[pkgsrc/trunk]: pkgsrc/net/openvmps Add patch to fix a format string vulnerab...

[bouyer <bouyer%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/77214230eaba
branches:  trunk
changeset: 502278:77214230eaba
user:      bouyer <bouyer%pkgsrc.org@localhost>
date:      Thu Nov 03 20:06:41 2005 +0000

description:
Add patch to fix a format string vulnerability in vmps_log():
http://www.security.nnov.ru/Jdocument889.html
Patch from me, reviewed by Adrian Portelli
Bump pkgrevision.

diffstat:

 net/openvmps/Makefile         |   3 ++-
 net/openvmps/distinfo         |   3 ++-
 net/openvmps/patches/patch-ad |  18 ++++++++++++++++++
 3 files changed, 22 insertions(+), 2 deletions(-)

diffs (49 lines):

diff -r a3eacf1f8f49 -r 77214230eaba net/openvmps/Makefile
--- a/net/openvmps/Makefile     Thu Nov 03 20:01:20 2005 +0000
+++ b/net/openvmps/Makefile     Thu Nov 03 20:06:41 2005 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.1.1.1 2005/06/06 16:07:43 bouyer Exp $
+# $NetBSD: Makefile,v 1.2 2005/11/03 20:06:41 bouyer Exp $
 
 DISTNAME=      vmpsd-1.3
 PKGNAME=       openvmps-1.3
+PKGREVISION=   1
 CATEGORIES=    net
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=vmps/}
 
diff -r a3eacf1f8f49 -r 77214230eaba net/openvmps/distinfo
--- a/net/openvmps/distinfo     Thu Nov 03 20:01:20 2005 +0000
+++ b/net/openvmps/distinfo     Thu Nov 03 20:06:41 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.1.1.1 2005/06/06 16:07:43 bouyer Exp $
+$NetBSD: distinfo,v 1.2 2005/11/03 20:06:41 bouyer Exp $
 
 SHA1 (vmpsd-1.3.tar.gz) = 39a8f925191690f209d9f1609321f20360810cf1
 RMD160 (vmpsd-1.3.tar.gz) = 1185fbd654d5d0e939fdfa08149d1ebcb3fc0ef2
@@ -6,3 +6,4 @@
 SHA1 (patch-aa) = 4bead41f3def8d179af073ac883d77d6c1301dec
 SHA1 (patch-ab) = a30282863432d654669643103de3711da6d53620
 SHA1 (patch-ac) = c5871b991808ca33d9ad0a7ee89ea1f1a4b0e803
+SHA1 (patch-ad) = 7fa3bf093f35264b1b10003fb3747fd736d12c5d
diff -r a3eacf1f8f49 -r 77214230eaba net/openvmps/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/openvmps/patches/patch-ad     Thu Nov 03 20:06:41 2005 +0000
@@ -0,0 +1,18 @@
+$NetBSD: patch-ad,v 1.1 2005/11/03 20:06:41 bouyer Exp $
+
+--- log.c.orig 2005-11-02 23:52:09.000000000 +0100
++++ log.c      2005-11-02 23:52:32.000000000 +0100
+@@ -27,11 +27,10 @@
+                       log_opened = 1;
+               }
+               vsnprintf(str, 256, fmt, ap);
+-              syslog(LOG_INFO, str);
++              syslog(LOG_INFO, "%s", str);
+ 
+               if ( debug ) { 
+-                      fprintf(stderr,str);
+-                      fprintf(stderr,"\n");
++                      fprintf(stderr,"%s\n", str);
+               }
+                        
+               va_end(ap);