aboutsummaryrefslogtreecommitdiffstats
path: root/security/osiris
diff options
context:
space:
mode:
authoritetcu <itetcu@FreeBSD.org>2006-07-26 15:51:52 +0800
committeritetcu <itetcu@FreeBSD.org>2006-07-26 15:51:52 +0800
commita23bdbf95093ee2ebe536e687a9ef902497aad65 (patch)
treed4a6daa9ae40695e5cda950cbd0c840f01e910a7 /security/osiris
parent70a3de6f19b506782cb87fc691cce6318a60314a (diff)
downloadfreebsd-ports-gnome-a23bdbf95093ee2ebe536e687a9ef902497aad65.tar.gz
freebsd-ports-gnome-a23bdbf95093ee2ebe536e687a9ef902497aad65.tar.zst
freebsd-ports-gnome-a23bdbf95093ee2ebe536e687a9ef902497aad65.zip
Patching osiris in response to CVE-2006-3120.
"Ulf Harnhammar and Max Vozeler from the Debian Security Audit Project have found several format string security bugs in osiris, a network-wide system integrity monitor control interface. A remote attacker could exploit them and cause a denial of service or execute arbitrary code." PR: ports/100793 Submitted by: David Thiel (maintainer) Security: CVE-2006-3120
Diffstat (limited to 'security/osiris')
-rw-r--r--security/osiris/Makefile3
-rw-r--r--security/osiris/files/patch-logging66
2 files changed, 68 insertions, 1 deletions
diff --git a/security/osiris/Makefile b/security/osiris/Makefile
index 7148981d6b1c..498caba9a5d9 100644
--- a/security/osiris/Makefile
+++ b/security/osiris/Makefile
@@ -7,9 +7,10 @@
PORTNAME= osiris
PORTVERSION= 4.2.0
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= http://www.hostintegrity.com/osiris/data/ \
- http://darkambient.net/
+ http://redundancy.redundancy.org/mirror/
MAINTAINER= lx@redundancy.redundancy.org
COMMENT= The Shmoo client/server host integrity checker
diff --git a/security/osiris/files/patch-logging b/security/osiris/files/patch-logging
new file mode 100644
index 000000000000..208aa582fea8
--- /dev/null
+++ b/security/osiris/files/patch-logging
@@ -0,0 +1,66 @@
+--- src/osirisd/logging.c
++++ src/osirisd/logging.c
+@@ -93,7 +93,7 @@
+ fprintf( stdout, "\n" );
+ }
+ #else
+- syslog( ( SYSLOG_FACILITY | LOG_ERR ), header );
++ syslog( ( SYSLOG_FACILITY | LOG_ERR ), "%s", header );
+ #endif
+ }
+
+@@ -147,7 +147,7 @@
+ fprintf( stdout, "\n" );
+ }
+ #else
+- syslog( ( SYSLOG_FACILITY | LOG_INFO ), header );
++ syslog( ( SYSLOG_FACILITY | LOG_INFO ), "%s", header );
+ #endif
+ }
+
+@@ -201,7 +201,7 @@
+ fprintf( stdout, "\n" );
+ }
+ #else
+- syslog( ( SYSLOG_FACILITY | LOG_WARNING ), header );
++ syslog( ( SYSLOG_FACILITY | LOG_WARNING ), "%s", header );
+ #endif
+ }
+
+--- src/osirismd/logging.c
++++ src/osirismd/logging.c
+@@ -106,7 +106,7 @@
+ fprintf( stdout, "\n" );
+ }
+ #else
+- syslog( ( syslog_facility | LOG_ERR ), header );
++ syslog( ( syslog_facility | LOG_ERR ), "%s", header );
+ #endif
+ }
+
+@@ -168,7 +168,7 @@
+ fprintf( stdout, "\n" );
+ }
+ #else
+- syslog( ( syslog_facility | LOG_INFO ), header );
++ syslog( ( syslog_facility | LOG_INFO ), "%s", header );
+ #endif
+ }
+
+@@ -230,7 +230,7 @@
+ fprintf( stdout, "\n" );
+ }
+ #else
+- syslog( ( syslog_facility | LOG_WARNING ), header );
++ syslog( ( syslog_facility | LOG_WARNING ), "%s", header );
+ #endif
+ }
+
+@@ -281,7 +281,7 @@
+ NULL); /* no raw data */
+ }
+ #else
+- syslog( ( syslog_facility | LOG_INFO ), buffer );
++ syslog( ( syslog_facility | LOG_INFO ), "%s", buffer );
+ #endif
+ }