Security:

Prevent a buffer overflow in ntpq.  (CVE-2009-0159)
From upstream via FreeBSD.

net/ntp/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.39 2009/02/11 19:36:27 naddy Exp $
+# $OpenBSD: Makefile,v 1.40 2009/04/20 15:32:38 naddy Exp $
 
 COMMENT=	Network Time Protocol reference implementation
 
@@ -8,7 +8,7 @@ COMMENT=	Network Time Protocol reference implementation
 
 VERSION=	4.2.4p6
 DISTNAME=	ntp-${VERSION}
-PKGNAME=	ntp-${VERSION:S/p/pl/}p0
+PKGNAME=	ntp-${VERSION:S/p/pl/}p1
 CATEGORIES=	net
 MASTER_SITES=   ftp://ftp.udel.edu/pub/ntp/ntp4/ntp-4.2/ \
 		http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ \

net/ntp/patches/patch-ntpq_ntpq_c

@@ -0,0 +1,15 @@
+$OpenBSD: patch-ntpq_ntpq_c,v 1.1 2009/04/20 15:32:38 naddy Exp $
+--- ntpq/ntpq.c.orig	Mon Apr 20 17:24:34 2009
++++ ntpq/ntpq.c	Mon Apr 20 17:26:32 2009
+@@ -3185,9 +3185,9 @@ cookedprint(
+ 				if (!decodeuint(value, &uval))
+ 				    output_raw = '?';
+ 				else {
+-					char b[10];
++					char b[12];
+ 
+-					(void) sprintf(b, "%03lo", uval);
++					(void) snprintf(b, sizeof(b), "%03lo", uval);
+ 					output(fp, name, b);
+ 				}
+ 				break;