head	1.5;
access;
symbols
	pkgsrc-2014Q4:1.4.0.54
	pkgsrc-2014Q4-base:1.4
	pkgsrc-2014Q3:1.4.0.52
	pkgsrc-2014Q3-base:1.4
	pkgsrc-2014Q2:1.4.0.50
	pkgsrc-2014Q2-base:1.4
	pkgsrc-2014Q1:1.4.0.48
	pkgsrc-2014Q1-base:1.4
	pkgsrc-2013Q4:1.4.0.46
	pkgsrc-2013Q4-base:1.4
	pkgsrc-2013Q3:1.4.0.44
	pkgsrc-2013Q3-base:1.4
	pkgsrc-2013Q2:1.4.0.42
	pkgsrc-2013Q2-base:1.4
	pkgsrc-2013Q1:1.4.0.40
	pkgsrc-2013Q1-base:1.4
	pkgsrc-2012Q4:1.4.0.38
	pkgsrc-2012Q4-base:1.4
	pkgsrc-2012Q3:1.4.0.36
	pkgsrc-2012Q3-base:1.4
	pkgsrc-2012Q2:1.4.0.34
	pkgsrc-2012Q2-base:1.4
	pkgsrc-2012Q1:1.4.0.32
	pkgsrc-2012Q1-base:1.4
	pkgsrc-2011Q4:1.4.0.30
	pkgsrc-2011Q4-base:1.4
	pkgsrc-2011Q3:1.4.0.28
	pkgsrc-2011Q3-base:1.4
	pkgsrc-2011Q2:1.4.0.26
	pkgsrc-2011Q2-base:1.4
	pkgsrc-2011Q1:1.4.0.24
	pkgsrc-2011Q1-base:1.4
	pkgsrc-2010Q4:1.4.0.22
	pkgsrc-2010Q4-base:1.4
	pkgsrc-2010Q3:1.4.0.20
	pkgsrc-2010Q3-base:1.4
	pkgsrc-2010Q2:1.4.0.18
	pkgsrc-2010Q2-base:1.4
	pkgsrc-2010Q1:1.4.0.16
	pkgsrc-2010Q1-base:1.4
	pkgsrc-2009Q4:1.4.0.14
	pkgsrc-2009Q4-base:1.4
	pkgsrc-2009Q3:1.4.0.12
	pkgsrc-2009Q3-base:1.4
	pkgsrc-2009Q2:1.4.0.10
	pkgsrc-2009Q2-base:1.4
	pkgsrc-2009Q1:1.4.0.8
	pkgsrc-2009Q1-base:1.4
	pkgsrc-2008Q4:1.4.0.6
	pkgsrc-2008Q4-base:1.4
	pkgsrc-2008Q3:1.4.0.4
	pkgsrc-2008Q3-base:1.4
	cube-native-xorg:1.4.0.2
	cube-native-xorg-base:1.4
	pkgsrc-2008Q2:1.3.0.22
	pkgsrc-2008Q2-base:1.3
	cwrapper:1.3.0.20
	pkgsrc-2008Q1:1.3.0.18
	pkgsrc-2008Q1-base:1.3
	pkgsrc-2007Q4:1.3.0.16
	pkgsrc-2007Q4-base:1.3
	pkgsrc-2007Q3:1.3.0.14
	pkgsrc-2007Q3-base:1.3
	pkgsrc-2007Q2:1.3.0.12
	pkgsrc-2007Q2-base:1.3
	pkgsrc-2007Q1:1.3.0.10
	pkgsrc-2007Q1-base:1.3
	pkgsrc-2006Q4:1.3.0.8
	pkgsrc-2006Q4-base:1.3
	pkgsrc-2006Q3:1.3.0.6
	pkgsrc-2006Q3-base:1.3
	pkgsrc-2006Q2:1.3.0.4
	pkgsrc-2006Q2-base:1.3
	pkgsrc-2006Q1:1.3.0.2
	pkgsrc-2006Q1-base:1.3
	pkgsrc-2005Q4:1.2.0.2
	pkgsrc-2005Q4-base:1.2
	pkgsrc-2005Q3:1.1.0.2
	pkgsrc-2005Q3-base:1.1;
locks; strict;
comment	@# @;


1.5
date	2015.01.11.02.37.20;	author joerg;	state dead;
branches;
next	1.4;
commitid	iSEVTk9aM40Hey5y;

1.4
date	2008.07.14.23.01.32;	author christos;	state Exp;
branches;
next	1.3;

1.3
date	2006.01.07.21.08.12;	author joerg;	state Exp;
branches;
next	1.2;

1.2
date	2005.12.12.19.55.41;	author joerg;	state dead;
branches
	1.2.2.1;
next	1.1;

1.1
date	2005.06.27.14.08.15;	author wiz;	state Exp;
branches;
next	;

1.2.2.1
date	2006.01.08.05.33.48;	author salo;	state Exp;
branches;
next	;


desc
@@


1.5
log
@Retire x11/openmotif.
@
text
@$NetBSD: patch-bj,v 1.4 2008/07/14 23:01:32 christos Exp $

