- Attempt to fix the exploitable security issue described at

  http://www.vuxml.org/freebsd/f2d5e56e-67eb-11d9-a9e7-0001020eed82.html by
  replacing strcat() with strncat().  Please note that I wasn't able to
  reproduce the exploit described at
  http://tigger.uic.edu/~jlongs2/holes/unrtf.txt on my 5.3-STABLE system.
  Feedback from someone who can reproduce the exploit with an unpatched unrtf
  would be appreciated
- Bump PORTREVISION
- Remove old master site that doesn't seem to have the distfile any more

VuXML:		f2d5e56e-67eb-11d9-a9e7-0001020eed82
PR:		ports/76852
Submitted by:	Stefan Walter <sw(at)gegenunendlich.de>

2 files changed, 13 insertions, 6 deletions

diff --git a/textproc/unrtf/Makefile b/textproc/unrtf/Makefile
index 36fdaedef2f7..f6632845f87b 100644
--- a/textproc/unrtf/Makefile
+++ b/textproc/unrtf/Makefile
@@ -6,18 +6,14 @@
 
 PORTNAME=	unrtf
 PORTVERSION=	0.19.3
+PORTREVISION=	1
 CATEGORIES=	textproc
-MASTER_SITES=	http://unrtf.50megs.com/ \
-		${MASTER_SITE_GNU}
+MASTER_SITES=	${MASTER_SITE_GNU}
 MASTER_SITE_SUBDIR=	${PORTNAME}
 
 MAINTAINER=	ports@FreeBSD.org
 COMMENT=	A converter from RTF to several formats, including HTML and LaTeX
 
-FORBIDDEN=	http://vuxml.FreeBSD.org/f2d5e56e-67eb-11d9-a9e7-0001020eed82.html
-DEPRECATED=	${FORBIDDEN}
-EXPIRATION_DATE=2005-02-16
-
 USE_REINPLACE=	yes
 ALL_TARGET=	unrtf
 
diff --git a/textproc/unrtf/files/patch-convert.c b/textproc/unrtf/files/patch-convert.c
new file mode 100644
index 000000000000..35fa047d08a1
--- /dev/null
+++ b/textproc/unrtf/files/patch-convert.c
@@ -0,0 +1,11 @@
+--- convert.c.orig	Sun Jan 30 13:34:16 2005
++++ convert.c	Sun Jan 30 13:35:36 2005
+@@ -341,7 +341,7 @@
+ 				while(w2) {
+ 					tmp = word_string (w2);
+ 					if (tmp && tmp[0] != '\\')
+-						strcat(name,tmp);
++						strncat(name,tmp,sizeof(name)-strlen(name)-1);
+ 
+ 					w2=w2->next;
+ 				}