Here is a security fix for the vlc port.
http://www.videolan.org/sa0701.html
Index: Makefile
===================================================================
RCS file: /cvs/ports/x11/vlc/Makefile,v
retrieving revision 1.42
diff -u -p -r1.42 Makefile
--- Makefile 24 Dec 2006 01:57:16 -0000 1.42
+++ Makefile 4 Jan 2007 05:51:12 -0000
@@ -5,7 +5,7 @@ SHARED_ONLY= Yes
COMMENT= "videolan client; multimedia player"
V= 0.8.6
DISTNAME= vlc-${V}
-PKGNAME= vlc-${V}p0
+PKGNAME= vlc-${V}p1
CATEGORIES= x11
MASTER_SITES= http://download.videolan.org/pub/videolan/vlc/${V}/
Index: patches/patch-modules_access_cdda_access_c
===================================================================
RCS file: patches/patch-modules_access_cdda_access_c
diff -N patches/patch-modules_access_cdda_access_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-modules_access_cdda_access_c 4 Jan 2007 05:56:52 -0000
@@ -0,0 +1,25 @@
+$OpenBSD$
+--- modules/access/cdda/access.c.orig Thu Jan 4 00:52:28 2007
++++ modules/access/cdda/access.c Thu Jan 4 00:54:20 2007
+@@ -89,17 +89,17 @@ cdio_log_handler (cdio_log_level_t level
+ case CDIO_LOG_DEBUG:
+ case CDIO_LOG_INFO:
+ if (p_cdda->i_debug & INPUT_DBG_CDIO)
+- msg_Dbg( p_cdda_input, message);
++ msg_Dbg( p_cdda_input, "%s", message);
+ break;
+ case CDIO_LOG_WARN:
+- msg_Warn( p_cdda_input, message);
++ msg_Warn( p_cdda_input, "%s", message);
+ break;
+ case CDIO_LOG_ERROR:
+ case CDIO_LOG_ASSERT:
+- msg_Err( p_cdda_input, message);
++ msg_Err( p_cdda_input, "%s", message);
+ break;
+ default:
+- msg_Warn( p_cdda_input, message,
++ msg_Warn( p_cdda_input, "%s\n%s %d", message,
+ "the above message had unknown cdio log level",
+ level);
+ }
Index: patches/patch-modules_access_vcdx_access_c
===================================================================
RCS file: patches/patch-modules_access_vcdx_access_c
diff -N patches/patch-modules_access_vcdx_access_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-modules_access_vcdx_access_c 4 Jan 2007 05:56:37 -0000
@@ -0,0 +1,43 @@
+$OpenBSD$
+--- modules/access/vcdx/access.c.orig Thu Jan 4 00:54:36 2007
++++ modules/access/vcdx/access.c Thu Jan 4 00:56:28 2007
+@@ -92,17 +92,17 @@ cdio_log_handler (cdio_log_level_t level
+ case CDIO_LOG_DEBUG:
+ case CDIO_LOG_INFO:
+ if (p_vcdplayer->i_debug & INPUT_DBG_CDIO)
+- msg_Dbg( p_vcd_access, message);
++ msg_Dbg( p_vcd_access, "%s", message);
+ break;
+ case CDIO_LOG_WARN:
+- msg_Warn( p_vcd_access, message);
++ msg_Warn( p_vcd_access, "%s", message);
+ break;
+ case CDIO_LOG_ERROR:
+ case CDIO_LOG_ASSERT:
+- msg_Err( p_vcd_access, message);
++ msg_Err( p_vcd_access, "%s", message);
+ break;
+ default:
+- msg_Warn( p_vcd_access, message,
++ msg_Warn( p_vcd_access, "%s\n%s %d", message,
+ _("The above message had unknown log level"),
+ level);
+ }
+@@ -118,14 +118,14 @@ vcd_log_handler (vcd_log_level_t level,
+ case VCD_LOG_DEBUG:
+ case VCD_LOG_INFO:
+ if (p_vcdplayer->i_debug & INPUT_DBG_VCDINFO)
+- msg_Dbg( p_vcd_access, message);
++ msg_Dbg( p_vcd_access, "%s", message);
+ break;
+ case VCD_LOG_WARN:
+- msg_Warn( p_vcd_access, message);
++ msg_Warn( p_vcd_access, "%s", message);
+ break;
+ case VCD_LOG_ERROR:
+ case VCD_LOG_ASSERT:
+- msg_Err( p_vcd_access, message);
++ msg_Err( p_vcd_access, "%s", message);
+ break;
+ default:
+ msg_Warn( p_vcd_access, "%s\n%s %d", message,
