head	1.3;
access;
symbols
	RELEASE_4_6_2:1.2
	RELEASE_4_6_1:1.2
	RELEASE_4_6_0:1.2
	RELEASE_5_0_DP1:1.2
	RELEASE_4_5_0:1.2
	RELEASE_4_4_0:1.1;
locks; strict;
comment	@# @;


1.3
date	2002.06.09.23.28.55;	author petef;	state dead;
branches;
next	1.2;

1.2
date	2002.01.22.05.19.24;	author pat;	state Exp;
branches;
next	1.1;

1.1
date	2001.04.30.07.33.39;	author kris;	state Exp;
branches;
next	;


desc
@@


1.3
log
@Update to 2.0.12.

PR:		38584
Submitted by:	Oliver Lehmann <lehmann@@ans-netz.de>
@
text
@--- lib/cache.c.orig	Fri Jul 20 21:26:19 2001
+++ lib/cache.c	Wed Jan  2 13:54:45 2002
@@@@ -45,7 +45,7 @@@@
     }
   g_free (tempstr);
 
-  srand (time (NULL));
+  srandomdev();
   tempstr = NULL;
   cachefile = NULL;
   do
@@@@ -57,7 +57,7 @@@@
         g_free (cachefile);
 
       cachefile = g_strdup_printf ("cache%ld",
-                                   1 + (long) (99999999.0 * rand () /
+                                   1 + (long) (99999999.0 * random () /
 				   (RAND_MAX + 1.0)));
       tempstr = g_strdup_printf ("%s/%s", cachedir, cachefile);
     }
@


1.2
log
@- Update to 2.0.11
- Remove FORBIDDEN

PR:		33764
Submitted by:	Oliver Lehmann <lehmann@@ans-netz.de>
@
text
@@


1.1
log
@Upgrade to gftp 2.0.8 and mark FORBIDDEN. gftp 2.0.8 was a security update
to fix a remotely exploitable format string vulnerability, but in the course
of trying to make the new version actually build I discovered that it also
has local tempfile vulnerabilities, among other problems.
@
text
@d1 3
a3 3
--- lib/cache.c.orig	Sat Mar  3 17:42:43 2001
+++ lib/cache.c	Mon Apr 30 00:16:57 2001
@@@@ -42,7 +42,7 @@@@
d12 1
a12 1
@@@@ -54,7 +54,7 @@@@
@

