Upgrade from 2.04 to 2.05. The author closed the recently discovered
security flaw, which was already fixed in FreeBSD. But the older tarball is no longer available, hence the upgrade.
This commit is contained in:
parent
e9dffd30af
commit
b7b95248da
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=113283
3 changed files with 3 additions and 43 deletions
|
@ -6,8 +6,7 @@
|
|||
#
|
||||
|
||||
PORTNAME= rlpr
|
||||
PORTVERSION= 2.04
|
||||
PORTREVISION= 1
|
||||
PORTVERSION= 2.05
|
||||
CATEGORIES= print net
|
||||
MASTER_SITES= ftp://www.truffula.com/pub/
|
||||
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
MD5 (rlpr-2.04.tar.gz) = d4560cad31b0f031796a260b6d6b7123
|
||||
SIZE (rlpr-2.04.tar.gz) = 158637
|
||||
MD5 (rlpr-2.05.tar.gz) = 64ee8ccd94aabc90b9f40d0b2ad79e79
|
||||
SIZE (rlpr-2.05.tar.gz) = 222119
|
||||
|
|
|
@ -1,39 +0,0 @@
|
|||
Don't allow the network obtained strings to be interpreted
|
||||
as sprintf() format directives. See http://www.osvdb.org/7194
|
||||
|
||||
This fix is different from Debian's. It is better, because it
|
||||
requires no extra work, when errno is zero, and saves syslog(3)
|
||||
the hassle of handling %m, when it is.
|
||||
|
||||
-mi
|
||||
|
||||
--- src/msg.c Thu Sep 16 01:10:23 1999
|
||||
+++ src/msg.c Thu Jun 24 17:14:13 2004
|
||||
@@ -160,20 +160,14 @@
|
||||
|
||||
} else if (rlpr_msg->use_syslog) {
|
||||
-
|
||||
- /*
|
||||
- * sigh. this really sucks, but what can we do: vsnprintf()
|
||||
- * isn't yet standard enough to rely on. maybe if i can find
|
||||
- * a portable implementation lying around somewhere i can make
|
||||
- * a ../lib/vsnprintf.c
|
||||
- */
|
||||
-
|
||||
char buf[BUFSIZ];
|
||||
+ const char *_format;
|
||||
|
||||
- vsprintf(buf, _(format), ap);
|
||||
-
|
||||
- if (errno != 0)
|
||||
- strcat(buf, ": %m");
|
||||
+ if (errno != 0) {
|
||||
+ snprintf(buf, sizeof buf, "%s: %s", _(format), strerror(errno));
|
||||
+ _format = buf;
|
||||
+ } else
|
||||
+ _format = _(format);
|
||||
|
||||
- syslog(rlpr_msg->syslog_prio[level], buf);
|
||||
+ vsyslog(rlpr_msg->syslog_prio[level], _format, ap);
|
||||
|
||||
} else {
|
Loading…
Reference in a new issue