Update to version 4.1.b2, the latest stable release (dispite the "beta" flag),
which officially fixes the setuid security exploit by the vendors.
Additionally, from the PR:
* adds in distribution patches to allow it to interoperate
with libtiff-3.5.5 (the current version in the ports tree),
and replace an original FreeBSD patch.
* includes security patches (replacements of 'strcpy' and
'sprintf', primarily), mostly based on patches originally
submitted by Alex Langer [1] for 4.0pl2 and not yet commited,
although some new work was done too.
[1] I don't think, that these were my patches but those submitted by
John Holland <john@zoner.org> in PR 19180.
* Fixes some issues with the configure/setup scripts introduced
since the previous version.
* Additionally, original FreeBSD patches from 4.0pl2 were
merged in where they were not addressed by anything else.
(except the I18N patch, sorry).
I removed the FORBIDDEN line since there are at least no obvious security
concerns left.
PR: 19237
Submitted by: Andy Sparrow <andy@geek4food.org>
2000-06-27 11:59:36 +00:00
|
|
|
diff -ruN man/config.4f.orig man/config.4f
|
|
|
|
|
--- man/config.4f.orig Mon Jan 4 23:48:18 1999
|
|
|
|
|
+++ man/config.4f Mon Jun 12 21:52:41 2000
|
|
|
|
|
@@ -1446,7 +1446,7 @@
|
|
|
|
|
The command to place a phone call.
|
|
|
|
|
The string is assumed to be suitable for use
|
|
|
|
|
as a parameter to the
|
|
|
|
|
-.IR sprintf (3S)
|
|
|
|
|
+.IR snprintf (3S)
|
|
|
|
|
function; so the ``%'' character should be escaped as ``%%''.
|
|
|
|
|
The dial command must include a single ``%s'' where the number
|
|
|
|
|
that is to be dialed is to be substituted.
|