Patches to address recent security issue via Gentoo:

http://secunia.com/advisories/16181/
This commit is contained in:
adrianp 2005-08-06 11:51:18 +00:00
parent a80a8ae73b
commit e37fc224e2
3 changed files with 55 additions and 2 deletions

View file

@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.23 2005/06/23 04:49:26 christos Exp $
# $NetBSD: Makefile,v 1.24 2005/08/06 11:51:18 adrianp Exp $
DISTNAME= proftpd-1.2.10
PKGREVISION= 3
PKGREVISION= 4
CATEGORIES= net
MASTER_SITES= ftp://ftp.proftpd.org/distrib/source/ \
ftp://ftp.servus.at/ProFTPD/distrib/source/ \

View file

@ -0,0 +1,13 @@
$NetBSD: patch-ad,v 1.1 2005/08/06 11:51:18 adrianp Exp $
--- src/response.c.orig 2005-08-06 12:20:27.000000000 +0100
+++ src/response.c
@@ -169,7 +169,7 @@ void pr_response_send_async(const char *
buf[sizeof(buf) - 1] = '\0';
sstrcat(buf, "\r\n", sizeof(buf));
- RESPONSE_WRITE_STR_ASYNC(session.c->outstrm, buf, strlen(buf))
+ RESPONSE_WRITE_STR_ASYNC(session.c->outstrm, "%s", buf)
}
void pr_response_send(const char *resp_numeric, const char *fmt, ...) {

View file

@ -0,0 +1,40 @@
$NetBSD: patch-ae,v 1.1 2005/08/06 11:51:18 adrianp Exp $
--- contrib/mod_sql.c.orig 2004-08-03 01:44:31.000000000 +0100
+++ contrib/mod_sql.c
@@ -2036,7 +2036,7 @@ MODRET info_master(cmd_rec *cmd) {
*outsp++ = 0;
/* add the response */
- pr_response_add( c->argv[0], outs);
+ pr_response_add(c->argv[0], "%s", outs);
} while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL);
@@ -2110,7 +2110,7 @@ MODRET info_master(cmd_rec *cmd) {
*outsp++ = 0;
/* add the response */
- pr_response_add( c->argv[0], outs);
+ pr_response_add(c->argv[0], "%s", outs);
} while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL);
@@ -2201,7 +2201,7 @@ MODRET errinfo_master(cmd_rec *cmd) {
*outsp++ = 0;
/* add the response */
- pr_response_add_err( c->argv[0], outs);
+ pr_response_add_err(c->argv[0], "%s", outs);
} while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL);
@@ -2275,7 +2275,7 @@ MODRET errinfo_master(cmd_rec *cmd) {
*outsp++ = 0;
/* add the response */
- pr_response_add( c->argv[0], outs);
+ pr_response_add(c->argv[0], "%s", outs);
} while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL);