[pkgsrc/trunk]: pkgsrc/print/ghostscript replace some sprintf by snprintf, fi...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/ece9dd81ea4e
branches:  trunk
changeset: 568885:ece9dd81ea4e
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Wed Dec 23 13:27:58 2009 +0000

description:
replace some sprintf by snprintf, fixes CVE-2009-4270 hopefully
bump PKGREVISION

diffstat:

 print/ghostscript/Makefile         |   4 ++--
 print/ghostscript/distinfo         |   3 ++-
 print/ghostscript/patches/patch-ak |  31 +++++++++++++++++++++++++++++++
 3 files changed, 35 insertions(+), 3 deletions(-)

diffs (62 lines):

diff -r d8dd282d8d23 -r ece9dd81ea4e print/ghostscript/Makefile
--- a/print/ghostscript/Makefile        Wed Dec 23 13:00:41 2009 +0000
+++ b/print/ghostscript/Makefile        Wed Dec 23 13:27:58 2009 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.71 2009/11/02 00:00:31 gdt Exp $
+# $NetBSD: Makefile,v 1.72 2009/12/23 13:27:58 drochner Exp $
 
 DISTNAME=      ghostscript-8.70
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    print
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=ghostscript/}
 EXTRACT_SUFX=  .tar.bz2
diff -r d8dd282d8d23 -r ece9dd81ea4e print/ghostscript/distinfo
--- a/print/ghostscript/distinfo        Wed Dec 23 13:00:41 2009 +0000
+++ b/print/ghostscript/distinfo        Wed Dec 23 13:27:58 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.27 2009/11/03 00:05:59 wiz Exp $
+$NetBSD: distinfo,v 1.28 2009/12/23 13:27:59 drochner Exp $
 
 SHA1 (ghostscript-8.70.tar.bz2) = 4e4132713258c680a4fbec577e6dfc82b980ec01
 RMD160 (ghostscript-8.70.tar.bz2) = 88f7d380d1075c57829aa7f34334542fd2bbd6ce
@@ -11,3 +11,4 @@
 SHA1 (patch-ah) = efc85dead838505ee462714167f196db2deeb0aa
 SHA1 (patch-ai) = ad69ddd4a4bd50cf2263ac6c6d17a59798ef3124
 SHA1 (patch-aj) = 620d921210b5c0efec0a84e33bc416e4ab4bd11c
+SHA1 (patch-ak) = ff4603b188dad8ba8144e96f677ee4bda53df009
diff -r d8dd282d8d23 -r ece9dd81ea4e print/ghostscript/patches/patch-ak
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/ghostscript/patches/patch-ak        Wed Dec 23 13:27:58 2009 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-ak,v 1.3 2009/12/23 13:27:59 drochner Exp $
+
+--- base/gsmisc.c.orig 2009-12-23 12:29:51.000000000 +0000
++++ base/gsmisc.c
+@@ -69,7 +69,7 @@ int outprintf(const gs_memory_t *mem, co
+ 
+     va_start(args, fmt);
+ 
+-    count = vsprintf(buf, fmt, args);
++    count = vsnprintf(buf, sizeof(buf), fmt, args);
+     outwrite(mem, buf, count);
+     if (count >= PRINTF_BUF_LENGTH) {
+       count = sprintf(buf, 
+@@ -89,7 +89,7 @@ int errprintf(const char *fmt, ...)
+ 
+     va_start(args, fmt);
+ 
+-    count = vsprintf(buf, fmt, args);
++    count = vsnprintf(buf, sizeof(buf), fmt, args);
+     errwrite(buf, count);
+     if (count >= PRINTF_BUF_LENGTH) {
+       count = sprintf(buf, 
+@@ -236,7 +236,7 @@ int gs_throw_imp(const char *func, const
+     va_list ap;
+ 
+     va_start(ap, fmt);
+-    vsprintf(msg, fmt, ap);
++    vsnprintf(msg, sizeof(msg), fmt, ap);
+     msg[sizeof(msg) - 1] = 0;
+     va_end(ap);
+