diff options
author | mi <mi@FreeBSD.org> | 2004-06-25 20:08:51 +0800 |
---|---|---|
committer | mi <mi@FreeBSD.org> | 2004-06-25 20:08:51 +0800 |
commit | 69a4717de2f78e7458447615e47896767d3eb019 (patch) | |
tree | 0096f7595e5606c9fce5d2851fa6afd7eb5a8968 /print/rlpr | |
parent | f0bfb1b2797f0a4a4c6f976b0a2d32f45d71e0c8 (diff) | |
download | freebsd-ports-gnome-69a4717de2f78e7458447615e47896767d3eb019.tar.gz freebsd-ports-gnome-69a4717de2f78e7458447615e47896767d3eb019.tar.zst freebsd-ports-gnome-69a4717de2f78e7458447615e47896767d3eb019.zip |
How stupid of me -- forgot to `cvs add' the patch fixing the recent
security issue prior to last commit. Now have to also bump the PORTREVISION.
Diffstat (limited to 'print/rlpr')
-rw-r--r-- | print/rlpr/Makefile | 1 | ||||
-rw-r--r-- | print/rlpr/files/patch-msg | 39 |
2 files changed, 40 insertions, 0 deletions
diff --git a/print/rlpr/Makefile b/print/rlpr/Makefile index 44358a0548c8..76f6222cc470 100644 --- a/print/rlpr/Makefile +++ b/print/rlpr/Makefile @@ -7,6 +7,7 @@ PORTNAME= rlpr PORTVERSION= 2.04 +PORTREVISION= 1 CATEGORIES= print net MASTER_SITES= ftp://www.truffula.com/pub/ diff --git a/print/rlpr/files/patch-msg b/print/rlpr/files/patch-msg new file mode 100644 index 000000000000..1a775ee4bb50 --- /dev/null +++ b/print/rlpr/files/patch-msg @@ -0,0 +1,39 @@ +Don't allow the network obtained strings to be interpreted +as sprintf() format directives. See http://www.osvdb.org/7194 + +This fix is different from Debian's. It is better, because it +requires no extra work, when errno is zero, and saves syslog(3) +the hassle of handling %m, when it is. + + -mi + +--- src/msg.c Thu Sep 16 01:10:23 1999 ++++ src/msg.c Thu Jun 24 17:14:13 2004 +@@ -160,20 +160,14 @@ + + } else if (rlpr_msg->use_syslog) { +- +- /* +- * sigh. this really sucks, but what can we do: vsnprintf() +- * isn't yet standard enough to rely on. maybe if i can find +- * a portable implementation lying around somewhere i can make +- * a ../lib/vsnprintf.c +- */ +- + char buf[BUFSIZ]; ++ const char *_format; + +- vsprintf(buf, _(format), ap); +- +- if (errno != 0) +- strcat(buf, ": %m"); ++ if (errno != 0) { ++ snprintf(buf, sizeof buf, "%s: %s", _(format), strerror(errno)); ++ _format = buf; ++ } else ++ _format = _(format); + +- syslog(rlpr_msg->syslog_prio[level], buf); ++ vsyslog(rlpr_msg->syslog_prio[level], _format, ap); + + } else { |