diff options
| author | snj <snj@pkgsrc.org> | 2005-10-08 06:08:48 +0000 |
|---|---|---|
| committer | snj <snj@pkgsrc.org> | 2005-10-08 06:08:48 +0000 |
| commit | 6ab73ee4408adf05f5b6c19e3c2070b1fbbf8d12 (patch) | |
| tree | 3ca0a48a804e639bb47a21322f658a8ced50fe6b /www | |
| parent | 9828cde9fbbb5a373c217bba9b16a2e0a5da0656 (diff) | |
| download | pkgsrc-6ab73ee4408adf05f5b6c19e3c2070b1fbbf8d12.tar.gz | |
Pullup ticket 803 - requested by Lubomir Sedlacik
security fix for weex
Revisions pulled up:
- pkgsrc/www/weex/Makefile 1.9
- pkgsrc/www/weex/distinfo 1.4
- pkgsrc/www/weex/patches/patch-ad 1.1
Module Name: pkgsrc
Committed By: salo
Date: Wed Oct 5 13:38:13 UTC 2005
Modified Files:
pkgsrc/www/weex: Makefile distinfo
Added Files:
pkgsrc/www/weex/patches: patch-ad
Log Message:
Security fix for SA17028:
"A vulnerability in Weex can be exploited by malicious users to cause a DoS
(Denial of Service) or to compromise a vulnerable system.
The vulnerability is caused due to a format string error in the "log_flush()"
function when flushing an error log entry that contains format string
specifiers to disk. This may be exploited to execute arbitrary code on a
user's system via a directory name containing format string specifiers.
Successful exploitation requires that the attacker is able to create
directories within the user's Weex home directory."
http://secunia.com/advisories/17028/
Patch from FreeBSD PR ports/86833.
Diffstat (limited to 'www')
| -rw-r--r-- | www/weex/Makefile | 3 | ||||
| -rw-r--r-- | www/weex/distinfo | 3 | ||||
| -rw-r--r-- | www/weex/patches/patch-ad | 15 |
3 files changed, 19 insertions, 2 deletions
diff --git a/www/weex/Makefile b/www/weex/Makefile index b8df83b0d27..e3a5ec1781b 100644 --- a/www/weex/Makefile +++ b/www/weex/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.8 2005/06/17 04:49:49 jlam Exp $ +# $NetBSD: Makefile,v 1.8.4.1 2005/10/08 06:08:48 snj Exp $ DISTNAME= weex-2.6.1 +PKGREVISION= 1 CATEGORIES= www MASTER_SITES= http://www.enjoy.ne.jp/~gm/program/weex/arc/ diff --git a/www/weex/distinfo b/www/weex/distinfo index 73f7c23d92e..3d1fdeeb4e0 100644 --- a/www/weex/distinfo +++ b/www/weex/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.3 2005/07/08 17:51:32 kristerw Exp $ +$NetBSD: distinfo,v 1.3.2.1 2005/10/08 06:08:48 snj Exp $ SHA1 (weex-2.6.1.tar.gz) = 8613e7c1a1621bbe042d076883f10b330934de5e RMD160 (weex-2.6.1.tar.gz) = d286d24d3d87ce78fb5032d50f0d6a0ac2876a04 @@ -6,3 +6,4 @@ Size (weex-2.6.1.tar.gz) = 200858 bytes SHA1 (patch-aa) = f8f092150b3556d78ab8ef66070447724c9c118d SHA1 (patch-ab) = 49e383c1c766d63b56256afe3293bf473ca63f6f SHA1 (patch-ac) = e22d816ad7177fdc3bd68f33fd1118cc8f5164d2 +SHA1 (patch-ad) = 0474aa99d979ff90aa1d9c179e7c44eccceefce2 diff --git a/www/weex/patches/patch-ad b/www/weex/patches/patch-ad new file mode 100644 index 00000000000..8d5f4d905cc --- /dev/null +++ b/www/weex/patches/patch-ad @@ -0,0 +1,15 @@ +$NetBSD: patch-ad,v 1.1.2.2 2005/10/08 06:08:48 snj Exp $ + +Fix for SA17028, via FreeBSD. + +--- src/log.c.orig 2000-05-03 16:42:05.000000000 +0200 ++++ src/log.c 2005-10-05 15:31:06.000000000 +0200 +@@ -182,7 +182,7 @@ + + fp=log_open(); + for(i=0;i<max_log;i++){ +- fprintf(fp,log_str[i]); ++ fprintf(fp,"%s",log_str[i]); + free(log_str[i]); + } + free(log_str); |