[pkgsrc/trunk]: pkgsrc/multimedia/xine-ui fix some format string vulnerabilit...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/7e1cf62b9404
branches:  trunk
changeset: 511769:7e1cf62b9404
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Fri Apr 21 11:11:26 2006 +0000

description:
fix some format string vulnerabilities, see
http://www.open-security.org/advisories/16

diffstat:

 multimedia/xine-ui/Makefile         |   5 ++---
 multimedia/xine-ui/distinfo         |   4 +++-
 multimedia/xine-ui/patches/patch-aq |  31 +++++++++++++++++++++++++++++++
 multimedia/xine-ui/patches/patch-ar |  13 +++++++++++++
 4 files changed, 49 insertions(+), 4 deletions(-)

diffs (82 lines):

diff -r 3e754262ead1 -r 7e1cf62b9404 multimedia/xine-ui/Makefile
--- a/multimedia/xine-ui/Makefile       Fri Apr 21 10:39:18 2006 +0000
+++ b/multimedia/xine-ui/Makefile       Fri Apr 21 11:11:26 2006 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.24 2006/04/17 13:46:42 wiz Exp $
+# $NetBSD: Makefile,v 1.25 2006/04/21 11:11:26 drochner Exp $
 #
 
 DISTNAME=              xine-ui-0.99.4
-#PKGREVISION=          1
-PKGREVISION=           1
+PKGREVISION=           2
 CATEGORIES=            multimedia
 MASTER_SITES=          ${MASTER_SITE_SOURCEFORGE:=xine/}
 
diff -r 3e754262ead1 -r 7e1cf62b9404 multimedia/xine-ui/distinfo
--- a/multimedia/xine-ui/distinfo       Fri Apr 21 10:39:18 2006 +0000
+++ b/multimedia/xine-ui/distinfo       Fri Apr 21 11:11:26 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2006/04/09 14:43:13 hira Exp $
+$NetBSD: distinfo,v 1.11 2006/04/21 11:11:26 drochner Exp $
 
 SHA1 (xine-ui-0.99.4.tar.gz) = b982e5697f183559c216f9243b9410d61b9c58aa
 RMD160 (xine-ui-0.99.4.tar.gz) = eeead5c6e566ade5505c8fcb924272c74eb4f49a
@@ -12,3 +12,5 @@
 SHA1 (patch-am) = 57567b2c1f86ef575ff4abcbfaa5f06e3178a056
 SHA1 (patch-ao) = 09e83615b88dffbdfeb0b0bad07dcdc60024ba67
 SHA1 (patch-ap) = f4f360e5fc8008882f07c649b7ea29ef163c6731
+SHA1 (patch-aq) = 212d5c561422e5866cdc05cd39c609b1274aa8b6
+SHA1 (patch-ar) = a64614bc76e73a7d0600daee0a72affe2dc6de15
diff -r 3e754262ead1 -r 7e1cf62b9404 multimedia/xine-ui/patches/patch-aq
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/xine-ui/patches/patch-aq       Fri Apr 21 11:11:26 2006 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-aq,v 1.1 2006/04/21 11:11:26 drochner Exp $
+
+--- src/xitk/main.c.orig       2006-04-20 11:59:48.000000000 +0200
++++ src/xitk/main.c
+@@ -456,7 +456,7 @@ static void print_formatted(char *title,
+   int          len;
+   char        *blanks = "     ";
+ 
+-  printf(title);
++  printf("%s", title);
+   
+   sprintf(buffer, "%s", blanks);
+   plugin = *plugins++;
+@@ -469,7 +469,7 @@ static void print_formatted(char *title,
+       sprintf(buffer, "%s%s%s", buffer, (strlen(buffer) == strlen(blanks)) ? "" : ", ", plugin);
+     }
+     else {
+-      printf(buffer);
++      printf("%s", buffer);
+       printf(",\n");
+       snprintf(buffer, sizeof(buffer), "%s%s", blanks, plugin);
+     }
+@@ -478,7 +478,7 @@ static void print_formatted(char *title,
+   }
+   
+   if(strlen(buffer))
+-    printf(buffer);
++    printf("%s", buffer);
+   
+   printf(".\n\n");
+ }
diff -r 3e754262ead1 -r 7e1cf62b9404 multimedia/xine-ui/patches/patch-ar
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/xine-ui/patches/patch-ar       Fri Apr 21 11:11:26 2006 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ar,v 1.1 2006/04/21 11:11:26 drochner Exp $
+
+--- src/xitk/xine-toolkit/xitk.c.orig  2006-04-21 12:52:41.000000000 +0200
++++ src/xitk/xine-toolkit/xitk.c
+@@ -1877,7 +1877,7 @@ void xitk_init(Display *display, XColor 
+   sprintf(buffer, "%s%s", buffer, " ]-");
+ 
+   if(verbosity)
+-    printf(buffer);
++    printf("%s", buffer);
+ 
+   gXitk->wm_type = xitk_check_wm(display);
+