- SECURITY fix for a known format string vulnerability

from Michael Tannenbaum via MAINTAINER
2007-12-17 22:38:19 +00:00 · 2007-12-17 22:38:19 +00:00 · 3c366ebb68
commit 3c366ebb68
parent 17a7ab01f9
2 changed files with 14 additions and 1 deletions
--- a/net/ez-ipupdate/Makefile
+++ b/net/ez-ipupdate/Makefile
@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.1.1.1 2007/12/16 17:48:29 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.2 2007/12/17 22:38:19 ajacoutot Exp $

 COMMENT=	small dynamic DNS updater written in C

 DISTNAME=	ez-ipupdate-3.0.11b7
+PKGNAME=	${DISTNAME}p0

 CATEGORIES=	net

--- a/net/ez-ipupdate/patches/patch-ez-ipupdate_c
+++ b/net/ez-ipupdate/patches/patch-ez-ipupdate_c
@ -0,0 +1,12 @@
+$OpenBSD: patch-ez-ipupdate_c,v 1.1 2007/12/17 22:38:19 ajacoutot Exp $
+--- ez-ipupdate.c.orig	Mon Dec 17 23:32:54 2007
+++ ez-ipupdate.c	Mon Dec 17 23:34:05 2007
+@@ -798,7 +798,7 @@ void show_message(char *fmt, ...)
+     sprintf(buf, "message incomplete because your OS sucks: %s\n", fmt);
+ #endif
+ 
+-    syslog(LOG_NOTICE, buf);
+    syslog(LOG_NOTICE, "%s", buf);
+   }
+   else
+   {