In updating the Scintilla and SciTE ports to 1.70 for OpenBSD, I've done a code audit and replaced the insecure string handling functions (strcat, strcpy, sprintf) with the secure ones (strlcat, strlcpy, snprintf, respectively). Hopefully these security fixes can be applied to future versions of Scintilla and SciTE. I'm not sure if all of the fixes are correct (I'm not an experienced C++ programmer), but hopefully the patches can be reviewed and applied if appropriate.
The openbsd ports are linked below: Scintilla: http://marc.theaimsgroup.com/?l=openbsd-ports&m=115275206705763&q=p3 SciTE: http://marc.theaimsgroup.com/?l=openbsd-ports&m=115275206705763&q=p4 If you have any questions, please let me know. Thanks, Jeremy Evans _______________________________________________ Scintilla-interest mailing list [email protected] http://mailman.lyra.org/mailman/listinfo/scintilla-interest
