diff options
| author | mi <mi@FreeBSD.org> | 2004-07-09 15:57:33 +0000 |
|---|---|---|
| committer | mi <mi@FreeBSD.org> | 2004-07-09 15:57:33 +0000 |
| commit | 8b20fe314263fe309f67db1e50ca897393469cc9 (patch) | |
| tree | f45120cd96abcd659b28446a34b33a3e33be9f4d /print/rlpr | |
| parent | 53012bcd44587794cb5edc1e53355d10763dbed8 (diff) | |
| download | FreeBSD-ports-8b20fe314263fe309f67db1e50ca897393469cc9.zip FreeBSD-ports-8b20fe314263fe309f67db1e50ca897393469cc9.tar.gz | |
Upgrade from 2.04 to 2.05. The author closed the recently discovered
security flaw, which was already fixed in FreeBSD. But the older tarball
is no longer available, hence the upgrade.
Diffstat (limited to 'print/rlpr')
| -rw-r--r-- | print/rlpr/Makefile | 3 | ||||
| -rw-r--r-- | print/rlpr/distinfo | 4 | ||||
| -rw-r--r-- | print/rlpr/files/patch-msg | 39 |
3 files changed, 3 insertions, 43 deletions
diff --git a/print/rlpr/Makefile b/print/rlpr/Makefile index 76f6222..1bbd1ca 100644 --- a/print/rlpr/Makefile +++ b/print/rlpr/Makefile @@ -6,8 +6,7 @@ # PORTNAME= rlpr -PORTVERSION= 2.04 -PORTREVISION= 1 +PORTVERSION= 2.05 CATEGORIES= print net MASTER_SITES= ftp://www.truffula.com/pub/ diff --git a/print/rlpr/distinfo b/print/rlpr/distinfo index 982332b..1b787f8 100644 --- a/print/rlpr/distinfo +++ b/print/rlpr/distinfo @@ -1,2 +1,2 @@ -MD5 (rlpr-2.04.tar.gz) = d4560cad31b0f031796a260b6d6b7123 -SIZE (rlpr-2.04.tar.gz) = 158637 +MD5 (rlpr-2.05.tar.gz) = 64ee8ccd94aabc90b9f40d0b2ad79e79 +SIZE (rlpr-2.05.tar.gz) = 222119 diff --git a/print/rlpr/files/patch-msg b/print/rlpr/files/patch-msg deleted file mode 100644 index 1a775ee..0000000 --- a/print/rlpr/files/patch-msg +++ /dev/null @@ -1,39 +0,0 @@ -Don't allow the network obtained strings to be interpreted -as sprintf() format directives. See http://www.osvdb.org/7194 - -This fix is different from Debian's. It is better, because it -requires no extra work, when errno is zero, and saves syslog(3) -the hassle of handling %m, when it is. - - -mi - ---- src/msg.c Thu Sep 16 01:10:23 1999 -+++ src/msg.c Thu Jun 24 17:14:13 2004 -@@ -160,20 +160,14 @@ - - } else if (rlpr_msg->use_syslog) { -- -- /* -- * sigh. this really sucks, but what can we do: vsnprintf() -- * isn't yet standard enough to rely on. maybe if i can find -- * a portable implementation lying around somewhere i can make -- * a ../lib/vsnprintf.c -- */ -- - char buf[BUFSIZ]; -+ const char *_format; - -- vsprintf(buf, _(format), ap); -- -- if (errno != 0) -- strcat(buf, ": %m"); -+ if (errno != 0) { -+ snprintf(buf, sizeof buf, "%s: %s", _(format), strerror(errno)); -+ _format = buf; -+ } else -+ _format = _(format); - -- syslog(rlpr_msg->syslog_prio[level], buf); -+ vsyslog(rlpr_msg->syslog_prio[level], _format, ap); - - } else { |
