Index: ossp-pkg/lmtp2nntp/00TODO
RCS File: /v/ossp/cvs/ossp-pkg/lmtp2nntp/00TODO,v
rcsdiff -q -kk '-r1.60' '-r1.61' -u '/v/ossp/cvs/ossp-pkg/lmtp2nntp/00TODO,v' 2>/dev/null
--- 00TODO	2002/05/28 12:19:47	1.60
+++ 00TODO	2002/07/29 11:39:43	1.61
@@ -75,3 +75,27 @@
     crossposting problem                          -h [Newsgroups:see perl example above and use feature 2.)\n]
     potential to merge post/header modes          -h [Newsgroups:${_EnvelopeRCPT}\n]
 
+
+===================================================================
+RCS file: /e/ossp/cvs/ossp-pkg/fsl/fsl.c,v
+retrieving revision 1.22
+retrieving revision 1.21
+diff -r1.22 -r1.21
+341c341
+<         if ((l2rv = l2_spec(&ch, ctx.l2_fslenv, "%s", argl2spec)) != L2_OK) {
+---
+>         if ((l2rv = l2_spec(&ch, ctx.l2_fslenv, argl2spec)) != L2_OK) {
+513c513
+<                     if ((l2rv = l2_spec(&ch, ctx.l2_env, "%s", argl2spec)) != L2_OK) {
+---
+>                     if ((l2rv = l2_spec(&ch, ctx.l2_env, argl2spec)) != L2_OK) {
+
+Fix a big security hole: the l2_spec() is a varargs function which gets
+a format string and variable arguments. In case only a fixed string is
+used we have to use "%s" as the format string or else "%x" in the string
+is treated like a formatter (and hence cause a segfault or whatever
+else if it tries to fetch args from the stack). This especially also no
+longer requires the formatters to be written %%X...
+
+    consider using lib_cfg for configuration file parsing
+