The following patch fixes several printf-style format string bugs.
Note that the 'eeprom' program is only available on the sparc platform.

Apply by doing:
	cd /usr/src
	patch -p0 < 028_format_strings.patch

The rebuild the affected programs:
	cd usr.bin/fstat
	make depend && make && make install

	cd ../passwd
	make depend && make && make install

	cd ../top
	make depend && make && make install

	cd ../su
	make depend && make && make install

	cd ../ssh
	make depend && make && make install

	# sparc only
	cd ../../usr.sbin/eeprom
	make depend && make && make install

Index: usr.bin/fstat/fstat.c
===================================================================
RCS file: /cvs/src/usr.bin/fstat/fstat.c,v
retrieving revision 1.26
diff -u -r1.26 fstat.c
--- usr.bin/fstat/fstat.c	2000/01/17 16:26:19	1.26
+++ usr.bin/fstat/fstat.c	2000/10/09 14:51:06
@@ -1018,7 +1018,7 @@
 	DEVS *cur;
 
 	if (stat(filename, &statbuf)) {
-		warn(filename);
+		warn("%s", filename);
 		return(0);
 	}
 	if ((cur = malloc(sizeof(DEVS))) == NULL)
Index: usr.bin/passwd/yp_passwd.c
===================================================================
RCS file: /cvs/src/usr.bin/passwd/yp_passwd.c,v
retrieving revision 1.12
diff -u -r1.12 yp_passwd.c
--- usr.bin/passwd/yp_passwd.c	1998/07/13 02:15:01	1.12
+++ usr.bin/passwd/yp_passwd.c	2000/10/09 14:51:06
@@ -72,7 +72,7 @@
 	int err, eval;
 {
 	if(err) 
-		warn(name);
+		warn("%s", name);
 
 	warnx("YP passwd database unchanged.");
 	exit(eval);
Index: usr.bin/su/su.c
===================================================================
RCS file: /cvs/src/usr.bin/su/su.c,v
retrieving revision 1.31
diff -u -r1.31 su.c
--- usr.bin/su/su.c	1998/03/25 21:27:27	1.31
+++ usr.bin/su/su.c	2000/10/09 14:51:06
@@ -300,7 +300,7 @@
 	(void)setpriority(PRIO_PROCESS, 0, prio);
 
 	execv(shell, np);
-	err(1, shell);
+	err(1, "%s", shell);
 }
 
 int
Index: usr.sbin/eeprom/eehandlers.c
===================================================================
RCS file: /cvs/src/usr.sbin/eeprom/eehandlers.c,v
retrieving revision 1.5
diff -u -r1.5 eehandlers.c
--- usr.sbin/eeprom/eehandlers.c	1996/08/31 12:56:06	1.5
+++ usr.sbin/eeprom/eehandlers.c	2000/10/09 14:51:06
@@ -79,14 +79,14 @@
 }
 
 #define FAILEDREAD(kt) {						\
-	warnx(err_str);							\
+	warnx("%s", err_str);						\
 	warnx("failed to read field `%s'", (kt)->kt_keyword);		\
 	++eval;								\
 	return;								\
 }
 
 #define FAILEDWRITE(kt) {						\
-	warnx(err_str);							\
+	warnx("%s", err_str);						\
 	warnx("failed to update field `%s'", (kt)->kt_keyword);		\
 	++eval;								\
 	return;								\
Index: usr.sbin/eeprom/main.c
===================================================================
RCS file: /cvs/src/usr.sbin/eeprom/main.c,v
retrieving revision 1.5
diff -u -r1.5 main.c
--- usr.sbin/eeprom/main.c	1998/07/08 22:13:26	1.5
+++ usr.sbin/eeprom/main.c	2000/10/09 14:51:06
@@ -264,7 +264,7 @@
 		 * the generic op_handler.
 		 */
 		if ((cp = op_handler(keyword, arg)) != NULL)
-			warnx(cp);
+			warnx("%s", cp);
 		return;
 	} else
 #endif /* __sparc__ */
Index: usr.bin/top/top.c
===================================================================
RCS file: /cvs/src/usr.bin/top/top.c,v
retrieving revision 1.3
diff -u -r1.3 top.c
--- usr.bin/top/top.c	1999/05/23 17:19:21	1.3
+++ usr.bin/top/top.c	2000/10/09 14:51:06
@@ -761,7 +761,7 @@
 				{
 				    if ((errmsg = kill_procs(tempbuf2)) != NULL)
 				    {
-					new_message(MT_standout, errmsg);
+					new_message(MT_standout, "%s", errmsg);
 					putchar('\r');
 					no_command = Yes;
 				    }
@@ -778,7 +778,7 @@
 				{
 				    if ((errmsg = renice_procs(tempbuf2)) != NULL)
 				    {
-					new_message(MT_standout, errmsg);
+					new_message(MT_standout, "%s", errmsg);
 					putchar('\r');
 					no_command = Yes;
 				    }
Index: usr.bin/ssh/auth-rsa.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/auth-rsa.c,v
retrieving revision 1.23
diff -u -r1.23 auth-rsa.c
--- usr.bin/ssh/auth-rsa.c	2000/04/29 18:11:51	1.23
+++ usr.bin/ssh/auth-rsa.c	2000/10/09 14:51:06
@@ -186,8 +186,8 @@
 		}
 		if (fail) {
 			fclose(f);
-			log(buf);
-			packet_send_debug(buf);
+			log("%s",buf);
+			packet_send_debug("%s",buf);
 			restore_uid();
 			return 0;
 		}
Index: usr.bin/ssh/auth2.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/auth2.c,v
retrieving revision 1.8
diff -u -r1.8 auth2.c
--- usr.bin/ssh/auth2.c	2000/05/08 17:42:24	1.8
+++ usr.bin/ssh/auth2.c	2000/10/09 14:51:06
@@ -433,8 +433,8 @@
 			}
 		}
 		if (fail) {
-			log(buf);
 			fclose(f);
+			log("%s",buf);
 			restore_uid();
 			return 0;
 		}
Index: usr.bin/ssh/ssh-keygen.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.25
diff -u -r1.25 ssh-keygen.c
--- usr.bin/ssh/ssh-keygen.c	2000/05/08 18:23:07	1.25
+++ usr.bin/ssh/ssh-keygen.c	2000/10/09 14:51:06
@@ -123,13 +123,13 @@
 		exit(1);
 	}
 	dsa_make_key_blob(k, &blob, &len);
-	fprintf(stdout, SSH_COM_MAGIC_BEGIN "\n");
+	fprintf(stdout, "%s\n", SSH_COM_MAGIC_BEGIN);
 	fprintf(stdout,
 	    "Comment: \"%d-bit DSA, converted from openssh by %s@%s\"\n",
 	    BN_num_bits(k->dsa->p),
 	    pw->pw_name, hostname);
 	dump_base64(stdout, blob, len);
-	fprintf(stdout, SSH_COM_MAGIC_END "\n");
+	fprintf(stdout, "%s\n", SSH_COM_MAGIC_END);
 	key_free(k);
 	xfree(blob);
 	exit(0);