From owner-freebsd-ports  Wed Jan 16  2: 0:14 2002
Delivered-To: freebsd-ports@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 7EDCA37B41A
	for <freebsd-ports@hub.freebsd.org>; Wed, 16 Jan 2002 02:00:01 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g0GA01w39227;
	Wed, 16 Jan 2002 02:00:01 -0800 (PST)
	(envelope-from gnats)
Received: from taro.c.u-tokyo.ac.jp (taro.c.u-tokyo.ac.jp [157.82.63.16])
	by hub.freebsd.org (Postfix) with ESMTP id E662337B400
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 16 Jan 2002 01:56:03 -0800 (PST)
Message-Id: <20020116095603.2A4911949@taro.c.u-tokyo.ac.jp>
Date: Wed, 16 Jan 2002 18:56:01 +0900 (JST)
From: KOMATSU Shinichiro <koma2@jiro.c.u-tokyo.ac.jp>
Reply-To: KOMATSU Shinichiro <koma2@jiro.c.u-tokyo.ac.jp>
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.113
Subject: ports/33936: Update port: www/lynx
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org


>Number:         33936
>Category:       ports
>Synopsis:       Update port: www/lynx
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 16 02:00:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     KOMATSU Shinichiro <koma2@jiro.c.u-tokyo.ac.jp>
>Release:        FreeBSD 4.4-RELEASE-p2 i386
>Organization:
>Environment:
System: FreeBSD 4.4-RELEASE-p2 #1: i386
>Description:
- update www/lynx to 2.8.4rel.1b
- fix the format string vulnerability if configured with --enable-syslog
  (disabled by default)

  http://archives.neohapsis.com/archives/bugtraq/2001-12/0276.html

Added file:
files/patch-syslog

>How-To-Repeat:
	
>Fix:

diff -urN lynx.old/Makefile lynx/Makefile
--- lynx.old/Makefile	Tue Sep 18 02:40:30 2001
+++ lynx/Makefile	Wed Jan 16 18:09:02 2002
@@ -6,10 +6,13 @@
 #
 
 PORTNAME=	lynx
-PORTVERSION=	2.8.4.1
+PORTVERSION=	2.8.4.1b
 CATEGORIES=	www
 MASTER_SITES=	http://lynx.isc.org/current/
 DISTNAME=	${PORTNAME}2.8.4rel.1
+
+PATCH_SITES=	http://lynx.isc.org/current/
+PATCHFILES=	lynx2.8.4rel.1a.patch.gz lynx2.8.4rel.1b.patch.gz
 
 MAINTAINER=	ports@FreeBSD.org
 
diff -urN lynx.old/distinfo lynx/distinfo
--- lynx.old/distinfo	Tue Sep  4 07:49:21 2001
+++ lynx/distinfo	Wed Jan 16 17:57:25 2002
@@ -1 +1,3 @@
 MD5 (lynx2.8.4rel.1.tar.bz2) = 6916c0127839f1e454052b683e4691c4
+MD5 (lynx2.8.4rel.1a.patch.gz) = 84a00365afe757edabdb55cb6d73e10d
+MD5 (lynx2.8.4rel.1b.patch.gz) = 34e2c40e93c412e792a7989f30619662
diff -urN lynx.old/files/patch-syslog lynx/files/patch-syslog
--- lynx.old/files/patch-syslog	Thu Jan  1 09:00:00 1970
+++ lynx/files/patch-syslog	Wed Jan 16 18:03:59 2002
@@ -0,0 +1,11 @@
+--- src/LYUtils.c.orig	Mon Jun 11 10:04:20 2001
++++ src/LYUtils.c	Wed Jan 16 18:03:39 2002
+@@ -8163,7 +8163,7 @@
+ 	    buf[colon2 - arg + 1] = 0;
+ 	    StrAllocCat(buf, "******");
+ 	    StrAllocCat(buf, atsign);
+-	    syslog (LOG_INFO|LOG_LOCAL5, buf);
++	    syslog (LOG_INFO|LOG_LOCAL5, "%s", buf);
+ 	    CTRACE((tfp, "...alter %s\n", buf));
+ 	    FREE(buf);
+ 	    return;
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message