3f08af39e0
which officially fixes the setuid security exploit by the vendors.
Additionally, from the PR:
* adds in distribution patches to allow it to interoperate
with libtiff-3.5.5 (the current version in the ports tree),
and replace an original FreeBSD patch.
* includes security patches (replacements of 'strcpy' and
'sprintf', primarily), mostly based on patches originally
submitted by Alex Langer [1] for 4.0pl2 and not yet commited,
although some new work was done too.
[1] I don't think, that these were my patches but those submitted by
John Holland <john@zoner.org> in PR 19180.
* Fixes some issues with the configure/setup scripts introduced
since the previous version.
* Additionally, original FreeBSD patches from 4.0pl2 were
merged in where they were not addressed by anything else.
(except the I18N patch, sorry).
I removed the FORBIDDEN line since there are at least no obvious security
concerns left.
PR: 19237
Submitted by: Andy Sparrow <andy@geek4food.org>
13 lines
458 B
Plaintext
13 lines
458 B
Plaintext
diff -ruN faxalter/faxalter.c++.orig faxalter/faxalter.c++
|
|
--- faxalter/faxalter.c++.orig Sun Jun 13 00:40:58 1999
|
|
+++ faxalter/faxalter.c++ Mon Jun 12 21:52:37 2000
|
|
@@ -185,7 +185,7 @@
|
|
va_list ap;
|
|
va_start(ap, fmt0);
|
|
char fmt[1024];
|
|
- sprintf(fmt, "%s %s\n", groups ? "JGPARM" : "JPARM", fmt0);
|
|
+ snprintf(fmt, sizeof(fmt), "%s %s\n", groups ? "JGPARM" : "JPARM", fmt0);
|
|
script.append(fxStr::vformat(fmt, ap));
|
|
va_end(ap);
|
|
}
|