From 3c366ebb68037ad7a32f8ca48c50b23c4f66d8cc Mon Sep 17 00:00:00 2001 From: ajacoutot Date: Mon, 17 Dec 2007 22:38:19 +0000 Subject: [PATCH] - SECURITY fix for a known format string vulnerability from Michael Tannenbaum via MAINTAINER --- net/ez-ipupdate/Makefile | 3 ++- net/ez-ipupdate/patches/patch-ez-ipupdate_c | 12 ++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 net/ez-ipupdate/patches/patch-ez-ipupdate_c diff --git a/net/ez-ipupdate/Makefile b/net/ez-ipupdate/Makefile index 8439d3b38d3..64d2775f0ba 100644 --- a/net/ez-ipupdate/Makefile +++ b/net/ez-ipupdate/Makefile @@ -1,8 +1,9 @@ -# $OpenBSD: Makefile,v 1.1.1.1 2007/12/16 17:48:29 ajacoutot Exp $ +# $OpenBSD: Makefile,v 1.2 2007/12/17 22:38:19 ajacoutot Exp $ COMMENT= small dynamic DNS updater written in C DISTNAME= ez-ipupdate-3.0.11b7 +PKGNAME= ${DISTNAME}p0 CATEGORIES= net diff --git a/net/ez-ipupdate/patches/patch-ez-ipupdate_c b/net/ez-ipupdate/patches/patch-ez-ipupdate_c new file mode 100644 index 00000000000..c8570b0fc0d --- /dev/null +++ b/net/ez-ipupdate/patches/patch-ez-ipupdate_c @@ -0,0 +1,12 @@ +$OpenBSD: patch-ez-ipupdate_c,v 1.1 2007/12/17 22:38:19 ajacoutot Exp $ +--- ez-ipupdate.c.orig Mon Dec 17 23:32:54 2007 ++++ ez-ipupdate.c Mon Dec 17 23:34:05 2007 +@@ -798,7 +798,7 @@ void show_message(char *fmt, ...) + sprintf(buf, "message incomplete because your OS sucks: %s\n", fmt); + #endif + +- syslog(LOG_NOTICE, buf); ++ syslog(LOG_NOTICE, "%s", buf); + } + else + {