diff options
author | marcus <marcus@FreeBSD.org> | 2005-08-28 06:57:45 +0800 |
---|---|---|
committer | marcus <marcus@FreeBSD.org> | 2005-08-28 06:57:45 +0800 |
commit | b221c0e6305f76cb5658977c1e224cf25df41f21 (patch) | |
tree | e1626269df02012b9414284c441e73ea718f29e3 /mail | |
parent | 617950ce5c7a8f8668e858d8970ed053905aed33 (diff) | |
download | freebsd-ports-gnome-b221c0e6305f76cb5658977c1e224cf25df41f21.tar.gz freebsd-ports-gnome-b221c0e6305f76cb5658977c1e224cf25df41f21.tar.zst freebsd-ports-gnome-b221c0e6305f76cb5658977c1e224cf25df41f21.zip |
Fix the string format vulnerability desribed at
http://marc.theaimsgroup.com/?l=full-disclosure&m=112368237712032&w=2.
Security: Fixes the vulnerability described at
http://www.vuxml.org/freebsd/cveitem-2005-2549.html
Approved by: portmgr (implicit)
Obtained from: Evolution CVS
Diffstat (limited to 'mail')
-rw-r--r-- | mail/evolution/Makefile | 1 | ||||
-rw-r--r-- | mail/evolution/files/patch-string_vuln | 62 |
2 files changed, 63 insertions, 0 deletions
diff --git a/mail/evolution/Makefile b/mail/evolution/Makefile index 158df2d39f13..d2402cec05b5 100644 --- a/mail/evolution/Makefile +++ b/mail/evolution/Makefile @@ -7,6 +7,7 @@ PORTNAME= evolution PORTVERSION= 2.2.3 +PORTREVISION= 1 CATEGORIES= mail gnome MASTER_SITES= ${MASTER_SITE_GNOME} MASTER_SITE_SUBDIR= sources/${PORTNAME}/2.2 diff --git a/mail/evolution/files/patch-string_vuln b/mail/evolution/files/patch-string_vuln new file mode 100644 index 000000000000..b9e9d2bd7ab6 --- /dev/null +++ b/mail/evolution/files/patch-string_vuln @@ -0,0 +1,62 @@ +--- calendar/gui/e-cal-component-preview.c.orig Sat Aug 27 18:48:58 2005 ++++ calendar/gui/e-cal-component-preview.c Sat Aug 27 18:49:14 2005 +@@ -284,7 +284,7 @@ write_html (GtkHTMLStream *stream, ECal + str = g_string_append_c (str, text.value[i]); + } + +- gtk_html_stream_printf (stream, str->str); ++ gtk_html_stream_printf (stream, "%s", str->str); + g_string_free (str, TRUE); + } + +--- addressbook/gui/widgets/eab-contact-display.c.orig Sat Aug 27 18:50:22 2005 ++++ addressbook/gui/widgets/eab-contact-display.c Sat Aug 27 18:51:58 2005 +@@ -353,7 +353,7 @@ render_contact (GtkHTMLStream *html_stre + accum_multival_attribute (accum, contact, _("Yahoo"), E_CONTACT_IM_YAHOO, YAHOO_ICON, 0); + + if (accum->len > 0) +- gtk_html_stream_printf (html_stream, accum->str); ++ gtk_html_stream_printf (html_stream, "%s", accum->str); + + end_block (html_stream); + +@@ -368,7 +368,7 @@ render_contact (GtkHTMLStream *html_stre + + if (accum->len > 0) { + start_block (html_stream, _("work")); +- gtk_html_stream_printf (html_stream, accum->str); ++ gtk_html_stream_printf (html_stream, "%s", accum->str); + end_block (html_stream); + } + +@@ -383,7 +383,7 @@ render_contact (GtkHTMLStream *html_stre + + if (accum->len > 0) { + start_block (html_stream, _("personal")); +- gtk_html_stream_printf (html_stream, accum->str); ++ gtk_html_stream_printf (html_stream, "%s", accum->str); + end_block (html_stream); + } + +--- calendar/gui/e-calendar-view.c.orig Sat Aug 27 18:52:46 2005 ++++ calendar/gui/e-calendar-view.c Sat Aug 27 18:53:10 2005 +@@ -1079,7 +1079,7 @@ on_save_as (EPopup *ep, EPopupItem *pite + return; + } + +- fprintf (file, ical_string); ++ fprintf (file, "%s", ical_string); + g_free (ical_string); + fclose (file); + +--- calendar/gui/e-calendar-table.c.orig Sat Aug 27 18:53:42 2005 ++++ calendar/gui/e-calendar-table.c Sat Aug 27 18:53:58 2005 +@@ -1027,7 +1027,7 @@ e_calendar_table_on_save_as (EPopup *ep, + return; + } + +- fprintf (file, ical_string); ++ fprintf (file, "%s", ical_string); + g_free (ical_string); + fclose (file); + } |