$OpenBSD: patch-src_package_c,v 1.3 2005/07/21 15:16:47 aanriot Exp $
--- src/package.c.orig	Mon Feb 28 17:19:20 2005
+++ src/package.c	Fri Jul 15 13:42:23 2005
@@ -335,14 +335,14 @@ int InstallPackage(char *name, enum pkgm
       strncpy(instcmd, rawinstcmd, CF_BUFSIZE*2);
       ptr = instcmd + strlen(rawinstcmd);
       *percent = '%';
-      strcat(ptr, name);
+      (void)strlcat(ptr, name, (CF_BUFSIZE*2 - strlen(rawinstcmd)));
       ptr += strlen(name);
       percent += 2;
       strncpy(ptr, percent, (CF_BUFSIZE*2 - (ptr-instcmd)));
       }
     else
       {
-      sprintf(instcmd, "%s %s", rawinstcmd, name);
+      (void)snprintf(instcmd, CF_BUFSIZE*2, "%s %s", rawinstcmd, name);
       }
     Verbose("Installing package(s) %s using %s\n", name, instcmd);
     if ((pp = cfpopen(instcmd, "r")) == NULL)
@@ -443,11 +443,11 @@ int DPKGPackageCheck(char *package,char 
      treat "" as "no version" */
   
   if (strncmp (evrstart, "(none)", strlen ("(none)")) == 0) {
-    sprintf (evrstart, "\"\"");
+    (void)snprintf (evrstart, strlen("(none)"), "\"\"");
   }
 
   if (strncmp (version, "(none)", strlen ("(none)")) == 0) {
-    sprintf (version, "\"\"");
+    (void)snprintf (version, strlen("(none)"), "\"\"");
   }
 
   /* the evrstart shall be a version number which we will
