Bug 217063 - devel/libowfat: Port is out of date (security fixes)
Summary: devel/libowfat: Port is out of date (security fixes)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: David Thiel
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-02-13 10:31 UTC by Jan Bramkamp
Modified: 2017-02-13 20:19 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (lx)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Bramkamp 2017-02-13 10:31:15 UTC 
The libowfat port is out of date by two releases (https://www.fefe.de/libowfat/changes-0.30.txt and https://www.fefe.de/libowfat/changes-0.31.txt). Three of the entries in the changelog are marked as security fixes:

 * SECURITY: fmt_strn would write one byte too many (returned right length though, so usually not a problem as that byte would be overwritten with \0 by the caller anyway)
 * SECURITY: check for integer overflow in stralloc_ready
 * SECURITY: fix botched integer overflow handling logic in stralloc_ready (Giorgio) add critbit
Comment 1 commit-hook freebsd_committer freebsd_triage 2017-02-13 20:16:29 UTC 
A commit references this bug:

Author: lx
Date: Mon Feb 13 20:15:37 UTC 2017
New revision: 434050
URL: https://svnweb.freebsd.org/changeset/ports/434050

Log:
  Update to 0.31, fixing some security issues.

  PR:		217063
  Reported by:	Jan Bramkamp
  MFH:		2017Q1
  Security:	Integer overflow checking and string formatting error

Changes:
  head/devel/libowfat/Makefile
  head/devel/libowfat/distinfo
  head/devel/libowfat/files/patch-GNUmakefile
  head/devel/libowfat/pkg-plist
Comment 2 David Thiel freebsd_committer freebsd_triage 2017-02-13 20:19:50 UTC 
Committed, thanks!