diff options
| author | sobomax <sobomax@FreeBSD.org> | 2004-06-08 14:27:43 +0800 |
|---|---|---|
| committer | sobomax <sobomax@FreeBSD.org> | 2004-06-08 14:27:43 +0800 |
| commit | 35d96527365fd44d2a290e2713fc861d72b8ca72 (patch) | |
| tree | f98d5074e62f7be9c2695fe136468a5a2136eebc /devel | |
| parent | bd4dc80d1fca40f8b241b1305f28bf3aaea90fe0 (diff) | |
| download | freebsd-ports-gnome-35d96527365fd44d2a290e2713fc861d72b8ca72.tar.gz freebsd-ports-gnome-35d96527365fd44d2a290e2713fc861d72b8ca72.tar.zst freebsd-ports-gnome-35d96527365fd44d2a290e2713fc861d72b8ca72.zip | |
Fix CAN-2004-0097 vulnerability in devel/pwlib, remove FORBIDDEN and bump
PORTREVISION of related ports.
Requested by: *many*
No reply from: security-officer
Obtained from: Debian/pwlib cvs
Diffstat (limited to 'devel')
| -rw-r--r-- | devel/pwlib/Makefile | 4 | ||||
| -rw-r--r-- | devel/pwlib/files/patch-src::ptclib::asner.cxx | 58 | ||||
| -rw-r--r-- | devel/pwlib152/Makefile | 4 | ||||
| -rw-r--r-- | devel/pwlib152/files/patch-src::ptclib::asner.cxx | 58 |
4 files changed, 118 insertions, 6 deletions
diff --git a/devel/pwlib/Makefile b/devel/pwlib/Makefile index 83314a970548..6c1c42b57c5d 100644 --- a/devel/pwlib/Makefile +++ b/devel/pwlib/Makefile @@ -7,7 +7,7 @@ PORTNAME= pwlib PORTVERSION= 1.5.0 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= devel MASTER_SITES= http://www.openh323.org/bin/ \ http://www.de.openh323.org/bin/ \ @@ -17,8 +17,6 @@ DISTNAME= ${PORTNAME}_${PORTVERSION} MAINTAINER= roger@FreeBSD.org COMMENT= A cross platform C++ library, used by OpenH323 -FORBIDDEN= http://people.freebsd.org/~eik/portaudit/27c331d5-64c7-11d8-80e3-0020ed76ef5a.html - LIB_DEPENDS= expat.5:${PORTSDIR}/textproc/expat2 WRKSRC= ${WRKDIR}/${PORTNAME} diff --git a/devel/pwlib/files/patch-src::ptclib::asner.cxx b/devel/pwlib/files/patch-src::ptclib::asner.cxx new file mode 100644 index 000000000000..4776c3cab7f4 --- /dev/null +++ b/devel/pwlib/files/patch-src::ptclib::asner.cxx @@ -0,0 +1,58 @@ + +$FreeBSD$ + +--- src/ptclib/asner.cxx 2004/06/03 14:44:43 1.1 ++++ src/ptclib/asner.cxx 2004/06/03 14:50:35 +@@ -4926,6 +4926,11 @@ + return -1; + + value += lower; ++ ++ // clamp value to upper limit ++ if (value > upper) ++ value = upper; ++ + return 0; + } + +@@ -4970,7 +4975,13 @@ + unsigned base; + if (!MultiBitDecode(CountBits(upper - lower + 1), base)) + return -1; +- return lower + base; // 10.9.4.1 ++ len = lower + base; // 10.9.4.1 ++ ++ // clamp value to upper limit ++ if (len > upper) ++ len = upper; ++ ++ return len; + } + + if (upper < 65536) // 10.9.3.3 +@@ -4981,13 +4992,20 @@ + if (IsAtEnd()) + return -1; + +- if (SingleBitDecode() == 0) +- return MultiBitDecode(7, len) ? 0 : -1; // 10.9.3.6 ++ if (SingleBitDecode() == 0) { ++ if (!MultiBitDecode(7, len)) // 10.9.3.6 ++ return -1; // 10.9.3.8 unsupported ++ } ++ else if (SingleBitDecode() == 0) { ++ if (!MultiBitDecode(14, len)) // 10.9.3.7 ++ return -1; // 10.9.3.8 unsupported ++ } + +- if (SingleBitDecode() == 0) +- return MultiBitDecode(14, len) ? 0 : -1; // 10.9.3.7 ++ // clamp value to upper limit ++ if (len > upper) ++ len = upper; + +- return -1; // 10.9.3.8 unsupported ++ return 0; + } + + diff --git a/devel/pwlib152/Makefile b/devel/pwlib152/Makefile index 83314a970548..6c1c42b57c5d 100644 --- a/devel/pwlib152/Makefile +++ b/devel/pwlib152/Makefile @@ -7,7 +7,7 @@ PORTNAME= pwlib PORTVERSION= 1.5.0 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= devel MASTER_SITES= http://www.openh323.org/bin/ \ http://www.de.openh323.org/bin/ \ @@ -17,8 +17,6 @@ DISTNAME= ${PORTNAME}_${PORTVERSION} MAINTAINER= roger@FreeBSD.org COMMENT= A cross platform C++ library, used by OpenH323 -FORBIDDEN= http://people.freebsd.org/~eik/portaudit/27c331d5-64c7-11d8-80e3-0020ed76ef5a.html - LIB_DEPENDS= expat.5:${PORTSDIR}/textproc/expat2 WRKSRC= ${WRKDIR}/${PORTNAME} diff --git a/devel/pwlib152/files/patch-src::ptclib::asner.cxx b/devel/pwlib152/files/patch-src::ptclib::asner.cxx new file mode 100644 index 000000000000..4776c3cab7f4 --- /dev/null +++ b/devel/pwlib152/files/patch-src::ptclib::asner.cxx @@ -0,0 +1,58 @@ + +$FreeBSD$ + +--- src/ptclib/asner.cxx 2004/06/03 14:44:43 1.1 ++++ src/ptclib/asner.cxx 2004/06/03 14:50:35 +@@ -4926,6 +4926,11 @@ + return -1; + + value += lower; ++ ++ // clamp value to upper limit ++ if (value > upper) ++ value = upper; ++ + return 0; + } + +@@ -4970,7 +4975,13 @@ + unsigned base; + if (!MultiBitDecode(CountBits(upper - lower + 1), base)) + return -1; +- return lower + base; // 10.9.4.1 ++ len = lower + base; // 10.9.4.1 ++ ++ // clamp value to upper limit ++ if (len > upper) ++ len = upper; ++ ++ return len; + } + + if (upper < 65536) // 10.9.3.3 +@@ -4981,13 +4992,20 @@ + if (IsAtEnd()) + return -1; + +- if (SingleBitDecode() == 0) +- return MultiBitDecode(7, len) ? 0 : -1; // 10.9.3.6 ++ if (SingleBitDecode() == 0) { ++ if (!MultiBitDecode(7, len)) // 10.9.3.6 ++ return -1; // 10.9.3.8 unsupported ++ } ++ else if (SingleBitDecode() == 0) { ++ if (!MultiBitDecode(14, len)) // 10.9.3.7 ++ return -1; // 10.9.3.8 unsupported ++ } + +- if (SingleBitDecode() == 0) +- return MultiBitDecode(14, len) ? 0 : -1; // 10.9.3.7 ++ // clamp value to upper limit ++ if (len > upper) ++ len = upper; + +- return -1; // 10.9.3.8 unsupported ++ return 0; + } + + |