diff options
| author | Joe Marcus Clarke <marcus@FreeBSD.org> | 2005-08-27 22:57:45 +0000 |
|---|---|---|
| committer | Joe Marcus Clarke <marcus@FreeBSD.org> | 2005-08-27 22:57:45 +0000 |
| commit | a9f801a2186fcb89f70f7dcb211c6d4922c0e3af (patch) | |
| tree | c3cc2e262af6204ef20e25d3ef88a0d4e51cc772 | |
| parent | b7a42fed6664b3db6bc4c8b7cfa4b4f48bfcb372 (diff) | |
| download | ports-a9f801a2186fcb89f70f7dcb211c6d4922c0e3af.tar.gz ports-a9f801a2186fcb89f70f7dcb211c6d4922c0e3af.zip | |
Fix the string format vulnerability desribed at
http://marc.theaimsgroup.com/?l=full-disclosure&m=112368237712032&w=2.
Security: Fixes the vulnerability described at
http://www.vuxml.org/freebsd/cveitem-2005-2549.html
Approved by: portmgr (implicit)
Obtained from: Evolution CVS
Notes
Notes:
svn path=/head/; revision=140994
| -rw-r--r-- | mail/evolution/Makefile | 1 | ||||
| -rw-r--r-- | mail/evolution/files/patch-string_vuln | 62 |
2 files changed, 63 insertions, 0 deletions
diff --git a/mail/evolution/Makefile b/mail/evolution/Makefile index 158df2d39f13..d2402cec05b5 100644 --- a/mail/evolution/Makefile +++ b/mail/evolution/Makefile @@ -7,6 +7,7 @@ PORTNAME= evolution PORTVERSION= 2.2.3 +PORTREVISION= 1 CATEGORIES= mail gnome MASTER_SITES= ${MASTER_SITE_GNOME} MASTER_SITE_SUBDIR= sources/${PORTNAME}/2.2 diff --git a/mail/evolution/files/patch-string_vuln b/mail/evolution/files/patch-string_vuln new file mode 100644 index 000000000000..b9e9d2bd7ab6 --- /dev/null +++ b/mail/evolution/files/patch-string_vuln @@ -0,0 +1,62 @@ +--- calendar/gui/e-cal-component-preview.c.orig Sat Aug 27 18:48:58 2005 ++++ calendar/gui/e-cal-component-preview.c Sat Aug 27 18:49:14 2005 +@@ -284,7 +284,7 @@ write_html (GtkHTMLStream *stream, ECal + str = g_string_append_c (str, text.value[i]); + } + +- gtk_html_stream_printf (stream, str->str); ++ gtk_html_stream_printf (stream, "%s", str->str); + g_string_free (str, TRUE); + } + +--- addressbook/gui/widgets/eab-contact-display.c.orig Sat Aug 27 18:50:22 2005 ++++ addressbook/gui/widgets/eab-contact-display.c Sat Aug 27 18:51:58 2005 +@@ -353,7 +353,7 @@ render_contact (GtkHTMLStream *html_stre + accum_multival_attribute (accum, contact, _("Yahoo"), E_CONTACT_IM_YAHOO, YAHOO_ICON, 0); + + if (accum->len > 0) +- gtk_html_stream_printf (html_stream, accum->str); ++ gtk_html_stream_printf (html_stream, "%s", accum->str); + + end_block (html_stream); + +@@ -368,7 +368,7 @@ render_contact (GtkHTMLStream *html_stre + + if (accum->len > 0) { + start_block (html_stream, _("work")); +- gtk_html_stream_printf (html_stream, accum->str); ++ gtk_html_stream_printf (html_stream, "%s", accum->str); + end_block (html_stream); + } + +@@ -383,7 +383,7 @@ render_contact (GtkHTMLStream *html_stre + + if (accum->len > 0) { + start_block (html_stream, _("personal")); +- gtk_html_stream_printf (html_stream, accum->str); ++ gtk_html_stream_printf (html_stream, "%s", accum->str); + end_block (html_stream); + } + +--- calendar/gui/e-calendar-view.c.orig Sat Aug 27 18:52:46 2005 ++++ calendar/gui/e-calendar-view.c Sat Aug 27 18:53:10 2005 +@@ -1079,7 +1079,7 @@ on_save_as (EPopup *ep, EPopupItem *pite + return; + } + +- fprintf (file, ical_string); ++ fprintf (file, "%s", ical_string); + g_free (ical_string); + fclose (file); + +--- calendar/gui/e-calendar-table.c.orig Sat Aug 27 18:53:42 2005 ++++ calendar/gui/e-calendar-table.c Sat Aug 27 18:53:58 2005 +@@ -1027,7 +1027,7 @@ e_calendar_table_on_save_as (EPopup *ep, + return; + } + +- fprintf (file, ical_string); ++ fprintf (file, "%s", ical_string); + g_free (ical_string); + fclose (file); + } |