Remove setuid root bit from hfaxd and fix a format string error which was

previously a security vulnerability

Reported by:    Marcin Dawcewicz <miv@IIDEA.PL>
Obtained from:  http://www.hylafax.org

2 files changed, 23 insertions, 1 deletions

diff --git a/comms/hylafax/Makefile b/comms/hylafax/Makefile
index abab9930cb5e..1e4fa64185a7 100644
--- a/comms/hylafax/Makefile
+++ b/comms/hylafax/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	hylafax
 PORTVERSION=	4.1.b2
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	comms
 MASTER_SITES=	ftp://ftp.hylafax.org/source/
 DISTNAME=	${PORTNAME}-4.1beta2
diff --git a/comms/hylafax/files/patch-sec1 b/comms/hylafax/files/patch-sec1
new file mode 100644
index 000000000000..11d37cde781a
--- /dev/null
+++ b/comms/hylafax/files/patch-sec1
@@ -0,0 +1,22 @@
+--- hfaxd/Makefile.in.orig	Sat Apr 14 18:47:02 2001
++++ hfaxd/Makefile.in	Sat Apr 14 18:47:42 2001
+@@ -96,7 +96,7 @@
+ incdepend:
+ 
+ install: default
+-	${INSTALL} -F ${LIBEXEC} -u root -m 4755 \
++	${INSTALL} -F ${LIBEXEC} -u root -m 755 \
+ 	    -idb ${PRODUCT}.sw.server -O hfaxd
+ 	${INSTALL} -F ${LIBDATA} -m 644 -idb ${PRODUCT}.sw.server \
+ 	    -idb "config(noupdate)" -src ${SRCDIR}/hfaxd.conf -O hfaxd.conf
+--- hfaxd/main.c++.orig	Sat Apr 14 18:55:07 2001
++++ hfaxd/main.c++	Sat Apr 14 18:53:04 2001
+@@ -237,7 +237,7 @@
+     if (detach == -1)			// no protocol options means -I
+ 	detach = false;
+     if (Sys::chdir(queueDir) < 0)
+-	fatal(queueDir | ": Can not change directory");
++	fatal("Can not change directory to %s", (const char*)queueDir);
+     CheckSpoolingSetup();
+     if (detach)
+ 	detachFromTTY();