summaryrefslogtreecommitdiffstats
path: root/textproc
diff options
context:
space:
mode:
authordanfe <danfe@FreeBSD.org>2005-02-11 13:33:02 +0000
committerdanfe <danfe@FreeBSD.org>2005-02-11 13:33:02 +0000
commit85ba48d2b92093456664390b94635a9ce0769053 (patch)
tree34e15b3135f481e086df453ce4238d7f8e248a6f /textproc
parentcd45c291b3fdfacc4e078db16ebe95af7dff1b19 (diff)
downloadFreeBSD-ports-85ba48d2b92093456664390b94635a9ce0769053.zip
FreeBSD-ports-85ba48d2b92093456664390b94635a9ce0769053.tar.gz
- Attempt to fix the exploitable security issue described at
http://www.vuxml.org/freebsd/f2d5e56e-67eb-11d9-a9e7-0001020eed82.html by replacing strcat() with strncat(). Please note that I wasn't able to reproduce the exploit described at http://tigger.uic.edu/~jlongs2/holes/unrtf.txt on my 5.3-STABLE system. Feedback from someone who can reproduce the exploit with an unpatched unrtf would be appreciated - Bump PORTREVISION - Remove old master site that doesn't seem to have the distfile any more VuXML: f2d5e56e-67eb-11d9-a9e7-0001020eed82 PR: ports/76852 Submitted by: Stefan Walter <sw(at)gegenunendlich.de>
Diffstat (limited to 'textproc')
-rw-r--r--textproc/unrtf/Makefile8
-rw-r--r--textproc/unrtf/files/patch-convert.c11
2 files changed, 13 insertions, 6 deletions
diff --git a/textproc/unrtf/Makefile b/textproc/unrtf/Makefile
index 36fdaed..f663284 100644
--- a/textproc/unrtf/Makefile
+++ b/textproc/unrtf/Makefile
@@ -6,18 +6,14 @@
PORTNAME= unrtf
PORTVERSION= 0.19.3
+PORTREVISION= 1
CATEGORIES= textproc
-MASTER_SITES= http://unrtf.50megs.com/ \
- ${MASTER_SITE_GNU}
+MASTER_SITES= ${MASTER_SITE_GNU}
MASTER_SITE_SUBDIR= ${PORTNAME}
MAINTAINER= ports@FreeBSD.org
COMMENT= A converter from RTF to several formats, including HTML and LaTeX
-FORBIDDEN= http://vuxml.FreeBSD.org/f2d5e56e-67eb-11d9-a9e7-0001020eed82.html
-DEPRECATED= ${FORBIDDEN}
-EXPIRATION_DATE=2005-02-16
-
USE_REINPLACE= yes
ALL_TARGET= unrtf
diff --git a/textproc/unrtf/files/patch-convert.c b/textproc/unrtf/files/patch-convert.c
new file mode 100644
index 0000000..35fa047
--- /dev/null
+++ b/textproc/unrtf/files/patch-convert.c
@@ -0,0 +1,11 @@
+--- convert.c.orig Sun Jan 30 13:34:16 2005
++++ convert.c Sun Jan 30 13:35:36 2005
+@@ -341,7 +341,7 @@
+ while(w2) {
+ tmp = word_string (w2);
+ if (tmp && tmp[0] != '\\')
+- strcat(name,tmp);
++ strncat(name,tmp,sizeof(name)-strlen(name)-1);
+
+ w2=w2->next;
+ }
OpenPOWER on IntegriCloud