diff options
| author | grant <grant@pkgsrc.org> | 2003-10-11 11:27:56 +0000 |
|---|---|---|
| committer | grant <grant@pkgsrc.org> | 2003-10-11 11:27:56 +0000 |
| commit | 6a55d3b4e3ec3426d588a6f49810e97c168f0beb (patch) | |
| tree | b36fe176a8d4f30fdb5fa6aa1adfa8f3b4c686f9 /net/socks5 | |
| parent | 58ca0f6e612befff7f5d0f75e4b3b013a198ccaa (diff) | |
| download | pkgsrc-6a55d3b4e3ec3426d588a6f49810e97c168f0beb.tar.gz | |
add patch from http://online.securityfocus.com/archive/2/9842,
fixing remotely exploitable buffer overflow.
bump PKGREVISION.
addresses PR pkg/22687 from Wolfgang S. Rupprecht.
Diffstat (limited to 'net/socks5')
| -rw-r--r-- | net/socks5/Makefile | 4 | ||||
| -rw-r--r-- | net/socks5/distinfo | 3 | ||||
| -rw-r--r-- | net/socks5/patches/patch-ac | 25 |
3 files changed, 29 insertions, 3 deletions
diff --git a/net/socks5/Makefile b/net/socks5/Makefile index 9284db4d79d..56e470c413e 100644 --- a/net/socks5/Makefile +++ b/net/socks5/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.27 2003/10/11 11:16:20 grant Exp $ +# $NetBSD: Makefile,v 1.28 2003/10/11 11:27:56 grant Exp $ # FreeBSD Id: Makefile,v 1.14 1997/08/28 06:49:06 obrien Exp # @@ -6,7 +6,7 @@ DISTNAME= socks5-v1_0r2 PKGNAME= socks5-1.0.2 WRKSRC= ${WRKDIR}/socks5-v1.0r2 CATEGORIES= net security -PKGREVISION= 1 +PKGREVISION= 2 MASTER_SITES= # empty -- manual fetch needed EXTRACT_SUFX= _tar.gz diff --git a/net/socks5/distinfo b/net/socks5/distinfo index 7905c592c98..b9cf66b16c7 100644 --- a/net/socks5/distinfo +++ b/net/socks5/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.2 2001/04/21 11:23:34 wiz Exp $ +$NetBSD: distinfo,v 1.3 2003/10/11 11:27:56 grant Exp $ SHA1 (socks5-v1_0r2_tar.gz) = 57c6e3a17381ce48bed008a86442385dbc2d11de Size (socks5-v1_0r2_tar.gz) = 390331 bytes SHA1 (patch-aa) = 5960986bf8aa8e8abf96df90b4b9c1940b1adb98 SHA1 (patch-ab) = 85e70c3a81ee5dc44af24f48fe4d3869c0985854 +SHA1 (patch-ac) = 296da7096e6c6984714f5aa88e3caab7cd11e309 diff --git a/net/socks5/patches/patch-ac b/net/socks5/patches/patch-ac new file mode 100644 index 00000000000..58d00ef7f0d --- /dev/null +++ b/net/socks5/patches/patch-ac @@ -0,0 +1,25 @@ +$NetBSD: patch-ac,v 1.1 2003/10/11 11:27:56 grant Exp $ + +--- lib/log.c.orig 1997-06-19 02:32:05.000000000 +1000 ++++ lib/log.c +@@ -77,7 +77,8 @@ static void replacePercentM(const char * + } + + void S5LogvUpdate(const void *handle, int level, int msgID, const char *oformat, va_list pvar) { +- char fmt_cpy[2*1024 + 2*10], format[2*1024 + 2*10]; ++#define FMT_BUFLEN (2*1024 + 2*10) ++ char fmt_cpy[FMT_BUFLEN], format[FMT_BUFLEN]; + S5LogHandle *h = (S5LogHandle *)handle; + int serrno = GETERRNO(); + static int dontLoop = 0; +@@ -112,7 +113,9 @@ void S5LogvUpdate(const void *handle, in + strcat(format, " "); + + replacePercentM(oformat, format + strlen(format), sizeof(format) - strlen(format)); +- vsprintf(fmt_cpy, format, pvar); ++ if(vsnprintf(fmt_cpy, FMT_BUFLEN-1,format, pvar)==-1) { ++ fmt_cpy[FMT_BUFLEN-1]='\0'; ++ } + + /* Log to the Local log facility, e.g. Stderr on Unix and maybe a window */ + /* or something on NT. Neither system can deal with a NULL format so */ |