diff options
author | itetcu <itetcu@FreeBSD.org> | 2006-07-26 15:51:52 +0800 |
---|---|---|
committer | itetcu <itetcu@FreeBSD.org> | 2006-07-26 15:51:52 +0800 |
commit | a23bdbf95093ee2ebe536e687a9ef902497aad65 (patch) | |
tree | d4a6daa9ae40695e5cda950cbd0c840f01e910a7 /security/osiris | |
parent | 70a3de6f19b506782cb87fc691cce6318a60314a (diff) | |
download | freebsd-ports-gnome-a23bdbf95093ee2ebe536e687a9ef902497aad65.tar.gz freebsd-ports-gnome-a23bdbf95093ee2ebe536e687a9ef902497aad65.tar.zst freebsd-ports-gnome-a23bdbf95093ee2ebe536e687a9ef902497aad65.zip |
Patching osiris in response to CVE-2006-3120.
"Ulf Harnhammar and Max Vozeler from the Debian Security Audit Project
have found several format string security bugs in osiris, a network-wide
system integrity monitor control interface. A remote attacker could
exploit them and cause a denial of service or execute arbitrary code."
PR: ports/100793
Submitted by: David Thiel (maintainer)
Security: CVE-2006-3120
Diffstat (limited to 'security/osiris')
-rw-r--r-- | security/osiris/Makefile | 3 | ||||
-rw-r--r-- | security/osiris/files/patch-logging | 66 |
2 files changed, 68 insertions, 1 deletions
diff --git a/security/osiris/Makefile b/security/osiris/Makefile index 7148981d6b1c..498caba9a5d9 100644 --- a/security/osiris/Makefile +++ b/security/osiris/Makefile @@ -7,9 +7,10 @@ PORTNAME= osiris PORTVERSION= 4.2.0 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://www.hostintegrity.com/osiris/data/ \ - http://darkambient.net/ + http://redundancy.redundancy.org/mirror/ MAINTAINER= lx@redundancy.redundancy.org COMMENT= The Shmoo client/server host integrity checker diff --git a/security/osiris/files/patch-logging b/security/osiris/files/patch-logging new file mode 100644 index 000000000000..208aa582fea8 --- /dev/null +++ b/security/osiris/files/patch-logging @@ -0,0 +1,66 @@ +--- src/osirisd/logging.c ++++ src/osirisd/logging.c +@@ -93,7 +93,7 @@ + fprintf( stdout, "\n" ); + } + #else +- syslog( ( SYSLOG_FACILITY | LOG_ERR ), header ); ++ syslog( ( SYSLOG_FACILITY | LOG_ERR ), "%s", header ); + #endif + } + +@@ -147,7 +147,7 @@ + fprintf( stdout, "\n" ); + } + #else +- syslog( ( SYSLOG_FACILITY | LOG_INFO ), header ); ++ syslog( ( SYSLOG_FACILITY | LOG_INFO ), "%s", header ); + #endif + } + +@@ -201,7 +201,7 @@ + fprintf( stdout, "\n" ); + } + #else +- syslog( ( SYSLOG_FACILITY | LOG_WARNING ), header ); ++ syslog( ( SYSLOG_FACILITY | LOG_WARNING ), "%s", header ); + #endif + } + +--- src/osirismd/logging.c ++++ src/osirismd/logging.c +@@ -106,7 +106,7 @@ + fprintf( stdout, "\n" ); + } + #else +- syslog( ( syslog_facility | LOG_ERR ), header ); ++ syslog( ( syslog_facility | LOG_ERR ), "%s", header ); + #endif + } + +@@ -168,7 +168,7 @@ + fprintf( stdout, "\n" ); + } + #else +- syslog( ( syslog_facility | LOG_INFO ), header ); ++ syslog( ( syslog_facility | LOG_INFO ), "%s", header ); + #endif + } + +@@ -230,7 +230,7 @@ + fprintf( stdout, "\n" ); + } + #else +- syslog( ( syslog_facility | LOG_WARNING ), header ); ++ syslog( ( syslog_facility | LOG_WARNING ), "%s", header ); + #endif + } + +@@ -281,7 +281,7 @@ + NULL); /* no raw data */ + } + #else +- syslog( ( syslog_facility | LOG_INFO ), buffer ); ++ syslog( ( syslog_facility | LOG_INFO ), "%s", buffer ); + #endif + } |