[pkgsrc/trunk]: pkgsrc/net/socks5 add patch from http://online.securityfocus....

[grant <grant%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/fd10e6aba788
branches:  trunk
changeset: 462748:fd10e6aba788
user:      grant <grant%pkgsrc.org@localhost>
date:      Sat Oct 11 11:27:56 2003 +0000

description:
add patch from http://online.securityfocus.com/archive/2/9842,
fixing remotely exploitable buffer overflow.

bump PKGREVISION.

addresses PR pkg/22687 from Wolfgang S. Rupprecht.

diffstat:

 net/socks5/Makefile         |   4 ++--
 net/socks5/distinfo         |   3 ++-
 net/socks5/patches/patch-ac |  25 +++++++++++++++++++++++++
 3 files changed, 29 insertions(+), 3 deletions(-)

diffs (59 lines):

diff -r 1523af1d155e -r fd10e6aba788 net/socks5/Makefile
--- a/net/socks5/Makefile       Sat Oct 11 11:16:20 2003 +0000
+++ b/net/socks5/Makefile       Sat Oct 11 11:27:56 2003 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.27 2003/10/11 11:16:20 grant Exp $
+# $NetBSD: Makefile,v 1.28 2003/10/11 11:27:56 grant Exp $
 # FreeBSD Id: Makefile,v 1.14 1997/08/28 06:49:06 obrien Exp
 #
 
@@ -6,7 +6,7 @@
 PKGNAME=       socks5-1.0.2
 WRKSRC=                ${WRKDIR}/socks5-v1.0r2
 CATEGORIES=    net security
-PKGREVISION=   1
+PKGREVISION=   2
 MASTER_SITES=  # empty -- manual fetch needed
 EXTRACT_SUFX=  _tar.gz
 
diff -r 1523af1d155e -r fd10e6aba788 net/socks5/distinfo
--- a/net/socks5/distinfo       Sat Oct 11 11:16:20 2003 +0000
+++ b/net/socks5/distinfo       Sat Oct 11 11:27:56 2003 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.2 2001/04/21 11:23:34 wiz Exp $
+$NetBSD: distinfo,v 1.3 2003/10/11 11:27:56 grant Exp $
 
 SHA1 (socks5-v1_0r2_tar.gz) = 57c6e3a17381ce48bed008a86442385dbc2d11de
 Size (socks5-v1_0r2_tar.gz) = 390331 bytes
 SHA1 (patch-aa) = 5960986bf8aa8e8abf96df90b4b9c1940b1adb98
 SHA1 (patch-ab) = 85e70c3a81ee5dc44af24f48fe4d3869c0985854
+SHA1 (patch-ac) = 296da7096e6c6984714f5aa88e3caab7cd11e309
diff -r 1523af1d155e -r fd10e6aba788 net/socks5/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/socks5/patches/patch-ac       Sat Oct 11 11:27:56 2003 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-ac,v 1.1 2003/10/11 11:27:56 grant Exp $
+
+--- lib/log.c.orig     1997-06-19 02:32:05.000000000 +1000
++++ lib/log.c
+@@ -77,7 +77,8 @@ static void replacePercentM(const char *
+ }
+ 
+ void S5LogvUpdate(const void *handle, int level, int msgID, const char *oformat, va_list pvar) {
+-    char fmt_cpy[2*1024 + 2*10], format[2*1024 + 2*10];
++#define FMT_BUFLEN (2*1024 + 2*10)
++    char fmt_cpy[FMT_BUFLEN], format[FMT_BUFLEN];
+     S5LogHandle *h = (S5LogHandle *)handle;
+     int serrno = GETERRNO();
+     static int dontLoop = 0;
+@@ -112,7 +113,9 @@ void S5LogvUpdate(const void *handle, in
+     strcat(format, " ");
+     
+     replacePercentM(oformat, format + strlen(format), sizeof(format) - strlen(format));
+-    vsprintf(fmt_cpy, format, pvar);
++    if(vsnprintf(fmt_cpy, FMT_BUFLEN-1,format, pvar)==-1) {
++        fmt_cpy[FMT_BUFLEN-1]='\0';
++    }
+ 
+     /* Log to the Local log facility, e.g. Stderr on Unix and maybe a window */
+     /* or something on NT.  Neither system can deal with a NULL format so    */