Index: ossp-pkg/lmtp2nntp/00TODO
RCS File: /v/ossp/cvs/ossp-pkg/lmtp2nntp/00TODO,v
rcsdiff -q -kk '-r1.61' '-r1.62' -u '/v/ossp/cvs/ossp-pkg/lmtp2nntp/00TODO,v' 2>/dev/null
--- 00TODO	2002/07/29 11:39:43	1.61
+++ 00TODO	2003/01/30 19:18:57	1.62
@@ -76,26 +76,5 @@
     potential to merge post/header modes          -h [Newsgroups:${_EnvelopeRCPT}\n]
 
 
-===================================================================
-RCS file: /e/ossp/cvs/ossp-pkg/fsl/fsl.c,v
-retrieving revision 1.22
-retrieving revision 1.21
-diff -r1.22 -r1.21
-341c341
-<         if ((l2rv = l2_spec(&ch, ctx.l2_fslenv, "%s", argl2spec)) != L2_OK) {
----
->         if ((l2rv = l2_spec(&ch, ctx.l2_fslenv, argl2spec)) != L2_OK) {
-513c513
-<                     if ((l2rv = l2_spec(&ch, ctx.l2_env, "%s", argl2spec)) != L2_OK) {
----
->                     if ((l2rv = l2_spec(&ch, ctx.l2_env, argl2spec)) != L2_OK) {
-
-Fix a big security hole: the l2_spec() is a varargs function which gets
-a format string and variable arguments. In case only a fixed string is
-used we have to use "%s" as the format string or else "%x" in the string
-is treated like a formatter (and hence cause a segfault or whatever
-else if it tries to fetch args from the stack). This especially also no
-longer requires the formatters to be written %%X...
-
-    consider using lib_cfg for configuration file parsing
+  consider using lib_cfg for configuration file parsing
 
Index: ossp-pkg/lmtp2nntp/lmtp2nntp_config.c
RCS File: /v/ossp/cvs/ossp-pkg/lmtp2nntp/lmtp2nntp_config.c,v
rcsdiff -q -kk '-r1.86' '-r1.87' -u '/v/ossp/cvs/ossp-pkg/lmtp2nntp/lmtp2nntp_config.c,v' 2>/dev/null
--- lmtp2nntp_config.c	2003/01/30 15:19:55	1.86
+++ lmtp2nntp_config.c	2003/01/30 19:18:57	1.87
@@ -158,7 +158,7 @@
             fprintf(stderr, "%s:Error: logging failed to configure \"%s\" channel\n", ctx->progname, l2_handler_var.name);
             CU(CONFIG_ERR_LOG);
         }
-        if ((l2_spec(&ch, ctx->l2_env, ov->data.s)) != L2_OK) {
+        if ((l2_spec(&ch, ctx->l2_env, "%s", ov->data.s)) != L2_OK) {
             fprintf(stderr, "%s:Error: logging failed to create stream\n", ctx->progname);
             CU(CONFIG_ERR_LOG);
         }
Index: ossp-pkg/lmtp2nntp/test.sh
RCS File: /v/ossp/cvs/ossp-pkg/lmtp2nntp/test.sh,v
rcsdiff -q -kk '-r1.13' '-r1.14' -u '/v/ossp/cvs/ossp-pkg/lmtp2nntp/test.sh,v' 2>/dev/null
--- test.sh	2002/03/04 15:54:28	1.13
+++ test.sh	2003/01/30 19:18:57	1.14
@@ -79,7 +79,7 @@
 
  L2CONF="${PREFIX}logspec"
  L2FILE="${PREFIX}log"
- L2SPEC="'debug: prefix(prefix=\"%%b %%d %%H:%%M:%%S <%%L> lmtp2nntp[%%P]: \",timezone=local) -> file(path=\"${L2FILE}\",append=0,perm=432)'" 
+ L2SPEC="'debug: prefix(prefix=\"%b %d %H:%M:%S <%L> lmtp2nntp[%P]: \",timezone=local) -> file(path=\"${L2FILE}\",append=0,perm=432)'" 
  echo >${L2CONF} "l2spec ${L2SPEC}"
     LOG="-i ${L2CONF}"