ez-ipzpdate.bb: Address flaw in syslog handling

Address CVE-2004-0980.

diff --git a/recipes/ez-ipupdate/ez-ipupdate_3.0.10.bb b/recipes/ez-ipupdate/ez-ipupdate_3.0.10.bb
index f3434e1..661ff96 100644 (file)
--- a/recipes/ez-ipupdate/ez-ipupdate_3.0.10.bb
+++ b/recipes/ez-ipupdate/ez-ipupdate_3.0.10.bb
@@ -4,12 +4,13 @@ HOMEPAGE = "http://www.ez-ipupdate.com/"
 SECTION = "console/network"
 PRIORITY = "optional"
 LICENSE = "GPL"
-PR = "r1"
+PR = "r2"
 
 SRC_URI = "http://www.ez-ipupdate.com/dist/ez-ipupdate-${PV}.tar.gz \
           file://configure.patch;patch=1 \
           file://conffile.patch;patch=1 \
           file://zoneedit.patch;patch=1 \
+          file://CVE-2004-0980.patch;patch=1;pnum=0 \
           file://init \
           file://ipupdate.conf \
          "

diff --git a/recipes/ez-ipupdate/files/CVE-2004-0980.patch b/recipes/ez-ipupdate/files/CVE-2004-0980.patch
new file mode 100644 (file)
index 0000000..27b7ee9
--- /dev/null
+++ b/recipes/ez-ipupdate/files/CVE-2004-0980.patch
@@ -0,0 +1,13 @@
+$FreeBSD: ports/dns/ez-ipupdate/files/patch-ez-ipupdate.c,v 1.1 2004/11/11 15:46:04 naddy Exp $
+
+--- ez-ipupdate.c.orig
++++ ez-ipupdate.c
+@@ -798,7 +798,7 @@
+     sprintf(buf, "message incomplete because your OS sucks: %s\n", fmt);
+ #endif
+ 
+-    syslog(LOG_NOTICE, buf);
++    syslog(LOG_NOTICE, "%s", buf);
+   }
+   else
+   {