FreeBSD Mail Archives

Date:      Tue, 13 Feb 2001 18:46:04 -0500 (EST)
From:      Christopher K Davis <ckd@komarr.ckdhr.com>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   ports/25079: SECURITY FIX: update ports/www/analog to 4.16
Message-ID:  <200102132346.f1DNk4M02094@komarr.ckdhr.com>

next in thread | raw e-mail | index | archive | help


>Number:         25079
>Category:       ports
>Synopsis:       analog < 4.16 has buffer overflow (possible exploit via forms)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 13 15:50:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Christopher K Davis
>Release:        FreeBSD 4.2-STABLE i386
>Organization:
CKDHR
>Environment:
 
Only tested on FreeBSD komarr.ckdhr.com 4.2-STABLE FreeBSD 4.2-STABLE
#0: Tue Feb 13 05:07:18 EST 2001
ckd@komarr.ckdhr.com:/usr/obj/usr/src/sys/ASABOX i386
 
>Description:
        http://www.analog.cx/security2.html 
 
"There is a buffer overflow bug in all versions of analog released 
prior to today. A malicious user could use an ALIAS command to 
construct very long strings which were not checked for length. 
 
This bug is particularly dangerous if the form interface (which allows 
unknown users to run the program via a CGI script) has been installed. 
 
This bug was discovered by the program author, and there is no known 
exploit. However, users are advised to upgrade to one of the two safe 
versions immediately, especially if they have installed the form 
interface." 
 
>How-To-Repeat:

No known exploit...yet.   (Bug found by progam author.)
 
>Fix:
 
Upgrade port to 4.16 (currently 4.11) using patch below.
 
This can also close out PR ports/25011 which was a patch to upgrade this
port to analog 4.15.  This patch is identical to the one supplied there 
modulo the Makefile and distinfo changes. 

diff -ruN analog.old/files/patch-aa analog/files/patch-aa
--- analog.old/files/patch-aa	Sat Apr 15 03:28:01 2000
+++ analog/files/patch-aa	Sun Feb 11 16:08:16 2001
@@ -1,5 +1,5 @@
---- Makefile.orig	Thu Mar 30 17:59:16 2000
-+++ Makefile	Sat Apr 15 11:09:28 2000
+--- Makefile.orig	Thu Feb  1 08:58:17 2001
++++ Makefile	Sun Feb 11 16:06:14 2001
 @@ -7,7 +7,7 @@
  #                    -Ae (HP/UX 10);       BS2000/OSD requires -XLLML -XLLMK;
  #                    NeXTSTEP apparently needs...
@@ -7,20 +7,20 @@
 -DEFS =             # any of -DNOPIPES -DNODNS -DNODIRENT -DNOOPEN ...
 +#DEFS =             # any of -DNOPIPES -DNODNS -DNODIRENT -DNOOPEN ...
  #                    ... -DEBCDIC -DNOGMTIME -DNEED_STRCMP -DNEED_MEMMOVE ...
- #                    ... -DNEED_STRTOUL -DNEED_DIFFTIME -DNEED_FLOATINGPOINT_H
- #                    Solaris 2 (SunOS 5) might need DEFS = -DNEED_STRCMP
-@@ -15,6 +15,10 @@
- #   DEFS = -DNEED_MEMMOVE -DNEED_STRTOUL -DNEED_DIFFTIME -DNEED_FLOATINGPOINT_H
+ #                    ... -DNEED_STRTOUL -DNEED_DIFFTIME -DHAVE_ADDR_T ...
+ #                    ... -DNEED_FLOATINGPOINT_H
+@@ -18,6 +18,10 @@
  #                    DYNIX/ptx reportedly needs -D_SOCKET_VERSION=11
+ #                    MPE/iX needs -D_POSIX_SOURCE -D_SOCKET_SOURCE
  #                    All the options are explained at the bottom of this file.
 +DEFS =  -DANALOGDIR=\"$(PREFIX)/lib/analog/\" \
 +	-DLOGFILE=\"/var/log/httpd-access.log\" \
 +	-DIMAGEDIR=\"/images/\" \
 +	-DDEFAULTCONFIGFILE=\"$(PREFIX)/etc/analog.cfg\"
- OS = UNIX          # Operating system: UNIX, DOS, WIN32, MAC, OS2, VMS
- #                    RISCOS, BEOS, NEXTSTEP, BS2000
+ OS = UNIX          # Operating system: UNIX, DOS, WIN32, MAC, OS2, OSX, VMS,
+ #                    RISCOS, BEOS, NEXTSTEP, MPEIX, BS2000, AS400
  LIBS =       # extra libraries needed; Solaris 2 (SunOS 5) needs
-@@ -29,7 +33,7 @@
+@@ -33,7 +37,7 @@
  	input.o macinput.o macstuff.o output.o output2.o pcre.o process.o \
  	settings.o sort.o tree.o utils.o win32.o
  HEADERS = anlghead.h anlghea2.h anlghea3.h anlghea4.h macdir.h pcre.h
@@ -28,4 +28,4 @@
 +CFLAGS += $(DEFS) -D$(OS)
  
