From owner-svn-ports-all@FreeBSD.ORG Mon Nov 26 20:55:53 2012 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EDC8190F; Mon, 26 Nov 2012 20:55:53 +0000 (UTC) (envelope-from beat@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id C8B6A8FC15; Mon, 26 Nov 2012 20:55:53 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qAQKtr55072997; Mon, 26 Nov 2012 20:55:53 GMT (envelope-from beat@svn.freebsd.org) Received: (from beat@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id qAQKtrMj072990; Mon, 26 Nov 2012 20:55:53 GMT (envelope-from beat@svn.freebsd.org) Message-Id: <201211262055.qAQKtrMj072990@svn.freebsd.org> From: Beat Gaetzi Date: Mon, 26 Nov 2012 20:55:53 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r307797 - in branches/RELENG_9_1_0: irc/weechat irc/weechat-devel security/vuxml X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2012 20:55:54 -0000 Author: beat Date: Mon Nov 26 20:55:53 2012 New Revision: 307797 URL: http://svnweb.freebsd.org/changeset/ports/307797 Log: MFH r307534 by jase: - Document new vulnerability in irc/weechat and irc/weechat-devel MFH r307535 by jase: - Fix copy and paste error in latest weechat entry (81826d12-317a-11e2-9186-406186f3d89d) MFH r307536 by jase: - Update to 0.3.9.2 Changes: http://www.weechat.org/files/changelog/ChangeLog-0.3.9.2.html Security: 81826d12-317a-11e2-9186-406186f3d89d MFH r307537 by jase: - Update to 20121118 Security: 81826d12-317a-11e2-9186-406186f3d89d Feature safe: yes Modified: branches/RELENG_9_1_0/irc/weechat-devel/Makefile branches/RELENG_9_1_0/irc/weechat-devel/distinfo branches/RELENG_9_1_0/irc/weechat/Makefile branches/RELENG_9_1_0/irc/weechat/distinfo branches/RELENG_9_1_0/security/vuxml/vuln.xml Directory Properties: branches/RELENG_9_1_0/ (props changed) Modified: branches/RELENG_9_1_0/irc/weechat-devel/Makefile ============================================================================== --- branches/RELENG_9_1_0/irc/weechat-devel/Makefile Mon Nov 26 20:28:54 2012 (r307796) +++ branches/RELENG_9_1_0/irc/weechat-devel/Makefile Mon Nov 26 20:55:53 2012 (r307797) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= weechat -PORTVERSION= 20121110 +PORTVERSION= 20121118 CATEGORIES= irc MASTER_SITES= http://perturb.me.uk/distfiles/ \ ${MASTER_SITE_LOCAL} @@ -26,7 +26,7 @@ WANT_PERL= yes LIB_DEPENDS+= curl:${PORTSDIR}/ftp/curl \ gcrypt:${PORTSDIR}/security/libgcrypt -GITREV= 7cd376b +GITREV= 57293ff WRKSRC= ${WRKDIR}/${PORTNAME}-${GITREV} # Please note: the DEBUG option is *NOT* empty, it is utilised by Modified: branches/RELENG_9_1_0/irc/weechat-devel/distinfo ============================================================================== --- branches/RELENG_9_1_0/irc/weechat-devel/distinfo Mon Nov 26 20:28:54 2012 (r307796) +++ branches/RELENG_9_1_0/irc/weechat-devel/distinfo Mon Nov 26 20:55:53 2012 (r307797) @@ -1,2 +1,2 @@ -SHA256 (weechat-devel-7cd376b.tar.gz) = dd10c1ab81051ec3476ad95a12c4c70cd8161a5f0dbcc7f0659e3d2602a79ef2 -SIZE (weechat-devel-7cd376b.tar.gz) = 2517031 +SHA256 (weechat-devel-57293ff.tar.gz) = c4aa77d7ba73fc2994215ca0ae8527b0661a19d8f9df011983168348fbb257c5 +SIZE (weechat-devel-57293ff.tar.gz) = 2518572 Modified: branches/RELENG_9_1_0/irc/weechat/Makefile ============================================================================== --- branches/RELENG_9_1_0/irc/weechat/Makefile Mon Nov 26 20:28:54 2012 (r307796) +++ branches/RELENG_9_1_0/irc/weechat/Makefile Mon Nov 26 20:55:53 2012 (r307797) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= weechat -PORTVERSION= 0.3.9.1 +PORTVERSION= 0.3.9.2 CATEGORIES= irc MASTER_SITES= http://weechat.org/files/src/ Modified: branches/RELENG_9_1_0/irc/weechat/distinfo ============================================================================== --- branches/RELENG_9_1_0/irc/weechat/distinfo Mon Nov 26 20:28:54 2012 (r307796) +++ branches/RELENG_9_1_0/irc/weechat/distinfo Mon Nov 26 20:55:53 2012 (r307797) @@ -1,2 +1,2 @@ -SHA256 (weechat-0.3.9.1.tar.gz) = 9a6ad4aacbda9c5524dc519cc8782621d59ba1bf0556e64f5ae4f9102f28b29d -SIZE (weechat-0.3.9.1.tar.gz) = 3756617 +SHA256 (weechat-0.3.9.2.tar.gz) = 03949cfc4cd6b6c1d5b7791804ff54c44f1209d3e753dd48461d67cbb1738c84 +SIZE (weechat-0.3.9.2.tar.gz) = 3757977 Modified: branches/RELENG_9_1_0/security/vuxml/vuln.xml ============================================================================== --- branches/RELENG_9_1_0/security/vuxml/vuln.xml Mon Nov 26 20:28:54 2012 (r307796) +++ branches/RELENG_9_1_0/security/vuxml/vuln.xml Mon Nov 26 20:55:53 2012 (r307797) @@ -204,6 +204,40 @@ Note: Please add new entries to the beg + + weechat -- Arbitrary shell command execution via scripts + + + weechat + 0.3.00.3.9.2 + + + weechat-devel + 20121118 + + + + +

Sebastien Helleu reports:

+
+

Untrusted command for function hook_process could lead to + execution of commands, because of shell expansions.

+

Workaround with a non-patched version: remove/unload all scripts + calling function hook_process (for maximum safety).

+
+ + + + http://weechat.org/security/ + https://savannah.nongnu.org/bugs/?37764 + + + 2012-11-15 + 2012-11-18 + 2012-11-18 + + + bugzilla -- multiple vulnerabilities