<pre style='margin:0'>
Zero King (l2dy) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/29c6e284374647a10aa539f4cdee8ad5e482c067">https://github.com/macports/macports-ports/commit/29c6e284374647a10aa539f4cdee8ad5e482c067</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 29c6e28 newsbeuter: fix CVE-2017-14500
</span>29c6e28 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 29c6e284374647a10aa539f4cdee8ad5e482c067
</span>Author: Zero King <l2dy@macports.org>
AuthorDate: Thu Sep 21 14:54:47 2017 +0000
<span style='display:block; white-space:pre;color:#404040;'> newsbeuter: fix CVE-2017-14500
</span>---
net/newsbeuter/Portfile | 5 +++--
net/newsbeuter/files/patch-CVE-2017-14500.diff | 27 ++++++++++++++++++++++++++
2 files changed, 30 insertions(+), 2 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/newsbeuter/Portfile b/net/newsbeuter/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index f048823..4c70d34 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/newsbeuter/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/newsbeuter/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -5,7 +5,7 @@ PortGroup github 1.0
</span> PortGroup cxx11 1.1
github.setup akrennmair newsbeuter 2.9 r
<span style='display:block; white-space:pre;background:#ffe0e0;'>-revision 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+revision 2
</span> license MIT
categories net www
platforms darwin
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -29,7 +29,8 @@ depends_lib port:curl \
</span> port:sqlite3 \
port:stfl
<span style='display:block; white-space:pre;background:#ffe0e0;'>-patchfiles patch-CVE-2017-12904.diff
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+patchfiles patch-CVE-2017-12904.diff \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ patch-CVE-2017-14500.diff
</span>
# universal variant needs to be defined for [get_canonical_archflags] to work
variant universal {}
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/newsbeuter/files/patch-CVE-2017-14500.diff b/net/newsbeuter/files/patch-CVE-2017-14500.diff
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..5c4f170
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/newsbeuter/files/patch-CVE-2017-14500.diff
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,27 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Origin: upstream, https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- src/pb_controller.cpp.orig
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ src/pb_controller.cpp
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -306,9 +306,9 @@ void pb_controller::play_file(const std::string& file) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if (player == "")
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ cmdline.append(player);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- cmdline.append(" \"");
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- cmdline.append(utils::replace_all(file,"\"", "\\\""));
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- cmdline.append("\"");
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ cmdline.append(" \'");
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ cmdline.append(utils::replace_all(file,"'", "%27"));
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ cmdline.append("\'");
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ stfl::reset();
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ LOG(LOG_DEBUG, "pb_controller::play_file: running `%s'", cmdline.c_str());
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ::system(cmdline.c_str());
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- src/queueloader.cpp.orig
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ src/queueloader.cpp
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -130,7 +130,7 @@ std::string queueloader::get_filename(const std::string& str) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ strftime(lbuf, sizeof(lbuf), "%Y-%b-%d-%H%M%S.unknown", localtime(&t));
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ fn.append(lbuf);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } else {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- fn.append(base);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ fn.append(utils::replace_all(base, "'", "%27"));
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return fn;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span></pre><pre style='margin:0'>
</pre>