openbsd-ports/misc/wordnet/patches
sthen f6c9102d1a updated patch from Rob Holland, his commentary:
"Andreas Tille, the Debian WordNet maintainer, noticed a bug in my
patch. The bug is not security related, but causes incorrect behaviour
in WordNet.

I replaced a strncpy(s1, s2, strlen(s2)) with a strcpy forgetting that
strncpy invoked that way would always omit the trailing \0 (as the \0
would always be at strlen(s2) + 1). This resulted in a truncation of
output from WordNet which relied on the previous behavior which it
used to 'patch' s1. I've now adjusted the strncpy to be a memcpy and
added a comment, to make the intent of the code clear. (Using a str*
function when you don't wish any handling of \0 is unintuitive to me,
hence my mistake). [..] Apologies for the error."

thanks Rob for the exemplary handling of this advisory. Notifications
to package maintainers and follow-ups are almost unheard-of and very
welcome.
2008-09-06 21:49:15 +00:00
..
patch-doc_Makefile_in
patch-include_Makefile_in
patch-include_wn_h
patch-lib_binsrch_c - SECURITY update, add patches to fix oCERT-2008-014, 2008-09-01 20:02:53 +00:00
patch-lib_morph_c - SECURITY update, add patches to fix oCERT-2008-014, 2008-09-01 20:02:53 +00:00
patch-lib_search_c updated patch from Rob Holland, his commentary: 2008-09-06 21:49:15 +00:00
patch-lib_wnutil_c - SECURITY update, add patches to fix oCERT-2008-014, 2008-09-01 20:02:53 +00:00
patch-src_wn_c - SECURITY update, add patches to fix oCERT-2008-014, 2008-09-01 20:02:53 +00:00
patch-src_wnb - SECURITY update, add patches to fix oCERT-2008-014, 2008-09-01 20:02:53 +00:00