Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 16 Jan 2002 18:56:01 +0900 (JST)
From:      KOMATSU Shinichiro <koma2@jiro.c.u-tokyo.ac.jp>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   ports/33936: Update port: www/lynx
Message-ID:  <20020116095603.2A4911949@taro.c.u-tokyo.ac.jp>
next in thread | raw e-mail | index | archive | help 

>Number:         33936
>Category:       ports
>Synopsis:       Update port: www/lynx
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 16 02:00:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     KOMATSU Shinichiro <koma2@jiro.c.u-tokyo.ac.jp>
>Release:        FreeBSD 4.4-RELEASE-p2 i386
>Organization:
>Environment:
System: FreeBSD 4.4-RELEASE-p2 #1: i386
>Description:
- update www/lynx to 2.8.4rel.1b
- fix the format string vulnerability if configured with --enable-syslog
  (disabled by default)

  http://archives.neohapsis.com/archives/bugtraq/2001-12/0276.html

Added file:
files/patch-syslog

>How-To-Repeat:
	
>Fix:

diff -urN lynx.old/Makefile lynx/Makefile
--- lynx.old/Makefile	Tue Sep 18 02:40:30 2001
+++ lynx/Makefile	Wed Jan 16 18:09:02 2002
@@ -6,10 +6,13 @@
 #
 
 PORTNAME=	lynx
-PORTVERSION=	2.8.4.1
+PORTVERSION=	2.8.4.1b
 CATEGORIES=	www
 MASTER_SITES=	http://lynx.isc.org/current/
 DISTNAME=	${PORTNAME}2.8.4rel.1
+
+PATCH_SITES=	http://lynx.isc.org/current/
+PATCHFILES=	lynx2.8.4rel.1a.patch.gz lynx2.8.4rel.1b.patch.gz
 
 MAINTAINER=	ports@FreeBSD.org
 
diff -urN lynx.old/distinfo lynx/distinfo
--- lynx.old/distinfo	Tue Sep  4 07:49:21 2001
+++ lynx/distinfo	Wed Jan 16 17:57:25 2002
@@ -1 +1,3 @@
 MD5 (lynx2.8.4rel.1.tar.bz2) = 6916c0127839f1e454052b683e4691c4
+MD5 (lynx2.8.4rel.1a.patch.gz) = 84a00365afe757edabdb55cb6d73e10d
+MD5 (lynx2.8.4rel.1b.patch.gz) = 34e2c40e93c412e792a7989f30619662
diff -urN lynx.old/files/patch-syslog lynx/files/patch-syslog
--- lynx.old/files/patch-syslog	Thu Jan  1 09:00:00 1970
+++ lynx/files/patch-syslog	Wed Jan 16 18:03:59 2002
@@ -0,0 +1,11 @@
+--- src/LYUtils.c.orig	Mon Jun 11 10:04:20 2001
++++ src/LYUtils.c	Wed Jan 16 18:03:39 2002
+@@ -8163,7 +8163,7 @@
+ 	    buf[colon2 - arg + 1] = 0;
+ 	    StrAllocCat(buf, "******");
+ 	    StrAllocCat(buf, atsign);
+-	    syslog (LOG_INFO|LOG_LOCAL5, buf);
++	    syslog (LOG_INFO|LOG_LOCAL5, "%s", buf);
+ 	    CTRACE((tfp, "...alter %s\n", buf));
+ 	    FREE(buf);
+ 	    return;
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020116095603.2A4911949>