  $(PROGRAM): $(OBJS) $(HEADERS) Makefile
- 	$(CC) $(CEXTRAFLAGS) $(OBJS) -o $(PROGRAM) $(LIBS)
+ 	$(CC) $(CEXTRAFLAGS) -o $(PROGRAM) $(OBJS) $(LIBS)
diff -ruN analog.old/pkg-plist analog/pkg-plist
--- analog.old/pkg-plist	Sun Jun  4 15:21:07 2000
+++ analog/pkg-plist	Sun Feb 11 16:43:03 2001
@@ -6,14 +6,23 @@
 lib/analog/lang/am.lng
 lib/analog/lang/amdom.tab
 lib/analog/lang/ba.lng
+lib/analog/lang/bg.lng
+lib/analog/lang/bgdom.tab
+lib/analog/lang/bgh.lng
+lib/analog/lang/bghdom.tab
 lib/analog/lang/br.lng
 lib/analog/lang/bra.lng
+lib/analog/lang/bradom.tab
+lib/analog/lang/brdom.tab
 lib/analog/lang/brh.lng
+lib/analog/lang/brhdom.tab
 lib/analog/lang/cat.lng
 lib/analog/lang/cata.lng
+lib/analog/lang/catadom.tab
+lib/analog/lang/catdom.tab
 lib/analog/lang/cath.lng
-lib/analog/lang/cns.lng
-lib/analog/lang/cnt.lng
+lib/analog/lang/cathdom.tab
+lib/analog/lang/cn.lng
 lib/analog/lang/cz.lng
 lib/analog/lang/cz1250.lng
 lib/analog/lang/cza.lng
@@ -36,7 +45,10 @@
 lib/analog/lang/eshdom.tab
 lib/analog/lang/fi.lng
 lib/analog/lang/fia.lng
+lib/analog/lang/fiadom.tab
+lib/analog/lang/fidom.tab
 lib/analog/lang/fih.lng
+lib/analog/lang/fihdom.tab
 lib/analog/lang/fr.lng
 lib/analog/lang/fra.lng
 lib/analog/lang/fradom.tab
@@ -46,12 +58,12 @@
 lib/analog/lang/frhdom.tab
 lib/analog/lang/gr.lng
 lib/analog/lang/gra.lng
+lib/analog/lang/hr.lng
 lib/analog/lang/hu.cfg
 lib/analog/lang/hu.lng
 lib/analog/lang/hua.lng
 lib/analog/lang/huadom.tab
 lib/analog/lang/hudom.tab
-lib/analog/lang/itform.html
 lib/analog/lang/is.lng
 lib/analog/lang/isa.lng
 lib/analog/lang/ish.lng
@@ -59,6 +71,7 @@
 lib/analog/lang/ita.lng
 lib/analog/lang/itadom.tab
 lib/analog/lang/itdom.tab
+lib/analog/lang/itform.html
 lib/analog/lang/ith.lng
 lib/analog/lang/ithdom.tab
 lib/analog/lang/jp.lng
@@ -81,7 +94,10 @@
 lib/analog/lang/pldom.tab
 lib/analog/lang/pt.lng
 lib/analog/lang/pta.lng
+lib/analog/lang/ptadom.tab
+lib/analog/lang/ptdom.tab
 lib/analog/lang/pth.lng
+lib/analog/lang/pthdom.tab
 lib/analog/lang/ro.lng
 lib/analog/lang/rodom.tab
 lib/analog/lang/ru.lng
@@ -102,12 +118,15 @@
 lib/analog/lang/ska.lng
 lib/analog/lang/tr.lng
 lib/analog/lang/tra.lng
+lib/analog/lang/tw.lng
+lib/analog/lang/twdom.tab
 lib/analog/lang/ua.lng
 lib/analog/lang/uk.lng
 lib/analog/lang/uka.lng
 lib/analog/lang/ukdom.tab
 lib/analog/lang/us.lng
 lib/analog/lang/usa.lng
+lib/analog/lang/usdom.tab
 lib/analog/lang/usform.html
 lib/analog/lang/yu.lng
 lib/analog/lang/yua.lng
@@ -116,6 +135,8 @@
 share/doc/analog/Readme.html
 share/doc/analog/acknow.html
 share/doc/analog/alias.html
+share/doc/analog/analogo.gif
+share/doc/analog/anlgdocs.css
 share/doc/analog/args.html
 share/doc/analog/bara8.gif
 share/doc/analog/barb1.gif
@@ -137,6 +158,7 @@
 share/doc/analog/domfile.html
 share/doc/analog/errors.html
 share/doc/analog/faq.html
+share/doc/analog/favicon.ico
 share/doc/analog/form.html
 share/doc/analog/helpers.html
 share/doc/analog/hierreps.html

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102132346.f1DNk4M02094>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation