From 67621d964db372b56cbfdc19b5a0472a02e05ed5 Mon Sep 17 00:00:00 2001 From: gls Date: Thu, 1 Dec 2011 20:50:48 +0000 Subject: Add a fix for CVE 2011-4357, taken from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649322 --- www/clearsilver/distinfo | 3 ++- www/clearsilver/patches/patch-python_neo__cgi.c | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 www/clearsilver/patches/patch-python_neo__cgi.c (limited to 'www/clearsilver') diff --git a/www/clearsilver/distinfo b/www/clearsilver/distinfo index beba660af6d..53dd2dffd4e 100644 --- a/www/clearsilver/distinfo +++ b/www/clearsilver/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.15 2010/09/13 03:05:24 taca Exp $ +$NetBSD: distinfo,v 1.16 2011/12/01 20:50:48 gls Exp $ SHA1 (clearsilver-0.10.5.tar.gz) = 138865dc91e27328fe29fcaaac1bc6558f19dd75 RMD160 (clearsilver-0.10.5.tar.gz) = bd5c616f326b544df8a74eec71a98a474b408249 @@ -6,3 +6,4 @@ Size (clearsilver-0.10.5.tar.gz) = 439190 bytes SHA1 (patch-aa) = cf8708c4bee271d39eca2b1833302fa13aee2b6d SHA1 (patch-ae) = 58326210ecef3936579a19f3cbcb9b9374bc3541 SHA1 (patch-af) = e88106bb0c57d632c348bc16ff673e0ef7487847 +SHA1 (patch-python_neo__cgi.c) = 0baf7f06bdf7c5686131b1b1abbd4fb0fef11c85 diff --git a/www/clearsilver/patches/patch-python_neo__cgi.c b/www/clearsilver/patches/patch-python_neo__cgi.c new file mode 100644 index 00000000000..b2617adb7f3 --- /dev/null +++ b/www/clearsilver/patches/patch-python_neo__cgi.c @@ -0,0 +1,16 @@ +$NetBSD: patch-python_neo__cgi.c,v 1.1 2011/12/01 20:50:49 gls Exp $ + +Fix for 2011-4357 +Taken from: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649322 + +--- python/neo_cgi.c.orig 2007-07-12 03:07:43.000000000 +0000 ++++ python/neo_cgi.c +@@ -178,7 +178,7 @@ static PyObject * p_cgi_error (PyObject + if (!PyArg_ParseTuple(args, "s:error(str)", &s)) + return NULL; + +- cgi_error (cgi, s); ++ cgi_error (cgi, "%s", s); + rv = Py_None; + Py_INCREF(rv); + return rv; -- cgit v1.2.3