/mail/evolution/Makefile index 21c9f893fa8..2d9803d9b7f 100644 --- a/mail/evolution/Makefile +++ b/mail/evolution/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.127 2008/01/18 05:08:23 tnn Exp $ +# $NetBSD: Makefile,v 1.128 2008/03/05 19:08:05 drochner Exp $ DISTNAME= evolution-2.12.3 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= mail time gnome MASTER_SITES= ${MASTER_SITE_GNOME:=sources/evolution/2.12/} EXTRACT_SUFX= .tar.bz2 diff --git a/mail/evolution/distinfo b/mail/evolution/distinfo index c5011dfad70..b68ba391188 100644 --- a/mail/evolution/distinfo +++ b/mail/evolution/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.52 2008/01/11 13:46:38 drochner Exp $ +$NetBSD: distinfo,v 1.53 2008/03/05 19:08:05 drochner Exp $ SHA1 (evolution-2.12.3.tar.bz2) = 14861dd497e935074424269f2d1e6c11be56abfe RMD160 (evolution-2.12.3.tar.bz2) = afe803833e213387fde3c180afc91bfc1e792262 Size (evolution-2.12.3.tar.bz2) = 25938535 bytes SHA1 (patch-aa) = 6b7a9364a71ee8b9c8bd9084ceded06c7e384a7f SHA1 (patch-ab) = 871a322eefd1a42e7197da764d49cd1d24f6535d +SHA1 (patch-ac) = 6ec88b37a0817fbe409c04e25b9b9cda5872ca9e diff --git a/mail/evolution/patches/patch-ac b/mail/evolution/patches/patch-ac new file mode 100644 index 00000000000..48cb3e73940 --- /dev/null +++ b/mail/evolution/patches/patch-ac @@ -0,0 +1,40 @@ +$NetBSD: patch-ac,v 1.15 2008/03/05 19:08:05 drochner Exp $ + +--- mail/em-format.c.orig 2007-10-12 08:56:01.000000000 +0200 ++++ mail/em-format.c +@@ -1350,7 +1350,7 @@ emf_multipart_encrypted(EMFormat *emf, C + if (valid == NULL) { + em_format_format_error(emf, stream, ex->desc?_("Could not parse PGP/MIME message"):_("Could not parse PGP/MIME message: Unknown error")); + if (ex->desc) +- em_format_format_error(emf, stream, ex->desc); ++ em_format_format_error(emf, stream, "%s", ex->desc); + em_format_part_as(emf, stream, part, "multipart/mixed"); + } else { + if (emfc == NULL) +@@ -1515,7 +1515,7 @@ emf_multipart_signed(EMFormat *emf, Came + if (valid == NULL) { + em_format_format_error(emf, stream, ex->desc?_("Error verifying signature"):_("Unknown error verifying signature")); + if (ex->desc) +- em_format_format_error(emf, stream, ex->desc); ++ em_format_format_error(emf, stream, "%s", ex->desc); + em_format_part_as(emf, stream, part, "multipart/mixed"); + } else { + if (emfc == NULL) +@@ -1586,7 +1586,7 @@ emf_inlinepgp_signed(EMFormat *emf, Came + if (!valid) { + em_format_format_error(emf, stream, ex->desc?_("Error verifying signature"):_("Unknown error verifying signature")); + if (ex->desc) +- em_format_format_error(emf, stream, ex->desc); ++ em_format_format_error(emf, stream, "%s", ex->desc); + em_format_format_source(emf, stream, ipart); + /* I think this will loop: em_format_part_as(emf, stream, part, "text/plain"); */ + camel_exception_free(ex); +@@ -1657,7 +1657,7 @@ emf_inlinepgp_encrypted(EMFormat *emf, C + if (!valid) { + em_format_format_error(emf, stream, ex->desc?_("Could not parse PGP message"):_("Could not parse PGP message: Unknown error")); + if (ex->desc) +- em_format_format_error(emf, stream, ex->desc); ++ em_format_format_error(emf, stream, "%s", ex->desc); + em_format_format_source(emf, stream, ipart); + /* I think this will loop: em_format_part_as(emf, stream, part, "text/plain"); */ + camel_exception_free(ex); |