Fix a format string vulnerability which appears to be exploitable, and

bump PORTREVISION.

3 files changed, 25 insertions, 0 deletions

diff --git a/security/fakebo/Makefile b/security/fakebo/Makefile
index aeb0b7ea6ba6..184054d07b86 100644
--- a/security/fakebo/Makefile
+++ b/security/fakebo/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	fakebo
 PORTVERSION=	0.4.1
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	ftp://the.ausmac.net/wd2a/security/port-loggers/ \
 		ftp://ftp.mayn.de/pub/unix/security/network/ \
diff --git a/security/fakebo/files/patch-aa b/security/fakebo/files/patch-aa
new file mode 100644
index 000000000000..9c47d7e9e0ed
--- /dev/null
+++ b/security/fakebo/files/patch-aa
@@ -0,0 +1,11 @@
+--- misc.c.orig	Thu Jun  6 18:11:32 2002
++++ misc.c	Thu Jun  6 18:11:41 2002
+@@ -107,7 +107,7 @@
+ 
+ #ifdef HAVE_OPENLOG
+ 		openlog("FakeBO", LOG_CONS, LOG_USER);
+-		syslog(LOG_WARNING, buf);
++		syslog(LOG_WARNING, "%s", buf);
+ 		closelog();
+ #else
+ #warning "Can't find usable syslog, disabled!"
diff --git a/security/fakebo/files/patch-ab b/security/fakebo/files/patch-ab
new file mode 100644
index 000000000000..12c64f4fe089
--- /dev/null
+++ b/security/fakebo/files/patch-ab
@@ -0,0 +1,13 @@
+--- fakebo.c.orig	Thu Jun  6 18:13:21 2002
++++ fakebo.c	Thu Jun  6 18:13:31 2002
+@@ -457,8 +457,8 @@
+ {
+ 	static char msg[] = "Warning: SIGHUP received, but config re-read not yet implemented!\n";
+ 
+-	logprintf(TRUE, msg);
+-	syslogprintf(msg);
++	logprintf(TRUE, "%s", msg);
++	syslogprintf("%s", msg);
+ }
+ 
+ #endif