Wed Mar 5 19:08:05 2008 UTC ()
fix some format string problems, should fix CVE-2008-0072
(There is no exact information available, so I've patched all uses
of non-constant strings as format specifiers.)
bump PKGREVISION
(drochner)
diff -r1.127 -r1.128 pkgsrc/mail/evolution/Makefile
diff -r1.52 -r1.53 pkgsrc/mail/evolution/distinfo
diff -r0 -r1.15 pkgsrc/mail/evolution/patches/patch-ac
--- pkgsrc/mail/evolution/Makefile 2008/01/18 05:08:23 1.127
+++ pkgsrc/mail/evolution/Makefile 2008/03/05 19:08:05 1.128
| @@ -1,17 +1,17 @@ | | | @@ -1,17 +1,17 @@ |
1 | # $NetBSD: Makefile,v 1.127 2008/01/18 05:08:23 tnn Exp $ | | 1 | # $NetBSD: Makefile,v 1.128 2008/03/05 19:08:05 drochner Exp $ |
2 | | | 2 | |
3 | DISTNAME= evolution-2.12.3 | | 3 | DISTNAME= evolution-2.12.3 |
4 | PKGREVISION= 1 | | 4 | PKGREVISION= 2 |
5 | CATEGORIES= mail time gnome | | 5 | CATEGORIES= mail time gnome |
6 | MASTER_SITES= ${MASTER_SITE_GNOME:=sources/evolution/2.12/} | | 6 | MASTER_SITES= ${MASTER_SITE_GNOME:=sources/evolution/2.12/} |
7 | EXTRACT_SUFX= .tar.bz2 | | 7 | EXTRACT_SUFX= .tar.bz2 |
8 | | | 8 | |
9 | MAINTAINER= rh@NetBSD.org | | 9 | MAINTAINER= rh@NetBSD.org |
10 | HOMEPAGE= http://www.gnome.org/projects/evolution/ | | 10 | HOMEPAGE= http://www.gnome.org/projects/evolution/ |
11 | COMMENT= GNOME mailer, calendar, contact manager, and communications tool | | 11 | COMMENT= GNOME mailer, calendar, contact manager, and communications tool |
12 | | | 12 | |
13 | PKG_OPTIONS_VAR= PKG_OPTIONS.evolution | | 13 | PKG_OPTIONS_VAR= PKG_OPTIONS.evolution |
14 | PKG_SUGGESTED_OPTIONS= inet6 ssl | | 14 | PKG_SUGGESTED_OPTIONS= inet6 ssl |
15 | PKG_SUPPORTED_OPTIONS= inet6 krb4 krb5 ssl | | 15 | PKG_SUPPORTED_OPTIONS= inet6 krb4 krb5 ssl |
16 | | | 16 | |
17 | .include "../../mk/bsd.options.mk" | | 17 | .include "../../mk/bsd.options.mk" |
--- pkgsrc/mail/evolution/distinfo 2008/01/11 13:46:38 1.52
+++ pkgsrc/mail/evolution/distinfo 2008/03/05 19:08:05 1.53
| @@ -1,7 +1,8 @@ | | | @@ -1,7 +1,8 @@ |
1 | $NetBSD: distinfo,v 1.52 2008/01/11 13:46:38 drochner Exp $ | | 1 | $NetBSD: distinfo,v 1.53 2008/03/05 19:08:05 drochner Exp $ |
2 | | | 2 | |
3 | SHA1 (evolution-2.12.3.tar.bz2) = 14861dd497e935074424269f2d1e6c11be56abfe | | 3 | SHA1 (evolution-2.12.3.tar.bz2) = 14861dd497e935074424269f2d1e6c11be56abfe |
4 | RMD160 (evolution-2.12.3.tar.bz2) = afe803833e213387fde3c180afc91bfc1e792262 | | 4 | RMD160 (evolution-2.12.3.tar.bz2) = afe803833e213387fde3c180afc91bfc1e792262 |
5 | Size (evolution-2.12.3.tar.bz2) = 25938535 bytes | | 5 | Size (evolution-2.12.3.tar.bz2) = 25938535 bytes |
6 | SHA1 (patch-aa) = 6b7a9364a71ee8b9c8bd9084ceded06c7e384a7f | | 6 | SHA1 (patch-aa) = 6b7a9364a71ee8b9c8bd9084ceded06c7e384a7f |
7 | SHA1 (patch-ab) = 871a322eefd1a42e7197da764d49cd1d24f6535d | | 7 | SHA1 (patch-ab) = 871a322eefd1a42e7197da764d49cd1d24f6535d |
| | | 8 | SHA1 (patch-ac) = 6ec88b37a0817fbe409c04e25b9b9cda5872ca9e |
$NetBSD: patch-ac,v 1.15 2008/03/05 19:08:05 drochner Exp $
--- mail/em-format.c.orig 2007-10-12 08:56:01.000000000 +0200
+++ mail/em-format.c
@@ -1350,7 +1350,7 @@ emf_multipart_encrypted(EMFormat *emf, C
if (valid == NULL) {
em_format_format_error(emf, stream, ex->desc?_("Could not parse PGP/MIME message"):_("Could not parse PGP/MIME message: Unknown error"));
if (ex->desc)
- em_format_format_error(emf, stream, ex->desc);
+ em_format_format_error(emf, stream, "%s", ex->desc);
em_format_part_as(emf, stream, part, "multipart/mixed");
} else {
if (emfc == NULL)
@@ -1515,7 +1515,7 @@ emf_multipart_signed(EMFormat *emf, Came
if (valid == NULL) {
em_format_format_error(emf, stream, ex->desc?_("Error verifying signature"):_("Unknown error verifying signature"));
if (ex->desc)
- em_format_format_error(emf, stream, ex->desc);
+ em_format_format_error(emf, stream, "%s", ex->desc);
em_format_part_as(emf, stream, part, "multipart/mixed");
} else {
if (emfc == NULL)
@@ -1586,7 +1586,7 @@ emf_inlinepgp_signed(EMFormat *emf, Came
if (!valid) {
em_format_format_error(emf, stream, ex->desc?_("Error verifying signature"):_("Unknown error verifying signature"));
if (ex->desc)
- em_format_format_error(emf, stream, ex->desc);
+ em_format_format_error(emf, stream, "%s", ex->desc);
em_format_format_source(emf, stream, ipart);
/* I think this will loop: em_format_part_as(emf, stream, part, "text/plain"); */
camel_exception_free(ex);
@@ -1657,7 +1657,7 @@ emf_inlinepgp_encrypted(EMFormat *emf, C
if (!valid) {
em_format_format_error(emf, stream, ex->desc?_("Could not parse PGP message"):_("Could not parse PGP message: Unknown error"));
if (ex->desc)
- em_format_format_error(emf, stream, ex->desc);
+ em_format_format_error(emf, stream, "%s", ex->desc);
em_format_format_source(emf, stream, ipart);
/* I think this will loop: em_format_part_as(emf, stream, part, "text/plain"); */
camel_exception_free(ex);