--- clients/uil/UilDiags.c.orig	2006-04-06 09:24:06.000000000 -0400
+++ clients/uil/UilDiags.c	2008-06-28 16:17:21.000000000 -0400
@@@@ -317,13 +317,13 @@@@
 	    */
 
 #ifndef NO_MESSAGE_CATALOG
-	    sprintf( loc_buffer,
+	    snprintf( loc_buffer, sizeof(loc_buffer),
 		     catgets(uil_catd, UIL_SET_MISC,
 			     UIL_MISC_0, "\t\t line: %d  file: %s"),
 		     az_src_rec->w_line_number,
 		     src_get_file_name( az_src_rec ) );
 #else
-	    sprintf( loc_buffer,
+	    snprintf( loc_buffer, sizeof(loc_buffer),
 		     "\t\t line: %d  file: %s",
 		     az_src_rec->w_line_number,
 		     src_get_file_name( az_src_rec ) );
@@@@ -371,7 +371,7 @@@@
 
 	    if (l_start_column != diag_k_no_column)
 #ifndef NO_MESSAGE_CATALOG
-	      sprintf(loc_buffer,
+	      snprintf(loc_buffer, sizeof(loc_buffer),
 		      catgets(uil_catd, UIL_SET_MISC,
 			      UIL_MISC_1, 
 			      "\t\t line: %d  position: %d  file: %s"),
@@@@ -379,7 +379,7 @@@@
 		      l_start_column + 1,
 		      src_get_file_name( az_src_rec ) );
 #else
-	      sprintf(loc_buffer,
+	      snprintf(loc_buffer, sizeof(loc_buffer),
 		      "\t\t line: %d  position: %d  file: %s",
 		      az_src_rec->w_line_number,
 		      l_start_column + 1,
@@@@ -387,13 +387,14 @@@@
 #endif
 	    else
 #ifndef NO_MESSAGE_CATALOG
-		sprintf( loc_buffer, catgets(uil_catd, UIL_SET_MISC,
+		snprintf( loc_buffer, sizeof(loc_buffer),
+			 catgets(uil_catd, UIL_SET_MISC,
 					     UIL_MISC_0,
 					     "\t\t line: %d  file: %s"),
 			 az_src_rec->w_line_number,
 			 src_get_file_name( az_src_rec ) );
 #else
-		sprintf( loc_buffer,
+		snprintf( loc_buffer, sizeof(loc_buffer),
 			 "\t\t line: %d  file: %s",
 			 az_src_rec->w_line_number,
 			 src_get_file_name( az_src_rec ) );
@


1.4
log
@update to openmotif 2.3.1
@
text
@d1 1
a1 1
$NetBSD: patch-bj,v 1.3 2006/01/07 21:08:12 joerg Exp $
@


1.3
log
@Fix a number of buffer overflows in OpenMotif's UIL implementation.
For non-propolice systems this might be exploitable when the
user-provided data (e.g. certain filenames) or the locale files are
manipulated.

Mostly-found-by: xfocus, see [xfocus-SD-051202] on VulnWatch. Some
additional cases are handled which have the same impact.
Bump revision.
@
text
@d1 1
a1 1
$NetBSD$
d3 3
a5 18
--- clients/uil/UilDiags.c.orig	2006-01-06 20:46:16.000000000 +0100
+++ clients/uil/UilDiags.c
@@@@ -293,12 +293,12 @@@@ void	diag_issue_diagnostic
     va_start(ap, l_start_column);
 
 #ifndef NO_MESSAGE_CATALOG
-    vsprintf( msg_buffer, 
+    vsnprintf( msg_buffer, sizeof(msg_buffer),
 	      catgets(uil_catd, UIL_SET1, msg_cat_table[ message_number ],
 		      diag_rz_msg_table[ message_number ].ac_text), 
 	     ap );
 #else
-    vsprintf( msg_buffer, 
+    vsnprintf( msg_buffer, sizeof(msg_buffer), 
 	      diag_rz_msg_table[ message_number ].ac_text, 
 	      ap );
 #endif
@@@@ -317,13 +317,13 @@@@ void	diag_issue_diagnostic
d21 1
a21 1
@@@@ -371,7 +371,7 @@@@ void	diag_issue_diagnostic
d30 1
a30 1
@@@@ -379,7 +379,7 @@@@ void	diag_issue_diagnostic
d39 1
a39 1
@@@@ -387,13 +387,14 @@@@ void	diag_issue_diagnostic
@


1.2
log
@Update OpenMotif to 2.2.3. Too many changes to list here, but most
importantly no more imake usage.
@
text
@d1 1
a1 1
$NetBSD: patch-bj,v 1.1 2005/06/27 14:08:15 wiz Exp $
d3 68
a70 11
--- config/imake/imake.c.orig	2004-03-04 18:45:52.000000000 +0100
+++ config/imake/imake.c	2004-08-10 17:20:20.000000000 +0200
@@@@ -145,7 +145,7 @@@@
  *	#include INCLUDE_IMAKEFILE
  *	<add any global targets like 'clean' and long dependencies>
  */
-#if defined(__FreeBSD__) || defined(__NetBSD__)
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
 /* This needs to be before _POSIX_SOURCE gets defined */
 # include <sys/param.h>
 # include <sys/time.h>
@


