From c36f830c02187ba91a2cdd98e9a0a570670f7116 Mon Sep 17 00:00:00 2001 From: tron Date: Tue, 27 Nov 2001 21:03:07 +0000 Subject: Fix remote format string vulnerability in "libgtop_daemon". Bump version number to 1.0.12nb1. --- devel/libgtop/Makefile | 3 ++- devel/libgtop/distinfo | 3 ++- devel/libgtop/patches/patch-af | 22 ++++++++++++++++++++++ 3 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 devel/libgtop/patches/patch-af diff --git a/devel/libgtop/Makefile b/devel/libgtop/Makefile index 2947eedab7b..7a19066b064 100644 --- a/devel/libgtop/Makefile +++ b/devel/libgtop/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.54 2001/09/27 23:17:56 jlam Exp $ +# $NetBSD: Makefile,v 1.55 2001/11/27 21:03:07 tron Exp $ DISTNAME= libgtop-1.0.12 +PKGNAME= ${DISTNAME}nb1 CATEGORIES= devel gnome MASTER_SITES= ${MASTER_SITE_GNOME:=stable/sources/libgtop/} diff --git a/devel/libgtop/distinfo b/devel/libgtop/distinfo index 20dc870ecbb..88306d44037 100644 --- a/devel/libgtop/distinfo +++ b/devel/libgtop/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.7 2001/09/25 01:31:18 wiz Exp $ +$NetBSD: distinfo,v 1.8 2001/11/27 21:03:07 tron Exp $ SHA1 (libgtop-1.0.12.tar.gz) = 7ff6ae62b599db4bd51b54d4d549627eacfc8509 Size (libgtop-1.0.12.tar.gz) = 882461 bytes @@ -7,6 +7,7 @@ SHA1 (patch-ab) = 3ce99bf4d72cf4e4203364d78361c8a2df081d8d SHA1 (patch-ac) = 644bfe717bdcc993a668a3d075acda8ef39571d8 SHA1 (patch-ad) = 9522d20b1467b73678003d5c0f98dcac7d312893 SHA1 (patch-ae) = cf277165382c17d938593934b59d8035175fd8d0 +SHA1 (patch-af) = c88fc8e4c887bd982daf433b8c0bddbcf9c44929 SHA1 (patch-al) = e771b022a5c2176138c5f49561ac64a15ce11809 SHA1 (patch-an) = 339df94fd374d99565be913d1f8b59ea2f7b7881 SHA1 (patch-ao) = 09cb66ba7ee9a7368ec1cd1d4bd40ea3f6637a31 diff --git a/devel/libgtop/patches/patch-af b/devel/libgtop/patches/patch-af new file mode 100644 index 00000000000..8b9a11ea112 --- /dev/null +++ b/devel/libgtop/patches/patch-af @@ -0,0 +1,22 @@ +$NetBSD: patch-af,v 1.6 2001/11/27 21:03:08 tron Exp $ + +--- src/daemon/gnuserv.c.orig Sun Nov 28 17:43:00 1999 ++++ src/daemon/gnuserv.c Tue Nov 27 21:58:17 2001 +@@ -93,7 +93,7 @@ + vsnprintf (buffer, BUFSIZ-1, format, ap); + va_end (ap); + +- syslog (priority, buffer); ++ syslog (priority, "%s", buffer); + } + + void +@@ -108,7 +108,7 @@ + va_end (ap); + + snprintf (buffer2, BUFSIZ-1, "%s: %s", buffer, strerror (errno)); +- syslog (priority, buffer2); ++ syslog (priority, "%s", buffer2); + } + + /* -- cgit v1.2.3