rpms/libsilc/F-10 silc-toolkit-1.1.8-libtool.patch, NONE, 1.1 silc-toolkit-1.1.8-stringformat.patch, NONE, 1.1 libsilc.spec, 1.24, 1.25
Stu Tomlinson
nosnilmot at fedoraproject.org
Wed Aug 5 15:01:06 UTC 2009
Author: nosnilmot
Update of /cvs/pkgs/rpms/libsilc/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13263/F-10
Modified Files:
libsilc.spec
Added Files:
silc-toolkit-1.1.8-libtool.patch
silc-toolkit-1.1.8-stringformat.patch
Log Message:
- Backport patch to fix string format vulnerability (#515648)
silc-toolkit-1.1.8-libtool.patch:
Makefile.am | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE silc-toolkit-1.1.8-libtool.patch ---
diff -up silc-toolkit-1.1.8/lib/Makefile.am.libtool silc-toolkit-1.1.8/lib/Makefile.am
--- silc-toolkit-1.1.8/lib/Makefile.am.libtool 2008-12-23 12:56:45.000000000 -0500
+++ silc-toolkit-1.1.8/lib/Makefile.am 2008-12-23 12:56:59.000000000 -0500
@@ -73,8 +73,8 @@ all:
install-exec-hook:
-mkdir -p $(DESTDIR)$(libdir)
- -$(LIBTOOL) $(INSTALL) libsilc.la $(DESTDIR)$(libdir)/
- -$(LIBTOOL) $(INSTALL) libsilcclient.la $(DESTDIR)$(libdir)/
+ -$(LIBTOOL) --mode=install $(INSTALL) libsilc.la $(DESTDIR)$(libdir)/
+ -$(LIBTOOL) --mode=install $(INSTALL) libsilcclient.la $(DESTDIR)$(libdir)/
LIB_BASE_VERSION=@LIB_BASE_VERSION@
LIBSILC_CURRENT=@LIBSILC_CURRENT@
silc-toolkit-1.1.8-stringformat.patch:
client_entry.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- NEW FILE silc-toolkit-1.1.8-stringformat.patch ---
From: Pekka Riikonen <priikone at silcnet.org>
Date: Fri, 31 Jul 2009 19:32:57 +0000 (+0300)
Subject: Fixed string format vulnerability in client entry handling.
X-Git-Tag: silc.client.1.1.8~1
X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=1598b3a51b51a434037461ccd35487bc0df3137c
Fixed string format vulnerability in client entry handling.
Reported and patch provided by William Cummings.
---
diff --git a/lib/silcclient/client_entry.c b/lib/silcclient/client_entry.c
index 003f2fc..c950bfb 100644
--- a/lib/silcclient/client_entry.c
+++ b/lib/silcclient/client_entry.c
@@ -801,10 +801,10 @@ SilcClientEntry silc_client_add_client(SilcClient client,
client_entry->server, sizeof(client_entry->server));
if (nickname && client->internal->params->full_nicknames)
silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
- nickname);
+ "%s", nickname);
else if (nickname)
silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
- parsed);
+ "%s", parsed);
silc_parse_userfqdn(username, client_entry->username,
sizeof(client_entry->username),
@@ -900,10 +900,10 @@ void silc_client_update_client(SilcClient client,
client_entry->server, sizeof(client_entry->server));
if (client->internal->params->full_nicknames)
silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
- nickname);
+ "%s", nickname);
else
silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
- parsed);
+ "%s", parsed);
/* Normalize nickname */
nick = silc_identifier_check(parsed, strlen(parsed),
@@ -1206,7 +1206,7 @@ SilcClientEntry silc_client_nickname_format(SilcClient client,
return NULL;
silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
- cp);
+ "%s", cp);
silc_free(cp);
}
Index: libsilc.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libsilc/F-10/libsilc.spec,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -p -r1.24 -r1.25
--- libsilc.spec 3 Dec 2008 16:43:55 -0000 1.24
+++ libsilc.spec 5 Aug 2009 15:01:05 -0000 1.25
@@ -1,7 +1,7 @@
Summary: SILC Client Library
Name: libsilc
Version: 1.1.8
-Release: 1%{dist}
+Release: 5%{dist}
License: GPLv2 or BSD
Group: System Environment/Libraries
URL: http://www.silcnet.org/
@@ -9,6 +9,8 @@ Source0: http://www.silcnet.org/download
Patch0: silc-toolkit-1.1-wordsize.patch
Patch1: silc-toolkit-1.1.5-libidn.patch
Patch2: silc-toolkit-1.1.5-docinst.patch
+Patch3: silc-toolkit-1.1.8-libtool.patch
+Patch4: silc-toolkit-1.1.8-stringformat.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
BuildRequires: libidn-devel
BuildRequires: libtool, autoconf, automake
@@ -42,6 +44,8 @@ applications.
%patch0 -p1 -b .wordsize
%patch1 -p1 -b .libidn
%patch2 -p1 -b .docinst
+%patch3 -p1 -b .libtool
+%patch4 -p1 -b .stringformat
# filter out libsilc module SONAME Provides (#245323)
cat << \EOF > %{name}-prov
@@ -55,8 +59,8 @@ EOF
chmod +x %{__find_provides}
%build
-autoreconf
-%configure --libdir=%{_libdir} --enable-shared \
+autoreconf -f -i
+%configure --libdir=%{_libdir} --enable-shared --without-libtoolfix \
--includedir=%{_includedir}/silc --with-simdir=%{_libdir}/silc/modules \
--docdir=%{_docdir}/%{name}-%{version} CFLAGS="$RPM_OPT_FLAGS"
@@ -131,6 +135,18 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed Aug 05 2009 Stu Tomlinson <stu at nosnilmot.com> 1.1.8-5
+- Backport patch to fix string format vulnerability (#515648)
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.1.8-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.1.8-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Tue Dec 23 2008 Stu Tomlinson <stu at nosnilmot.com> 1.1.8-2
+- Fix building with libtool 2.2
+
* Wed Dec 03 2008 Stu Tomlinson <stu at nosnilmot.com> 1.1.8-1
- Update to 1.1.8
More information about the fedora-extras-commits
mailing list