1.2.2.1
log
@Pullup ticket 1008 - requested by Joerg Sonnenberger
security fix for openmotif

Revisions pulled up:
- pkgsrc/x11/openmotif/Makefile			1.40
- pkgsrc/x11/openmotif/distinfo			1.22
- pkgsrc/x11/openmotif/patches/patch-bj		1.3
- pkgsrc/x11/openmotif/patches/patch-bk		1.1

   Module Name:		pkgsrc
   Committed By:	joerg
   Date:		Sat Jan  7 21:08:12 UTC 2006

   Modified Files:
   	pkgsrc/x11/openmotif: Makefile distinfo
   Added Files:
   	pkgsrc/x11/openmotif/patches: patch-bj patch-bk

   Log Message:
   Fix a number of buffer overflows in OpenMotif's UIL implementation.
   For non-propolice systems this might be exploitable when the
   user-provided data (e.g. certain filenames) or the locale files are
   manipulated.

   Mostly-found-by: xfocus, see [xfocus-SD-051202] on VulnWatch. Some
   additional cases are handled which have the same impact.
   Bump revision.
@
text
@d1 1
a1 1
$NetBSD: patch-bj,v 1.3 2006/01/07 21:08:12 joerg Exp $
d3 11
a13 68
--- clients/uil/UilDiags.c.orig	2006-01-06 20:46:16.000000000 +0100
+++ clients/uil/UilDiags.c
@@@@ -293,12 +293,12 @@@@ void	diag_issue_diagnostic
     va_start(ap, l_start_column);
 
 #ifndef NO_MESSAGE_CATALOG
-    vsprintf( msg_buffer, 
+    vsnprintf( msg_buffer, sizeof(msg_buffer),
 	      catgets(uil_catd, UIL_SET1, msg_cat_table[ message_number ],
 		      diag_rz_msg_table[ message_number ].ac_text), 
 	     ap );
 #else
-    vsprintf( msg_buffer, 
+    vsnprintf( msg_buffer, sizeof(msg_buffer), 
 	      diag_rz_msg_table[ message_number ].ac_text, 
 	      ap );
 #endif
@@@@ -317,13 +317,13 @@@@ void	diag_issue_diagnostic
 	    */
 
 #ifndef NO_MESSAGE_CATALOG
-	    sprintf( loc_buffer,
+	    snprintf( loc_buffer, sizeof(loc_buffer),
 		     catgets(uil_catd, UIL_SET_MISC,
 			     UIL_MISC_0, "\t\t line: %d  file: %s"),
 		     az_src_rec->w_line_number,
 		     src_get_file_name( az_src_rec ) );
 #else
-	    sprintf( loc_buffer,
+	    snprintf( loc_buffer, sizeof(loc_buffer),
 		     "\t\t line: %d  file: %s",
 		     az_src_rec->w_line_number,
 		     src_get_file_name( az_src_rec ) );
@@@@ -371,7 +371,7 @@@@ void	diag_issue_diagnostic
 
 	    if (l_start_column != diag_k_no_column)
 #ifndef NO_MESSAGE_CATALOG
-	      sprintf(loc_buffer,
+	      snprintf(loc_buffer, sizeof(loc_buffer),
 		      catgets(uil_catd, UIL_SET_MISC,
 			      UIL_MISC_1, 
 			      "\t\t line: %d  position: %d  file: %s"),
@@@@ -379,7 +379,7 @@@@ void	diag_issue_diagnostic
 		      l_start_column + 1,
 		      src_get_file_name( az_src_rec ) );
 #else
-	      sprintf(loc_buffer,
+	      snprintf(loc_buffer, sizeof(loc_buffer),
 		      "\t\t line: %d  position: %d  file: %s",
 		      az_src_rec->w_line_number,
 		      l_start_column + 1,
@@@@ -387,13 +387,14 @@@@ void	diag_issue_diagnostic
 #endif
 	    else
 #ifndef NO_MESSAGE_CATALOG
-		sprintf( loc_buffer, catgets(uil_catd, UIL_SET_MISC,
+		snprintf( loc_buffer, sizeof(loc_buffer),
+			 catgets(uil_catd, UIL_SET_MISC,
 					     UIL_MISC_0,
 					     "\t\t line: %d  file: %s"),
 			 az_src_rec->w_line_number,
 			 src_get_file_name( az_src_rec ) );
 #else
-		sprintf( loc_buffer,
+		snprintf( loc_buffer, sizeof(loc_buffer),
 			 "\t\t line: %d  file: %s",
 			 az_src_rec->w_line_number,
 			 src_get_file_name( az_src_rec ) );
@


1.1
log
@Add DragonFly support (untested). Provided by Jörg Sonnenberger
in PR 30258.

While here, clean up pkglint warnings.
@
text
@d1 1
a1 1
$NetBSD$
@