From owner-freebsd-ports  Fri Dec  7  1:57: 1 2001
Delivered-To: freebsd-ports@freebsd.org
Received: from freebsd.org.ru (sweet.etrust.ru [194.84.67.5])
	by hub.freebsd.org (Postfix) with ESMTP
	id EE4E537B69F; Fri,  7 Dec 2001 01:56:24 -0800 (PST)
Received: by freebsd.org.ru (Postfix, from userid 1000)
	id 8F97FB0; Fri,  7 Dec 2001 12:56:21 +0300 (MSK)
Date: Fri, 7 Dec 2001 12:56:21 +0300
From: "Sergey A. Osokin" <osa@freebsd.org.ru>
To: ports@FreeBSD.org
Cc: FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: ports/32555: Formatting string bug in cyrus sasl lib
Message-ID: <20011207125621.A42962@freebsd.org.ru>
References: <200112061800.fB6I04c49839@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="OXfL5xGRrasGEqWY"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200112061800.fB6I04c49839@freefall.freebsd.org>; from hetzels@westbend.net on Thu, Dec 06, 2001 at 10:00:04AM -0800
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org


--OXfL5xGRrasGEqWY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Dec 06, 2001 at 10:00:04AM -0800, Scot W. Hetzel wrote:
> 
>  From: "Alexey Rodin" <alx@cii.sumy.ua>
>  >     A format bug was found in one of the logging functions, that could be
>  >     used by an attacker to gain access to a machine or to acquire higher
>  >     privileges.
>  
>  I am working on the upgrade to 1.5.27, but if someone could commit this to
>  the current cyrus-sasl port as patch-lib::common.c.

Please review and commit attached patch for port.
Thanks.

-- 

Rgdz,                                /"\ 
Sergey Osokin aka oZZ,               \ /  ASCII RIBBON CAMPAIGN
osa@freebsd.org.ru                    X     AGAINST HTML MAIL
http://freebsd.org.ru/~osa/          / \

--OXfL5xGRrasGEqWY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=patch-cyrus-sasl

diff -ruN cyrus-sasl.orig/Makefile cyrus-sasl/Makefile
--- cyrus-sasl.orig/Makefile	Thu Dec  6 18:36:51 2001
+++ cyrus-sasl/Makefile	Fri Dec  7 12:53:05 2001
@@ -7,7 +7,7 @@
 
 PORTNAME=	cyrus-sasl
 PORTVERSION=	1.5.24
-PORTREVISION=	7
+PORTREVISION=	8
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/ \
 		${MASTER_SITE_LOCAL} \
diff -ruN cyrus-sasl.orig/files/patch-lib::common.c cyrus-sasl/files/patch-lib::common.c
--- cyrus-sasl.orig/files/patch-lib::common.c	Thu Jan  1 03:00:00 1970
+++ cyrus-sasl/files/patch-lib::common.c	Thu Dec  6 18:35:55 2001
@@ -0,0 +1,11 @@
+--- lib/common.c.orig	Thu Dec  6 18:34:09 2001
++++ lib/common.c	Thu Dec  6 18:34:24 2001
+@@ -596,7 +596,7 @@
+     }
+     
+     /* do the syslog call. do not need to call openlog */
+-    syslog(syslog_priority | LOG_AUTH, message);
++    syslog(syslog_priority | LOG_AUTH, "%s", message);
+     
+     return SASL_OK;
+ }

--OXfL5xGRrasGEqWY--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message