From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Oct 2 14:50:14 2005 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6396116A41F for ; Sun, 2 Oct 2005 14:50:14 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id D127643D46 for ; Sun, 2 Oct 2005 14:50:13 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j92EoDk9014361 for ; Sun, 2 Oct 2005 14:50:13 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j92EoD4q014360; Sun, 2 Oct 2005 14:50:13 GMT (envelope-from gnats) Resent-Date: Sun, 2 Oct 2005 14:50:13 GMT Resent-Message-Id: <200510021450.j92EoD4q014360@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Emanuel Haupt Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CBBB816A41F for ; Sun, 2 Oct 2005 14:47:44 +0000 (GMT) (envelope-from ehaupt@beaver.critical.ch) Received: from beaver.critical.ch (217-162-251-247.dclient.hispeed.ch [217.162.251.247]) by mx1.FreeBSD.org (Postfix) with ESMTP id 14ACB43D46 for ; Sun, 2 Oct 2005 14:47:43 +0000 (GMT) (envelope-from ehaupt@beaver.critical.ch) Received: from beaver.critical.ch (localhost [127.0.0.1]) by beaver.critical.ch (8.13.4/8.13.4) with ESMTP id j92Elgh8013500 for ; Sun, 2 Oct 2005 16:47:42 +0200 (CEST) (envelope-from ehaupt@beaver.critical.ch) Received: (from ehaupt@localhost) by beaver.critical.ch (8.13.4/8.13.4/Submit) id j92Elfti013499; Sun, 2 Oct 2005 16:47:41 +0200 (CEST) (envelope-from ehaupt) Message-Id: <200510021447.j92Elfti013499@beaver.critical.ch> Date: Sun, 2 Oct 2005 16:47:41 +0200 (CEST) From: Emanuel Haupt To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/86833: maintainer-update: ftp/weex - fixing a remote format string bug X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Emanuel Haupt List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Oct 2005 14:50:14 -0000 >Number: 86833 >Category: ports >Synopsis: maintainer-update: ftp/weex - fixing a remote format string bug >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sun Oct 02 14:50:13 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Emanuel Haupt >Release: FreeBSD 6.0-BETA5 i386 >Organization: >Environment: System: FreeBSD beaver.critical.ch 6.0-BETA5 FreeBSD 6.0-BETA5 #0: Tue Sep 27 19:38:58 CEST 2005 root@beaver.critical.ch:/usr/obj/usr/src/RELENG_6/src/sys/BEAVER i386 >Description: ftp/weex suffers from a remote format string security bug. Someone who controls an FTP server that weex will log in to can set up malicious data in the account that weex will use, and that will cause a format string bug that will allow remote code execution. It will only happen when weex is first run or when its cache files are rebuilt with the -r option, though. This behaviour is verified in versions 2.6.1 and 2.6.1.5 >How-To-Repeat: >Fix: See: http://critical.ch/weex.log --- weex.patch begins here --- Index: Makefile =================================================================== RCS file: /home/ncvs/ports/ftp/weex/Makefile,v retrieving revision 1.2 diff -u -r1.2 Makefile --- Makefile 13 Sep 2005 18:18:40 -0000 1.2 +++ Makefile 2 Oct 2005 09:15:03 -0000 @@ -7,6 +7,7 @@ PORTNAME= weex PORTVERSION= 2.6.1.5 +PORTREVISION= 1 CATEGORIES= ftp MASTER_SITES= ${MASTER_SITE_SOURCEFORGE_EXTENDED} MASTER_SITE_SUBDIR= ${PORTNAME} Index: pkg-descr =================================================================== RCS file: /home/ncvs/ports/ftp/weex/pkg-descr,v retrieving revision 1.1 diff -u -r1.1 pkg-descr --- pkg-descr 8 Sep 2005 11:13:30 -0000 1.1 +++ pkg-descr 2 Oct 2005 09:15:03 -0000 @@ -9,6 +9,3 @@ * caching to speed up the synchronization process WWW: http://weex.sourceforge.net/ - -- ehaupt -ehaupt@critical.ch Index: files/patch-src-log.c =================================================================== RCS file: files/patch-src-log.c diff -N files/patch-src-log.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-src-log.c 2 Oct 2005 09:15:03 -0000 @@ -0,0 +1,11 @@ +--- src/log.c.orig Mon Aug 18 11:52:38 2003 ++++ src/log.c Sun Oct 2 11:06:58 2005 +@@ -183,7 +183,7 @@ + + fp=log_open(); + for(i=0;iRelease-Note: >Audit-Trail: >Unformatted: