lpd: Avoid buffer overflow when sending a job
When forwarding a print job to a remote server, we could overflow the
command buffer if a control or data file had a very long name.
MFC after: 1 week
Reported by: Joshua Rogers <joshua at joshua.hu>
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57184
(cherry picked from commit f2c7c5f94803b67a9a6af625d4fc8882d2afda6c)
lpd: Restore ability to specify a port number
This has been broken since IPv6 support was added in 2000. We would
validate the port number (which had to be a port number, but can now
also be a service name) and then ignore it.
MFC after: 1 week
Fixes: 08829865f659 ("IPv6 support for lpr.")
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57181
(cherry picked from commit c0cae7d8da50daa87af4cd6d7c9a2043343b506f)
lpr: Add deprecation notice
These programs require elevated privileges to work and have not seen
regular maintenance in decades. Unless someone steps up and overhauls
them, we will have to remove them before 16.0. Better-maintained
alternatives are available in ports (print/cups, sysutils/LPRng).
MFC after: 3 days
(cherry picked from commit d57dee7ab66f60537b557cb602be194e3eed253d)
lpd: Avoid buffer overflow when sending a job
When forwarding a print job to a remote server, we could overflow the
command buffer if a control or data file had a very long name.
MFC after: 1 week
Reported by: Joshua Rogers <joshua at joshua.hu>
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57184
(cherry picked from commit f2c7c5f94803b67a9a6af625d4fc8882d2afda6c)
lpd: Restore ability to specify a port number
This has been broken since IPv6 support was added in 2000. We would
validate the port number (which had to be a port number, but can now
also be a service name) and then ignore it.
MFC after: 1 week
Fixes: 08829865f659 ("IPv6 support for lpr.")
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57181
(cherry picked from commit c0cae7d8da50daa87af4cd6d7c9a2043343b506f)
security/infisical-cli: add new port for the official Infisical CLI
The Infisical CLI is a powerful command-line tool for secret management
that allows you to:
- Inject secrets into applications and development workflows
- Scan for secret leaks in your codebase and git history
- Export secrets to various formats (dotenv, JSON, YAML)
- Authenticate with Infisical Cloud or self-hosted instances
- Integrate with CI/CD pipelines and Docker containers
ttymsg: Overhaul
* Instead of an error string, return the usual 0 or -1 and let the caller
figure out what, if anything, to tell the user.
* Avoid string manipulations by opening /dev first and using openat()
with O_RESOLVE_BENEATH.
* Add a boolean argument which, if false, causes ttymsg() to return
without sending the message if the tty's group-writable bit is not
set. This saves programs that respect this setting (like syslogd(8))
from having to check before calling ttymsg().
* Update all callers.
The observable effect of this change is minimal except for slightly
different error messages when ttymsg() fails. However, syslogd(8) will
no longer print spurious error messages on the console after trying and
failing to write a log message to an X11 session.
[7 lines not shown]
ttymsg: Overhaul
* Instead of an error string, return the usual 0 or -1 and let the caller
figure out what, if anything, to tell the user.
* Avoid string manipulations by opening /dev first and using openat()
with O_RESOLVE_BENEATH.
* Add a boolean argument which, if false, causes ttymsg() to return
without sending the message if the tty's group-writable bit is not
set. This saves programs that respect this setting (like syslogd(8))
from having to check before calling ttymsg().
* Update all callers.
The observable effect of this change is minimal except for slightly
different error messages when ttymsg() fails. However, syslogd(8) will
no longer print spurious error messages on the console after trying and
failing to write a log message to an X11 session.
[7 lines not shown]
