diff options
| author | Wes Peters <wes@FreeBSD.org> | 2002-04-22 22:18:03 +0000 |
|---|---|---|
| committer | Wes Peters <wes@FreeBSD.org> | 2002-04-22 22:18:03 +0000 |
| commit | 349462b79e4c35c2b8a7d163a4ba1c884ef8833d (patch) | |
| tree | 9030b310002f72778dbb46e52ccdbd599e4d8bcf /irc | |
| parent | Get rid of aout support cruft. (diff) | |
Muh released an update with a critical format string correction
that was remotely exploitable. This change updates the port to the
corrected version. The patchfile in the previous port corrected
some, but not all, of the vulnerability.
Maintainer timeout: BillF was unresponsive after 9 days, Debolaz
requested the port be fixed or marked broken via IRC.
PR: ports/37048
Submitted by: Geir RĂ¥ness <pulz@pulz.no>
Requested by: Debolaz <debolaz@debolaz.com>
Notes
Notes:
svn path=/head/; revision=58009
Diffstat (limited to 'irc')
| -rw-r--r-- | irc/muh/Makefile | 5 | ||||
| -rw-r--r-- | irc/muh/distinfo | 2 | ||||
| -rw-r--r-- | irc/muh/files/patch-aa | 29 |
3 files changed, 4 insertions, 32 deletions
diff --git a/irc/muh/Makefile b/irc/muh/Makefile index bd1e364dbbd0..c2c8125fa748 100644 --- a/irc/muh/Makefile +++ b/irc/muh/Makefile @@ -7,9 +7,10 @@ PORTNAME= muh PORTVERSION= 2.05d +PORTREVISION= 1 +DISTNAME= muh-2.05d-fixed CATEGORIES= irc -MASTER_SITES= http://mind.riot.org/muh/download/ -DISTNAME= ${PORTNAME}${PORTVERSION} +MASTER_SITES= http://prdownloads.sourceforge.net/muh/ MAINTAINER= billf@FreeBSD.org diff --git a/irc/muh/distinfo b/irc/muh/distinfo index 9851a0bee386..f26ddcaff6c9 100644 --- a/irc/muh/distinfo +++ b/irc/muh/distinfo @@ -1 +1 @@ -MD5 (muh2.05d.tar.gz) = c96cdb565e4fc2cca5b9db5a45d41190 +MD5 (muh-2.05d-fixed.tar.gz) = 0d3cd659d89983fb58dc89f531c1b3e8 diff --git a/irc/muh/files/patch-aa b/irc/muh/files/patch-aa deleted file mode 100644 index 234ea1f41b32..000000000000 --- a/irc/muh/files/patch-aa +++ /dev/null @@ -1,29 +0,0 @@ ---- src/muh.c.orig Sun Mar 19 04:08:27 2000 -+++ src/muh.c Sat Sep 9 21:32:15 2000 -@@ -575,7 +575,7 @@ - if( strcmp( param2 + 2, "USERINFO\1" ) == 0 ) - irc_notice( &c_server, nick, USERINFOREPLY ); - if( strncmp( param2 + 2, "PING", 4 ) == 0 ) { -- if( strlen( param2 + 1 ) > 6 ) irc_notice( &c_server, nick, param2 + 1 ); -+ if( strlen( param2 + 1 ) > 6 ) irc_notice( &c_server, nick, "%s", param2 + 1 ); - } - if( strcmp( param2 + 2, "CLIENTINFO\1" ) == 0 ) - irc_notice( &c_server, nick, CLIENTINFOREPLY ); -@@ -591,7 +591,7 @@ - } - else { /* normale message/notice */ - if( !is_ignore( hostname, IGNORE_MESSAGE ) && status.allowreply ) { -- if( cfg.awaynotice ) irc_notice( &c_server, nick, cfg.awaynotice ); -+ if( cfg.awaynotice ) irc_notice( &c_server, nick, "%s", cfg.awaynotice ); - add_ignore( hostname, 120, IGNORE_MESSAGE ); - status.allowreply = 0; - timers.reply = 0; -@@ -841,7 +841,7 @@ - s = ( char * )malloc( 1024 ); - while( fgets( s, 1023, messagelog ) ) { - if( s[ strlen( s ) - 1 ] == '\n' ) s[ strlen( s ) - 1 ] = 0; -- irc_notice( &c_client, status.nickname, s ); -+ irc_notice( &c_client, status.nickname, "%s", s ); - } - FREESTRING( s ); - |