Correct a remotely exploitable vulnerability in subversion's date

parsing. http://vuxml.freebsd.org/5d36ef32-a9cf-11d8-9c6d-0020ed76ef5a.html The patch was supplied by Stefan Esser and verified by Ben Reser.
author: nectar <nectar@FreeBSD.org> 2004-05-20 04:22:30 +0800
committer: nectar <nectar@FreeBSD.org> 2004-05-20 04:22:30 +0800
commit: 67ae8a65501c4a5350233feebdada8298581e700 (patch)
tree: d23d0f3ed404d640335152cbf99dbccc444d0cfc
parent: 8115b3a5cb97f46f0d4fdb87d47d06a75a0f763b (diff)
download: freebsd-ports-graphics-67ae8a65501c4a5350233feebdada8298581e700.tar.gz
freebsd-ports-graphics-67ae8a65501c4a5350233feebdada8298581e700.tar.zst
freebsd-ports-graphics-67ae8a65501c4a5350233feebdada8298581e700.zip
8 files changed, 56 insertions, 0 deletions
diff --git a/devel/subversion-devel/Makefile b/devel/subversion-devel/Makefile
index bd12a551697..13c38cf8eea 100644
--- a/devel/subversion-devel/Makefile
+++ b/devel/subversion-devel/Makefile
@@ -6,6 +6,7 @@
 
 PORTNAME=	subversion
 PORTVERSION=	1.0.2
+PORTREVISION=	1
 CATEGORIES=	devel
 MASTER_SITES=	http://subversion.tigris.org/tarballs/
 
diff --git a/devel/subversion-devel/files/patch-subversion::libsvn_subr::time.c b/devel/subversion-devel/files/patch-subversion::libsvn_subr::time.c
new file mode 100644
index 00000000000..57b3129395c
--- /dev/null
+++ b/devel/subversion-devel/files/patch-subversion::libsvn_subr::time.c
@@ -0,0 +1,13 @@
+Index: subversion/libsvn_subr/time.c
+===================================================================
+--- subversion/libsvn_subr/time.c	(revision 9636)
++++ subversion/libsvn_subr/time.c	(working copy)
+@@ -55,7 +55,7 @@
+  * compatibility, but no longer generated.
+  */
+ static const char * const old_timestamp_format =
+-"%s %d %s %d %02d:%02d:%02d.%06d (day %03d, dst %d, gmt_off %06d)";
++"%3s %d %3s %d %02d:%02d:%02d.%06d (day %03d, dst %d, gmt_off %06d)";
+ 
+ /* Our human representation of dates looks like this:
+  *
diff --git a/devel/subversion-freebsd/Makefile b/devel/subversion-freebsd/Makefile
index bd12a551697..13c38cf8eea 100644
--- a/devel/subversion-freebsd/Makefile
+++ b/devel/subversion-freebsd/Makefile
@@ -6,6 +6,7 @@
 
 PORTNAME=	subversion
 PORTVERSION=	1.0.2
+PORTREVISION=	1
 CATEGORIES=	devel
 MASTER_SITES=	http://subversion.tigris.org/tarballs/
 
diff --git a/devel/subversion-freebsd/files/patch-subversion::libsvn_subr::time.c b/devel/subversion-freebsd/files/patch-subversion::libsvn_subr::time.c
new file mode 100644
index 00000000000..57b3129395c
--- /dev/null
+++ b/devel/subversion-freebsd/files/patch-subversion::libsvn_subr::time.c
@@ -0,0 +1,13 @@
+Index: subversion/libsvn_subr/time.c
+===================================================================
+--- subversion/libsvn_subr/time.c	(revision 9636)
++++ subversion/libsvn_subr/time.c	(working copy)
+@@ -55,7 +55,7 @@
+  * compatibility, but no longer generated.
+  */
+ static const char * const old_timestamp_format =
+-"%s %d %s %d %02d:%02d:%02d.%06d (day %03d, dst %d, gmt_off %06d)";
++"%3s %d %3s %d %02d:%02d:%02d.%06d (day %03d, dst %d, gmt_off %06d)";
+ 
+ /* Our human representation of dates looks like this:
+  *
diff --git a/devel/subversion/Makefile b/devel/subversion/Makefile
index bd12a551697..13c38cf8eea 100644
--- a/devel/subversion/Makefile
+++ b/devel/subversion/Makefile
@@ -6,6 +6,7 @@
 
 PORTNAME=	subversion
 PORTVERSION=	1.0.2
+PORTREVISION=	1
 CATEGORIES=	devel
 MASTER_SITES=	http://subversion.tigris.org/tarballs/
 
diff --git a/devel/subversion/files/patch-subversion::libsvn_subr::time.c b/devel/subversion/files/patch-subversion::libsvn_subr::time.c
new file mode 100644
index 00000000000..57b3129395c
--- /dev/null
+++ b/devel/subversion/files/patch-subversion::libsvn_subr::time.c
@@ -0,0 +1,13 @@
+Index: subversion/libsvn_subr/time.c
+===================================================================
+--- subversion/libsvn_subr/time.c	(revision 9636)
++++ subversion/libsvn_subr/time.c	(working copy)
+@@ -55,7 +55,7 @@
+  * compatibility, but no longer generated.
+  */
+ static const char * const old_timestamp_format =
+-"%s %d %s %d %02d:%02d:%02d.%06d (day %03d, dst %d, gmt_off %06d)";
++"%3s %d %3s %d %02d:%02d:%02d.%06d (day %03d, dst %d, gmt_off %06d)";
+ 
+ /* Our human representation of dates looks like this:
+  *
diff --git a/devel/subversion16/Makefile b/devel/subversion16/Makefile
index bd12a551697..13c38cf8eea 100644
--- a/devel/subversion16/Makefile
+++ b/devel/subversion16/Makefile
@@ -6,6 +6,7 @@
 
 PORTNAME=	subversion
 PORTVERSION=	1.0.2
+PORTREVISION=	1
 CATEGORIES=	devel
 MASTER_SITES=	http://subversion.tigris.org/tarballs/
 
diff --git a/devel/subversion16/files/patch-subversion::libsvn_subr::time.c b/devel/subversion16/files/patch-subversion::libsvn_subr::time.c
new file mode 100644
index 00000000000..57b3129395c
--- /dev/null
+++ b/devel/subversion16/files/patch-subversion::libsvn_subr::time.c
@@ -0,0 +1,13 @@
+Index: subversion/libsvn_subr/time.c
+===================================================================
+--- subversion/libsvn_subr/time.c	(revision 9636)
++++ subversion/libsvn_subr/time.c	(working copy)
+@@ -55,7 +55,7 @@
+  * compatibility, but no longer generated.
+  */
+ static const char * const old_timestamp_format =
+-"%s %d %s %d %02d:%02d:%02d.%06d (day %03d, dst %d, gmt_off %06d)";
++"%3s %d %3s %d %02d:%02d:%02d.%06d (day %03d, dst %d, gmt_off %06d)";
+ 
+ /* Our human representation of dates looks like this:
+  *
author	nectar <nectar@FreeBSD.org>	2004-05-20 04:22:30 +0800
committer	nectar <nectar@FreeBSD.org>	2004-05-20 04:22:30 +0800
commit	67ae8a65501c4a5350233feebdada8298581e700 (patch)
tree	d23d0f3ed404d640335152cbf99dbccc444d0cfc
parent	8115b3a5cb97f46f0d4fdb87d47d06a75a0f763b (diff)
download	freebsd-ports-graphics-67ae8a65501c4a5350233feebdada8298581e700.tar.gz freebsd-ports-graphics-67ae8a65501c4a5350233feebdada8298581e700.tar.zst freebsd-ports-graphics-67ae8a65501c4a5350233feebdada8298581e700.zip