From ekarkkai@pp.htv.fi  Sun Aug  1 16:24:36 2010
Return-Path: <ekarkkai@pp.htv.fi>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 73E101065675;
	Sun,  1 Aug 2010 16:24:36 +0000 (UTC)
	(envelope-from ekarkkai@pp.htv.fi)
Received: from filtteri2.pp.htv.fi (filtteri2.pp.htv.fi [213.243.153.185])
	by mx1.freebsd.org (Postfix) with ESMTP id 259938FC21;
	Sun,  1 Aug 2010 16:24:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by filtteri2.pp.htv.fi (Postfix) with ESMTP id A84AF8BBB6;
	Sun,  1 Aug 2010 19:04:52 +0300 (EEST)
Received: from smtp6.welho.com ([213.243.153.40])
	by localhost (filtteri2.pp.htv.fi [213.243.153.185]) (amavisd-new, port 10024)
	with ESMTP id veDywg5t2eFc; Sun,  1 Aug 2010 19:04:52 +0300 (EEST)
Received: from zero.my.domain (cs95087.pp.htv.fi [212.90.95.87])
	by smtp6.welho.com (Postfix) with ESMTP id 3AF1E5BC003;
	Sun,  1 Aug 2010 19:04:52 +0300 (EEST)
Received: from thunderbolt.my.domain (thunderbolt.my.domain [10.192.168.30])
	by zero.my.domain (8.14.3/8.14.3) with ESMTP id o71G4ppN049308;
	Sun, 1 Aug 2010 19:04:52 +0300 (EEST)
	(envelope-from ekarkkai@pp.htv.fi)
Received: from thunderbolt.my.domain (localhost [127.0.0.1])
	by thunderbolt.my.domain (8.14.4/8.14.4) with ESMTP id o71G4puZ031194;
	Sun, 1 Aug 2010 19:04:51 +0300 (EEST)
	(envelope-from ejk@thunderbolt.my.domain)
Received: (from ejk@localhost)
	by thunderbolt.my.domain (8.14.4/8.14.4/Submit) id o71G4poG031193;
	Sun, 1 Aug 2010 19:04:51 +0300 (EEST)
	(envelope-from ejk)
Message-Id: <201008011604.o71G4poG031193@thunderbolt.my.domain>
Date: Sun, 1 Aug 2010 19:04:51 +0300 (EEST)
From: Esa Karkkainen <ejk@iki.fi>
Reply-To: Esa Karkkainen <ejk@iki.fi>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Esa Karkkainen <ejk@iki.fi>, fjoe@freebsd.org
Subject: Security update to fix archivers/libmspack Infinite Loop Denial of Service
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         149180
>Category:       ports
>Synopsis:       Security update to fix archivers/libmspack Infinite Loop Denial of Service
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    fjoe
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sun Aug 01 16:30:05 UTC 2010
>Closed-Date:    Sun Aug 01 17:30:25 UTC 2010
>Last-Modified:  Sun Aug  1 17:40:00 UTC 2010
>Originator:     Esa Karkkainen
>Release:        FreeBSD 8.1-RELEASE amd64
>Organization:
Is in state of disintegration
>Environment:

System: FreeBSD 8.1-RELEASE
Ports tree updated at Aug 1st, 17:30:19 2010 EET

>Description:

Please see

<http://portaudit.FreeBSD.org/43024078-9b63-11df-8983-001d60d86f38.html>

>How-To-Repeat:

Install ports-mgmt/portaudit, run "portaudit -F" command and then try to
install archivers/libmspack.

>Fix:

diff -ruN /usr/ports/archivers/libmspack/Makefile ports/archivers/libmspack/Makefile
--- /usr/ports/archivers/libmspack/Makefile	2009-08-02 22:32:06.000000000 +0300
+++ ports/archivers/libmspack/Makefile	2010-08-01 18:56:42.938935398 +0300
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	libmspack
-PORTVERSION=	0.0.20060920
+PORTVERSION=	0.2
 CATEGORIES=	archivers
 MASTER_SITES=	http://www.cabextract.org.uk/libmspack/
 DISTNAME=	${PORTNAME}-${PORTVERSION}alpha
diff -ruN /usr/ports/archivers/libmspack/distinfo ports/archivers/libmspack/distinfo
--- /usr/ports/archivers/libmspack/distinfo	2009-02-01 10:53:21.000000000 +0200
+++ ports/archivers/libmspack/distinfo	2010-08-01 18:52:06.750312943 +0300
@@ -1,3 +1,3 @@
-MD5 (libmspack-0.0.20060920alpha.tar.gz) = 72003dfa5da2e843e3d5ae0c18f7c969
-SHA256 (libmspack-0.0.20060920alpha.tar.gz) = e2a5397fcd8088da76b72a8bbfac156cd3d0dc916709ed5b034bda74726fe0af
-SIZE (libmspack-0.0.20060920alpha.tar.gz) = 498217
+MD5 (libmspack-0.2alpha.tar.gz) = a51c65ba1dc9b53090d4e65e1f55d860
+SHA256 (libmspack-0.2alpha.tar.gz) = 01c951e883aa6518f4c2fd92f64fbab1763c00a7f776a9cce678168479f3e0df
+SIZE (libmspack-0.2alpha.tar.gz) = 399498
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->fjoe 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Sun Aug 1 16:30:17 UTC 2010 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=149180 
State-Changed-From-To: open->closed 
State-Changed-By: fjoe 
State-Changed-When: Sun Aug 1 17:29:07 UTC 2010 
State-Changed-Why:  
The change is committed. You forgot to update pkg-plist however. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=149180 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/149180: commit references a PR
Date: Sun,  1 Aug 2010 17:29:07 +0000 (UTC)

 fjoe        2010-08-01 17:28:58 UTC
 
   FreeBSD ports repository
 
   Modified files:
     archivers/libmspack  Makefile distinfo pkg-plist 
   Log:
   Update to 0.2alpha.
   
   This fixes infinite loop in MS-ZIP.
   
   PR:             149180
   
   Revision  Changes    Path
   1.14      +1 -1      ports/archivers/libmspack/Makefile
   1.4       +3 -3      ports/archivers/libmspack/distinfo
   1.3       +1 -0      ports/archivers/libmspack/pkg-plist
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
