being here, add a patch from https://bugzilla.redhat.com/show_bug.cgi?id=659676 to fix a possible puffer overflow (CVE-2010-4262) bump PKGREVISIONdiff -r1.64 -r1.65 pkgsrc/graphics/xfig/Makefile
(drochner)
| @@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.64 2011/01/13 13:38:23 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.65 2011/01/19 19:31:05 drochner Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= xfig.3.2.5b.full | 3 | DISTNAME= xfig.3.2.5b.full | |
| 4 | PKGNAME= xfig-3.2.5b | 4 | PKGNAME= xfig-3.2.5b | |
| 5 | PKGREVISION= 8 | 5 | PKGREVISION= 9 | |
| 6 | CATEGORIES= graphics | 6 | CATEGORIES= graphics | |
| 7 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=mcj/} | 7 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=mcj/} | |
| 8 | 8 | |||
| 9 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
| 10 | HOMEPAGE= http://www.xfig.org/ | 10 | HOMEPAGE= http://www.xfig.org/ | |
| 11 | COMMENT= CAD-like 2D drawing tool, good for colorful scale drawings & ISOs | 11 | COMMENT= CAD-like 2D drawing tool, good for colorful scale drawings & ISOs | |
| 12 | 12 | |||
| 13 | PKG_DESTDIR_SUPPORT= user-destdir | 13 | PKG_DESTDIR_SUPPORT= user-destdir | |
| 14 | 14 | |||
| 15 | DEPENDS+= transfig>=3.2.4:../../print/transfig | 15 | DEPENDS+= transfig>=3.2.4:../../print/transfig | |
| 16 | # if we're using Xaw3d, then we need 1.5E or newer since using that | 16 | # if we're using Xaw3d, then we need 1.5E or newer since using that | |
| 17 | # version means we need a patch, which is currently used unconditionally | 17 | # version means we need a patch, which is currently used unconditionally | |
| 18 | BUILDLINK_API_DEPENDS.Xaw3d+= Xaw3d>=1.5E | 18 | BUILDLINK_API_DEPENDS.Xaw3d+= Xaw3d>=1.5E |
| @@ -1,18 +1,19 @@ | @@ -1,18 +1,19 @@ | |||
| 1 | $NetBSD: distinfo,v 1.23 2011/01/19 19:03:11 drochner Exp $ | 1 | $NetBSD: distinfo,v 1.24 2011/01/19 19:31:05 drochner Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (xfig.3.2.5b.full.tar.gz) = 0730d7e6bc217c0de02682efb0078821512bb542 | 3 | SHA1 (xfig.3.2.5b.full.tar.gz) = 0730d7e6bc217c0de02682efb0078821512bb542 | |
| 4 | RMD160 (xfig.3.2.5b.full.tar.gz) = aad4cfd808c116d34218e9890a898652e4f52ab6 | 4 | RMD160 (xfig.3.2.5b.full.tar.gz) = aad4cfd808c116d34218e9890a898652e4f52ab6 | |
| 5 | Size (xfig.3.2.5b.full.tar.gz) = 5821049 bytes | 5 | Size (xfig.3.2.5b.full.tar.gz) = 5821049 bytes | |
| 6 | SHA1 (patch-aa) = c931f4735f7502cc9d7c116378dcd3b420a40c6f | 6 | SHA1 (patch-aa) = c931f4735f7502cc9d7c116378dcd3b420a40c6f | |
| 7 | SHA1 (patch-ab) = c68a3ce1c1efbeab6e0f2dac9f91bf87c1515ce4 | 7 | SHA1 (patch-ab) = c68a3ce1c1efbeab6e0f2dac9f91bf87c1515ce4 | |
| 8 | SHA1 (patch-ac) = b43b811dce9aa3cdb5d18dc7c403a4a2e503fd44 | 8 | SHA1 (patch-ac) = b43b811dce9aa3cdb5d18dc7c403a4a2e503fd44 | |
| 9 | SHA1 (patch-ad) = b75238284164fe1e8365c21fab1a5e9102c467d0 | 9 | SHA1 (patch-ad) = b75238284164fe1e8365c21fab1a5e9102c467d0 | |
| 10 | SHA1 (patch-ae) = 8bb5d1c01faae34a6ad2cd1eaddf794cbf39a02e | 10 | SHA1 (patch-ae) = 8bb5d1c01faae34a6ad2cd1eaddf794cbf39a02e | |
| 11 | SHA1 (patch-ag) = 021f15be1fd36adc80c638bbb485e2f3753ac11b | 11 | SHA1 (patch-ag) = 021f15be1fd36adc80c638bbb485e2f3753ac11b | |
| 12 | SHA1 (patch-ai) = bd3f0c40e542aae1cfd739dbe0c0f096ddfdefcf | 12 | SHA1 (patch-ai) = bd3f0c40e542aae1cfd739dbe0c0f096ddfdefcf | |
| 13 | SHA1 (patch-ak) = fcc358a595590ea3136d71bd9f61449d54914c46 | 13 | SHA1 (patch-ak) = fcc358a595590ea3136d71bd9f61449d54914c46 | |
| 14 | SHA1 (patch-al) = ca20d3ec7bcf2ac24fd0a415495f805add23142d | 14 | SHA1 (patch-al) = ca20d3ec7bcf2ac24fd0a415495f805add23142d | |
| 15 | SHA1 (patch-am) = 72adbda34425fda49f2072a3d40a3d942e07e1ba | 15 | SHA1 (patch-am) = 72adbda34425fda49f2072a3d40a3d942e07e1ba | |
| 16 | SHA1 (patch-an) = 4bfce8dbd420bc4b4d8efa5b01a39e3a9ce03ca6 | 16 | SHA1 (patch-an) = 4bfce8dbd420bc4b4d8efa5b01a39e3a9ce03ca6 | |
| 17 | SHA1 (patch-ao) = 4b3878cd2a5ef57dd34d51604e204bd106261ad2 | 17 | SHA1 (patch-ao) = 4b3878cd2a5ef57dd34d51604e204bd106261ad2 | |
| 18 | SHA1 (patch-ap) = 84a453de2badd82eb31d950981f086e48310d66f | 18 | SHA1 (patch-ap) = 84a453de2badd82eb31d950981f086e48310d66f | |
| 19 | SHA1 (patch-aq) = 83c15caff521ab857b0a2744590cbd17f678c107 |
$NetBSD: patch-aq,v 1.1 2011/01/19 19:31:05 drochner Exp $
--- w_msgpanel.c.orig 2009-03-30 15:52:41.000000000 +0000
+++ w_msgpanel.c
@@ -60,7 +60,7 @@ DeclareStaticArgs(12);
/* for the popup message (file_msg) window */
static int file_msg_length=0;
-static char tmpstr[300];
+static char tmpstr[512];
static Widget file_msg_panel,
file_msg_win, file_msg_dismiss;
@@ -582,8 +582,8 @@ file_msg(char *format,...)
}
va_start(ap, format);
- /* format the string */
- vsprintf(tmpstr, format, ap);
+ /* format the string (but leave room for \n and \0) */
+ vsnprintf(tmpstr, sizeof(tmpstr)-2, format, ap);
va_end(ap);
strcat(tmpstr,"\n");