From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Apr 19 02:30:20 2004 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B9A1516A4D0 for ; Mon, 19 Apr 2004 02:30:20 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A4BE343D41 for ; Mon, 19 Apr 2004 02:30:20 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i3J9UKbv094112 for ; Mon, 19 Apr 2004 02:30:20 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i3J9UKnb094097; Mon, 19 Apr 2004 02:30:20 -0700 (PDT) (envelope-from gnats) Resent-Date: Mon, 19 Apr 2004 02:30:20 -0700 (PDT) Resent-Message-Id: <200404190930.i3J9UKnb094097@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Frank Ruell Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A9F5816A4CE; Mon, 19 Apr 2004 02:27:57 -0700 (PDT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id 09C0B43D3F; Mon, 19 Apr 2004 02:27:57 -0700 (PDT) (envelope-from stoerte@dreamwarrior.net) Received: from [212.227.126.208] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1BFV4G-0002zV-00; Mon, 19 Apr 2004 11:27:56 +0200 Received: from [217.84.46.15] (helo=dreamwarrior.foobar.ath.cx) (TLSv1:EDH-RSA-DES-CBC3-SHA:168) (Exim 3.35 #1) id 1BFV4F-00076x-00; Mon, 19 Apr 2004 11:27:56 +0200 Received: from stoerte by dreamwarrior.foobar.ath.cx with local (Exim 4.31; FreeBSD) id 1BFV4C-0000Lm-A9; Mon, 19 Apr 2004 11:27:52 +0200 Message-Id: Date: Mon, 19 Apr 2004 11:27:52 +0200 From: Frank Ruell To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: seanc@FreeBSD.org Subject: ports/65754: [patch] devel/tla - format string vulnerabillitys in included neon X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Apr 2004 09:30:20 -0000 >Number: 65754 >Category: ports >Synopsis: [patch] devel/tla - format string vulnerabillitys in included neon >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Apr 19 02:30:20 PDT 2004 >Closed-Date: >Last-Modified: >Originator: Frank Ruell >Release: FreeBSD 5.2.1-RELEASE-p4 i386 >Organization: >Environment: System: FreeBSD dreamwarrior.foobar.ath.cx 5.2.1-RELEASE-p4 FreeBSD 5.2.1-RELEASE-p4 #1: Mon Apr 12 03:13:36 CEST 2004 root@:/usr/obj/usr/src/sys/Dreamwarrior i386 >Description: neon, which comes included in the gnu-arch source has serveral format string vulnerabilitys, see http://vuxml.freebsd.org/84237895-8f39-11d8-8b29-0020ed76ef5a.html Fix from neon CVS. I mailed the port maintainer on saturday 19:00 UTC. >How-To-Repeat: >Fix: --- tla1.2-1.2-1.diff begins here --- diff -ruN tla.orig/Makefile tla/Makefile --- tla.orig/Makefile Mon Mar 1 23:20:03 2004 +++ tla/Makefile Sat Apr 17 20:50:46 2004 @@ -7,6 +7,7 @@ PORTNAME= tla PORTVERSION= 1.2 +PORTREVISION= 1 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_GNU} \ http://regexps.srparish.net/src/${PORTNAME}/ \ @@ -26,7 +27,7 @@ ORIGWRKSRC= ${WRKDIR}/${DISTNAME}/src WRKSRC= ${ORIGWRKSRC}/=build -pre-configure: +pre-patch: ${MKDIR} ${WRKSRC} do-configure: diff -ruN tla.orig/files/patch-libneon-ne_207.c tla/files/patch-libneon-ne_207.c --- tla.orig/files/patch-libneon-ne_207.c Thu Jan 1 01:00:00 1970 +++ tla/files/patch-libneon-ne_207.c Sat Apr 17 20:56:18 2004 @@ -0,0 +1,17 @@ +--- ../tla/libneon.orig/ne_207.c Sat Dec 6 20:35:28 2003 ++++ ../tla/libneon/ne_207.c Sat Apr 17 20:25:46 2004 +@@ -320,12 +320,12 @@ + if (ne_get_status(req)->code == 207) { + if (!ne_xml_valid(p)) { + /* The parse was invalid */ +- ne_set_error(sess, ne_xml_get_error(p)); ++ ne_set_error(sess, "%s", ne_xml_get_error(p)); + ret = NE_ERROR; + } else if (ctx.is_error) { + /* If we've actually got any error information + * from the 207, then set that as the error */ +- ne_set_error(sess, ctx.buf->data); ++ ne_set_error(sess, "%s", ctx.buf->data); + ret = NE_ERROR; + } + } else if (ne_get_status(req)->klass != 2) { diff -ruN tla.orig/files/patch-libneon-ne_auth.c tla/files/patch-libneon-ne_auth.c --- tla.orig/files/patch-libneon-ne_auth.c Thu Jan 1 01:00:00 1970 +++ tla/files/patch-libneon-ne_auth.c Sat Apr 17 20:50:46 2004 @@ -0,0 +1,11 @@ +--- ../tla/libneon.orig/ne_auth.c Sat Dec 6 20:35:28 2003 ++++ ../tla/libneon/ne_auth.c Sat Apr 17 20:11:55 2004 +@@ -950,7 +950,7 @@ + if (areq->auth_info_hdr != NULL && + verify_response(areq, sess, areq->auth_info_hdr)) { + NE_DEBUG(NE_DBG_HTTPAUTH, "Response authentication invalid.\n"); +- ne_set_error(sess->sess, _(sess->spec->fail_msg)); ++ ne_set_error(sess->sess, "%s", _(sess->spec->fail_msg)); + ret = NE_ERROR; + } else if (status->code == sess->spec->status_code && + areq->auth_hdr != NULL) { diff -ruN tla.orig/files/patch-libneon-ne_locks.c tla/files/patch-libneon-ne_locks.c --- tla.orig/files/patch-libneon-ne_locks.c Thu Jan 1 01:00:00 1970 +++ tla/files/patch-libneon-ne_locks.c Sat Apr 17 20:50:46 2004 @@ -0,0 +1,20 @@ +--- ../tla/libneon.orig/ne_locks.c Sat Dec 6 20:35:28 2003 ++++ ../tla/libneon/ne_locks.c Sat Apr 17 20:11:55 2004 +@@ -734,7 +734,7 @@ + } + else if (parse_failed) { + ret = NE_ERROR; +- ne_set_error(sess, ne_xml_get_error(parser)); ++ ne_set_error(sess, "%s", ne_xml_get_error(parser)); + } + else if (ne_get_status(req)->code == 207) { + ret = NE_ERROR; +@@ -802,7 +802,7 @@ + if (ret == NE_OK && ne_get_status(req)->klass == 2) { + if (parse_failed) { + ret = NE_ERROR; +- ne_set_error(sess, ne_xml_get_error(parser)); ++ ne_set_error(sess, "%s", ne_xml_get_error(parser)); + } + else if (ne_get_status(req)->code == 207) { + ret = NE_ERROR; diff -ruN tla.orig/files/patch-libneon-ne_props.c tla/files/patch-libneon-ne_props.c --- tla.orig/files/patch-libneon-ne_props.c Thu Jan 1 01:00:00 1970 +++ tla/files/patch-libneon-ne_props.c Sat Apr 17 20:50:46 2004 @@ -0,0 +1,11 @@ +--- ../tla/libneon.orig/ne_props.c Sat Dec 6 20:35:28 2003 ++++ ../tla/libneon/ne_props.c Sat Apr 17 20:11:55 2004 +@@ -142,7 +142,7 @@ + if (ret == NE_OK && ne_get_status(req)->klass != 2) { + ret = NE_ERROR; + } else if (!ne_xml_valid(handler->parser)) { +- ne_set_error(handler->sess, ne_xml_get_error(handler->parser)); ++ ne_set_error(handler->sess, "%s", ne_xml_get_error(handler->parser)); + ret = NE_ERROR; + } + diff -ruN tla.orig/files/patch-libneon-ne_xml.c tla/files/patch-libneon-ne_xml.c --- tla.orig/files/patch-libneon-ne_xml.c Thu Jan 1 01:00:00 1970 +++ tla/files/patch-libneon-ne_xml.c Sat Apr 17 20:50:46 2004 @@ -0,0 +1,11 @@ +--- ../tla/libneon.orig/ne_xml.c Sat Dec 6 20:35:29 2003 ++++ ../tla/libneon/ne_xml.c Sat Apr 17 20:11:55 2004 +@@ -538,7 +538,7 @@ + + void ne_xml_set_error(ne_xml_parser *p, const char *msg) + { +- ne_snprintf(p->error, ERR_SIZE, msg); ++ ne_snprintf(p->error, ERR_SIZE, "%s", msg); + } + + #ifdef HAVE_LIBXML --- tla1.2-1.2-1.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: