From 0140554d033f4a84344a6ab7ac710238370c8f3c Mon Sep 17 00:00:00 2001 From: Jacques Vidrine Date: Wed, 19 May 2004 20:22:30 +0000 Subject: Correct a remotely exploitable vulnerability in subversion's date parsing. http://vuxml.freebsd.org/5d36ef32-a9cf-11d8-9c6d-0020ed76ef5a.html The patch was supplied by Stefan Esser and verified by Ben Reser. --- devel/subversion-freebsd/Makefile | 1 + .../files/patch-subversion::libsvn_subr::time.c | 13 +++++++++++++ 2 files changed, 14 insertions(+) create mode 100644 devel/subversion-freebsd/files/patch-subversion::libsvn_subr::time.c (limited to 'devel/subversion-freebsd') diff --git a/devel/subversion-freebsd/Makefile b/devel/subversion-freebsd/Makefile index bd12a551697a..13c38cf8eea8 100644 --- a/devel/subversion-freebsd/Makefile +++ b/devel/subversion-freebsd/Makefile @@ -6,6 +6,7 @@ PORTNAME= subversion PORTVERSION= 1.0.2 +PORTREVISION= 1 CATEGORIES= devel MASTER_SITES= http://subversion.tigris.org/tarballs/ diff --git a/devel/subversion-freebsd/files/patch-subversion::libsvn_subr::time.c b/devel/subversion-freebsd/files/patch-subversion::libsvn_subr::time.c new file mode 100644 index 000000000000..57b3129395c2 --- /dev/null +++ b/devel/subversion-freebsd/files/patch-subversion::libsvn_subr::time.c @@ -0,0 +1,13 @@ +Index: subversion/libsvn_subr/time.c +=================================================================== +--- subversion/libsvn_subr/time.c (revision 9636) ++++ subversion/libsvn_subr/time.c (working copy) +@@ -55,7 +55,7 @@ + * compatibility, but no longer generated. + */ + static const char * const old_timestamp_format = +-"%s %d %s %d %02d:%02d:%02d.%06d (day %03d, dst %d, gmt_off %06d)"; ++"%3s %d %3s %d %02d:%02d:%02d.%06d (day %03d, dst %d, gmt_off %06d)"; + + /* Our human representation of dates looks like this: + * -- cgit v1.2.3