Update to 1.4.8 + fix a security vulnerability.

PR: 40618 Submitted by: maintainer
svn path=/head/; revision=64009
2024-11-23 00:43:28 +00:00 · 2002-08-04 23:26:09 +00:00 · 2002-08-04 23:26:09 +00:00 · 4893182ac7 · 2021-03-31 03:12:20 +00:00
commit 4893182ac7
parent fcae02d108
3 changed files with 86 additions and 3 deletions
--- a/news/newsx/Makefile
+++ b/news/newsx/Makefile
@ -6,10 +6,10 @@
 #

 PORTNAME=	newsx
-PORTVERSION=	1.4.6
+PORTVERSION=	1.4.8
 CATEGORIES=	news
 MASTER_SITES=	ftp://ftp.kvaleberg.com/pub/
-DISTNAME=	${PORTNAME}-${PORTVERSION:S/.6/pl6/}
+DISTNAME=	${PORTNAME}-${PORTVERSION:S/.8/pl6/}

 MAINTAINER=	thierry@pompo.net

--- a/news/newsx/files/patch-configure.in
+++ b/news/newsx/files/patch-configure.in
@ -1,5 +1,14 @@
 --- configure.in.orig	Tue Jan 29 20:15:19 2002
-+++ configure.in	Thu Jan 31 01:05:04 2002
+++ configure.in	Mon Jul 15 21:46:55 2002
+@@ -167,7 +167,7 @@
+ dnl
+ AC_INIT(FAQ)
+ 
+-AM_INIT_AUTOMAKE(newsx, 1.4pl6)
+AM_INIT_AUTOMAKE(newsx, 1.4pl8)
+ AM_CONFIG_HEADER(config.h)
+ dnl Only most recent year required:
+ COPYRIGHT="Copyright 2002 Egil Kvaleberg <egil@kvaleberg.no>"
@@ -189,7 +189,7 @@
 dnl  Default list of locations to visit in search of the
 dnl  news configuration file
--- a/news/newsx/files/patch-src_logmsg.c
+++ b/news/newsx/files/patch-src_logmsg.c
@ -0,0 +1,74 @@
+--- src/logmsg.c.orig	Wed Feb 14 07:55:40 2001
+++ src/logmsg.c	Mon Jul 15 21:38:30 2002
+@@ -1,4 +1,4 @@
+-/*  VER 079  TAB P   $Id: logmsg.c,v 1.10.2.1 2001/02/14 06:55:40 egil Exp $
+/*  VER 080  TAB P   $Id: logmsg.c,v 1.10.2.1 2001/02/14 06:55:40 egil Exp $
+  *
+  *  handle error messages and such...
+  *
+@@ -60,9 +60,9 @@
+     /* 
+      *  try to make a surrogate 
+      *  we assume that on those architectures where this trick
+-     *  doesn't work there we will surely have stdarg.h or varargs.h
+     *  doesn't work there we will surely be stdarg.h or varargs.h
+      */
+-#define vsprintf(buf,  fmt, ap) sprintf(buf,  fmt, arg1, arg2, arg3, arg4)
+#define vsnprintf(buf,siz,fmt,ap) snprintf(buf,siz,fmt, arg1,arg2,arg3,arg4)
+ #define vfprintf(file, fmt, ap) fprintf(file, fmt, arg1, arg2, arg3, arg4)
+ #endif
+ 
+@@ -156,7 +156,7 @@
+ #endif
+ {
+     int e;
+-    char buf[BUFSIZ]; /* BUG: do we risk overwriting it? */
+    char buf[BUFSIZ];
+ 
+ #if HAVE_VPRINTF
+     va_list ap;
+@@ -176,34 +176,33 @@
+     case L_ERRno:
+     case L_ERR:
+ 	e = errno;
+-	vsprintf(buf, fmt, ap);
+-	if (type == L_ERRno) {
+-	    sprintf(buf + strlen (buf), ": %s", str_error(e));
+-	}
+-	strcat(buf, "\n");
+	vsnprintf(buf, sizeof(buf), fmt, ap);
+ #if HAVE_SYSLOG_H
+ 	if (!debug_opt) {
+-	    syslog(LOG_ERR, buf);
+	    syslog(LOG_ERR, "%s%s%s\n", buf,
+					((type==L_ERRno) ? ": ":""),
+					((type==L_ERRno) ? str_error(e):""));
+ 	} else 
+ #endif
+ 	{
+ 	    clean_line();
+-	    fprintf(stderr, "%s: %s", pname, buf);
+	    fprintf(stderr, "%s: %s%s%s\n", pname, buf,
+					((type==L_ERRno) ? ": ":""),
+					((type==L_ERRno) ? str_error(e):""));
+ 	    fflush(stderr);
+ 	}
+ 	break;
+ 
+     case L_INFO:
+-	vsprintf(buf, fmt, ap);
+-	strcat(buf, "\n");
+	vsnprintf(buf, sizeof(buf), fmt, ap);
+ #if HAVE_SYSLOG_H
+ 	if (!debug_opt) {
+-	    syslog(LOG_INFO, buf);
+	    syslog(LOG_INFO, "%s\n", buf);
+ 	} else 
+ #endif
+ 	{
+ 	    clean_line();
+-	    fprintf(stderr, "%s", buf);
+	    fprintf(stderr, "%s\n", buf);
+ 	    fflush(stderr);
+ 	}
+ 	break;