From 1867354dcbc4095dd298bdbf324238980b031457 Mon Sep 17 00:00:00 2001 From: MANTANI Nobutaka Date: Mon, 14 Feb 2005 15:32:30 +0000 Subject: [PATCH] Fix format string vulnerability in the movemail utility. Security: CAN-2005-0100 Security: http://www.vuxml.org/freebsd/3e3c860d-7dae-11d9-a9e7-0001020eed82.html Security: Malicious POP3 servers can execute arbitrary code. --- editors/emacs/Makefile | 2 +- editors/emacs/files/patch-lib-src:movemail.c | 11 +++++++++++ editors/emacs22/Makefile | 2 +- editors/emacs22/files/patch-lib-src:movemail.c | 11 +++++++++++ editors/emacs23/Makefile | 2 +- editors/emacs23/files/patch-lib-src:movemail.c | 11 +++++++++++ 6 files changed, 36 insertions(+), 3 deletions(-) create mode 100644 editors/emacs/files/patch-lib-src:movemail.c create mode 100644 editors/emacs22/files/patch-lib-src:movemail.c create mode 100644 editors/emacs23/files/patch-lib-src:movemail.c diff --git a/editors/emacs/Makefile b/editors/emacs/Makefile index 862df586a859..31853c7fe89b 100644 --- a/editors/emacs/Makefile +++ b/editors/emacs/Makefile @@ -7,7 +7,7 @@ PORTNAME= emacs PORTVERSION= 21.3 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= editors ipv6 MASTER_SITES= ${MASTER_SITE_GNU} MASTER_SITE_SUBDIR= ${PORTNAME} diff --git a/editors/emacs/files/patch-lib-src:movemail.c b/editors/emacs/files/patch-lib-src:movemail.c new file mode 100644 index 000000000000..c47286937302 --- /dev/null +++ b/editors/emacs/files/patch-lib-src:movemail.c @@ -0,0 +1,11 @@ +--- lib-src/movemail.c.orig Mon Feb 14 11:29:49 2005 ++++ lib-src/movemail.c Mon Feb 14 11:33:06 2005 +@@ -787,7 +787,7 @@ + mbx_delimit_begin (mbf); + if (pop_retr (server, i, mbf) != OK) + { +- error (Errmsg, 0, 0); ++ error ("%s", Errmsg, 0); + close (mbfi); + return (1); + } diff --git a/editors/emacs22/Makefile b/editors/emacs22/Makefile index 862df586a859..31853c7fe89b 100644 --- a/editors/emacs22/Makefile +++ b/editors/emacs22/Makefile @@ -7,7 +7,7 @@ PORTNAME= emacs PORTVERSION= 21.3 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= editors ipv6 MASTER_SITES= ${MASTER_SITE_GNU} MASTER_SITE_SUBDIR= ${PORTNAME} diff --git a/editors/emacs22/files/patch-lib-src:movemail.c b/editors/emacs22/files/patch-lib-src:movemail.c new file mode 100644 index 000000000000..c47286937302 --- /dev/null +++ b/editors/emacs22/files/patch-lib-src:movemail.c @@ -0,0 +1,11 @@ +--- lib-src/movemail.c.orig Mon Feb 14 11:29:49 2005 ++++ lib-src/movemail.c Mon Feb 14 11:33:06 2005 +@@ -787,7 +787,7 @@ + mbx_delimit_begin (mbf); + if (pop_retr (server, i, mbf) != OK) + { +- error (Errmsg, 0, 0); ++ error ("%s", Errmsg, 0); + close (mbfi); + return (1); + } diff --git a/editors/emacs23/Makefile b/editors/emacs23/Makefile index 862df586a859..31853c7fe89b 100644 --- a/editors/emacs23/Makefile +++ b/editors/emacs23/Makefile @@ -7,7 +7,7 @@ PORTNAME= emacs PORTVERSION= 21.3 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= editors ipv6 MASTER_SITES= ${MASTER_SITE_GNU} MASTER_SITE_SUBDIR= ${PORTNAME} diff --git a/editors/emacs23/files/patch-lib-src:movemail.c b/editors/emacs23/files/patch-lib-src:movemail.c new file mode 100644 index 000000000000..c47286937302 --- /dev/null +++ b/editors/emacs23/files/patch-lib-src:movemail.c @@ -0,0 +1,11 @@ +--- lib-src/movemail.c.orig Mon Feb 14 11:29:49 2005 ++++ lib-src/movemail.c Mon Feb 14 11:33:06 2005 +@@ -787,7 +787,7 @@ + mbx_delimit_begin (mbf); + if (pop_retr (server, i, mbf) != OK) + { +- error (Errmsg, 0, 0); ++ error ("%s", Errmsg, 0); + close (mbfi); + return (1); + }