3f08af39e0
which officially fixes the setuid security exploit by the vendors. Additionally, from the PR: * adds in distribution patches to allow it to interoperate with libtiff-3.5.5 (the current version in the ports tree), and replace an original FreeBSD patch. * includes security patches (replacements of 'strcpy' and 'sprintf', primarily), mostly based on patches originally submitted by Alex Langer [1] for 4.0pl2 and not yet commited, although some new work was done too. [1] I don't think, that these were my patches but those submitted by John Holland <john@zoner.org> in PR 19180. * Fixes some issues with the configure/setup scripts introduced since the previous version. * Additionally, original FreeBSD patches from 4.0pl2 were merged in where they were not addressed by anything else. (except the I18N patch, sorry). I removed the FORBIDDEN line since there are at least no obvious security concerns left. PR: 19237 Submitted by: Andy Sparrow <andy@geek4food.org>
13 lines
469 B
Plaintext
13 lines
469 B
Plaintext
diff -ruN man/config.4f.orig man/config.4f
|
|
--- man/config.4f.orig Mon Jan 4 23:48:18 1999
|
|
+++ man/config.4f Mon Jun 12 21:52:41 2000
|
|
@@ -1446,7 +1446,7 @@
|
|
The command to place a phone call.
|
|
The string is assumed to be suitable for use
|
|
as a parameter to the
|
|
-.IR sprintf (3S)
|
|
+.IR snprintf (3S)
|
|
function; so the ``%'' character should be escaped as ``%%''.
|
|
The dial command must include a single ``%s'' where the number
|
|
that is to be dialed is to be substituted.
|