From 017f92e4e2e732ea8c4a29499977c0723f4f91d8 Mon Sep 17 00:00:00 2001
From: "Simon L. B. Nielsen" <simon@FreeBSD.org>
Date: Mon, 21 Mar 2005 22:45:35 +0000
Subject: Fix format string vulnerability.

Security:	http://vuxml.FreeBSD.org/a4bd3039-9a48-11d9-a256-0001020eed82.html
Security:	CAN-2005-0665
Obtained from:	Gentoo Linux
Approved by:	portmgr (marcus), erwin (mentor), maintainer
---
 graphics/xv/Makefile                  |  2 +-
 graphics/xv/files/patch-CAN-2005-0665 | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 graphics/xv/files/patch-CAN-2005-0665

(limited to 'graphics/xv')

diff --git a/graphics/xv/Makefile b/graphics/xv/Makefile
index 2780180171d9..2e71599d58fc 100644
--- a/graphics/xv/Makefile
+++ b/graphics/xv/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	xv
 PORTVERSION=	3.10a
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES+=	graphics
 MASTER_SITES=	ftp://ftp.cis.upenn.edu/pub/xv/ \
 		${MASTER_SITE_LOCAL} \
diff --git a/graphics/xv/files/patch-CAN-2005-0665 b/graphics/xv/files/patch-CAN-2005-0665
new file mode 100644
index 000000000000..7c61c540108f
--- /dev/null
+++ b/graphics/xv/files/patch-CAN-2005-0665
@@ -0,0 +1,11 @@
+--- xv.c.orig	Mon Mar 21 22:00:43 2005
++++ xv.c	Mon Mar 21 22:21:53 2005
+@@ -2197,7 +2197,7 @@
+   SetISTR(ISTR_INFO,formatStr);
+ 	
+   SetInfoMode(INF_PART);
+-  SetISTR(ISTR_FILENAME, 
++  SetISTR(ISTR_FILENAME, "%s",
+ 	  (filenum==DFLTPIC || filenum==GRABBED || frompipe)
+ 	  ? "<none>" : basefname);
+ 
-- 
cgit v1.2.3