From deda6d1d42cae879833cc32af7f65f948a5bc99f Mon Sep 17 00:00:00 2001 From: itojun Date: Thu, 25 Oct 2001 07:46:27 +0000 Subject: plug string format vulnerability. --- editors/nvi-m17n/Makefile | 4 ++-- editors/nvi-m17n/distinfo | 4 +++- editors/nvi-m17n/patches/patch-ac | 30 ++++++++++++++++++++++++++++++ editors/nvi-m17n/patches/patch-ad | 22 ++++++++++++++++++++++ 4 files changed, 57 insertions(+), 3 deletions(-) create mode 100644 editors/nvi-m17n/patches/patch-ac create mode 100644 editors/nvi-m17n/patches/patch-ad (limited to 'editors/nvi-m17n') diff --git a/editors/nvi-m17n/Makefile b/editors/nvi-m17n/Makefile index d4a80eb88df..6009348f423 100644 --- a/editors/nvi-m17n/Makefile +++ b/editors/nvi-m17n/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.11 2001/09/27 23:18:00 jlam Exp $ +# $NetBSD: Makefile,v 1.12 2001/10/25 07:46:27 itojun Exp $ # FreeBSD Id: Makefile,v 1.11 1999/04/17 10:51:03 itojun Exp DISTNAME= nvi-1.79 -PKGNAME= nvi-m17n-1.79.19991117 +PKGNAME= nvi-m17n-1.79.19991117nb1 CATEGORIES= editors MASTER_SITES= ftp://sleepy.vwh.net/pub/ \ ftp://ftp.foretune.co.jp/pub/tools/nvi-m17n/ diff --git a/editors/nvi-m17n/distinfo b/editors/nvi-m17n/distinfo index ff810e6c140..64db812597b 100644 --- a/editors/nvi-m17n/distinfo +++ b/editors/nvi-m17n/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.2 2001/04/19 11:01:04 agc Exp $ +$NetBSD: distinfo,v 1.3 2001/10/25 07:46:28 itojun Exp $ SHA1 (nvi-1.79.tar.gz) = f6b54e532e06b00b8892d0a0362c5b361cfc9643 Size (nvi-1.79.tar.gz) = 1295351 bytes @@ -6,4 +6,6 @@ SHA1 (nvi-1.79.m17n-19991117.diff.gz) = b242733c5da3c3797be0bd0c1829f7d0cebe451a Size (nvi-1.79.m17n-19991117.diff.gz) = 166609 bytes SHA1 (patch-aa) = c246b1533dfbfc93ad9c0a8ea8cff5db157c9ee8 SHA1 (patch-ab) = f7a382af11f200467ac994d90e108e97c7602b13 +SHA1 (patch-ac) = 738f4b3d51b6b39f2cc4b2cffeb1a1ea412aed89 +SHA1 (patch-ad) = 21b5df4bb13b248f6f1ffe7ca69d91a4eae83561 SHA1 (patch-global) = 118bfdcefba77c37c07b29d0c68fb8bbf02cb10e diff --git a/editors/nvi-m17n/patches/patch-ac b/editors/nvi-m17n/patches/patch-ac new file mode 100644 index 00000000000..545ade50c01 --- /dev/null +++ b/editors/nvi-m17n/patches/patch-ac @@ -0,0 +1,30 @@ +$NetBSD: patch-ac,v 1.1 2001/10/25 07:46:29 itojun Exp $ + +--- ../ex/ex_cscope.c.orig Mon Sep 16 04:59:30 1996 ++++ ../ex/ex_cscope.c Thu Oct 25 16:43:51 2001 +@@ -232,14 +232,14 @@ + * name regardless so that we can use it as a base for searches. + */ + if (stat(dname, &sb)) { +- msgq(sp, M_SYSERR, dname); ++ msgq(sp, M_SYSERR, "%s", dname); + return (1); + } + if (S_ISDIR(sb.st_mode)) { + (void)snprintf(path, sizeof(path), + "%s/%s", dname, CSCOPE_DBFILE); + if (stat(path, &sb)) { +- msgq(sp, M_SYSERR, path); ++ msgq(sp, M_SYSERR, "%s", path); + return (1); + } + dbname = CSCOPE_DBFILE; +@@ -762,7 +762,7 @@ + + io_err: if (feof(csc->from_fp)) + errno = EIO; +- msgq_str(sp, M_SYSERR, "%s", csc->dname); ++ msgq_str(sp, M_SYSERR, csc->dname, "%s"); + terminate(sp, csc, 0); + return (1); + } diff --git a/editors/nvi-m17n/patches/patch-ad b/editors/nvi-m17n/patches/patch-ad new file mode 100644 index 00000000000..8eae1670618 --- /dev/null +++ b/editors/nvi-m17n/patches/patch-ad @@ -0,0 +1,22 @@ +$NetBSD: patch-ad,v 1.1 2001/10/25 07:46:29 itojun Exp $ + +--- ../common/exf.c.orig Thu Oct 25 16:43:16 2001 ++++ ../common/exf.c Thu Oct 25 16:43:52 2001 +@@ -887,7 +887,7 @@ + * Note that this code is harmless if you're using libc 4.6.x. + */ + if (LF_ISSET(FS_APPEND) && lseek(fd, (off_t)0, SEEK_END) < 0) { +- msgq(sp, M_SYSERR, name); ++ msgq(sp, M_SYSERR, "%s", name); + return (1); + } + #endif +@@ -1004,7 +1004,7 @@ + *--s = '.'; + } + } +- msgq(sp, M_INFO, s); ++ msgq(sp, M_INFO, "%s", s); + if (nf) + FREE_SPACE(sp, p, 0); + return (0); -- cgit v1.2.3