rpms/libsilc/devel silc-toolkit-1.1.8-stringformat.patch, NONE, 1.1 libsilc.spec, 1.27, 1.28
Stu Tomlinson
nosnilmot at fedoraproject.org
Wed Aug 5 15:01:06 UTC 2009
- Previous message (by thread): rpms/libsilc/F-11 silc-toolkit-1.1.8-stringformat.patch, NONE, 1.1 libsilc.spec, 1.26, 1.27
- Next message (by thread): rpms/virtaal/devel .cvsignore, 1.9, 1.10 sources, 1.9, 1.10 virtaal.spec, 1.11, 1.12
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nosnilmot
Update of /cvs/pkgs/rpms/libsilc/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13263/devel
Modified Files:
libsilc.spec
Added Files:
silc-toolkit-1.1.8-stringformat.patch
Log Message:
- Backport patch to fix string format vulnerability (#515648)
silc-toolkit-1.1.8-stringformat.patch:
client_entry.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- NEW FILE silc-toolkit-1.1.8-stringformat.patch ---
From: Pekka Riikonen <priikone at silcnet.org>
Date: Fri, 31 Jul 2009 19:32:57 +0000 (+0300)
Subject: Fixed string format vulnerability in client entry handling.
X-Git-Tag: silc.client.1.1.8~1
X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=1598b3a51b51a434037461ccd35487bc0df3137c
Fixed string format vulnerability in client entry handling.
Reported and patch provided by William Cummings.
---
diff --git a/lib/silcclient/client_entry.c b/lib/silcclient/client_entry.c
index 003f2fc..c950bfb 100644
--- a/lib/silcclient/client_entry.c
+++ b/lib/silcclient/client_entry.c
@@ -801,10 +801,10 @@ SilcClientEntry silc_client_add_client(SilcClient client,
client_entry->server, sizeof(client_entry->server));
if (nickname && client->internal->params->full_nicknames)
silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
- nickname);
+ "%s", nickname);
else if (nickname)
silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
- parsed);
+ "%s", parsed);
silc_parse_userfqdn(username, client_entry->username,
sizeof(client_entry->username),
@@ -900,10 +900,10 @@ void silc_client_update_client(SilcClient client,
client_entry->server, sizeof(client_entry->server));
if (client->internal->params->full_nicknames)
silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
- nickname);
+ "%s", nickname);
else
silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
- parsed);
+ "%s", parsed);
/* Normalize nickname */
nick = silc_identifier_check(parsed, strlen(parsed),
@@ -1206,7 +1206,7 @@ SilcClientEntry silc_client_nickname_format(SilcClient client,
return NULL;
silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
- cp);
+ "%s", cp);
silc_free(cp);
}
Index: libsilc.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libsilc/devel/libsilc.spec,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -p -r1.27 -r1.28
--- libsilc.spec 25 Jul 2009 08:38:40 -0000 1.27
+++ libsilc.spec 5 Aug 2009 15:01:06 -0000 1.28
@@ -1,7 +1,7 @@
Summary: SILC Client Library
Name: libsilc
Version: 1.1.8
-Release: 4%{dist}
+Release: 5%{dist}
License: GPLv2 or BSD
Group: System Environment/Libraries
URL: http://www.silcnet.org/
@@ -10,6 +10,7 @@ Patch0: silc-toolkit-1.1-wordsize.patch
Patch1: silc-toolkit-1.1.5-libidn.patch
Patch2: silc-toolkit-1.1.5-docinst.patch
Patch3: silc-toolkit-1.1.8-libtool.patch
+Patch4: silc-toolkit-1.1.8-stringformat.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
BuildRequires: libidn-devel
BuildRequires: libtool, autoconf, automake
@@ -44,6 +45,7 @@ applications.
%patch1 -p1 -b .libidn
%patch2 -p1 -b .docinst
%patch3 -p1 -b .libtool
+%patch4 -p1 -b .stringformat
# filter out libsilc module SONAME Provides (#245323)
cat << \EOF > %{name}-prov
@@ -57,7 +59,7 @@ EOF
chmod +x %{__find_provides}
%build
-autoreconf -i
+autoreconf -f -i
%configure --libdir=%{_libdir} --enable-shared --without-libtoolfix \
--includedir=%{_includedir}/silc --with-simdir=%{_libdir}/silc/modules \
--docdir=%{_docdir}/%{name}-%{version} CFLAGS="$RPM_OPT_FLAGS"
@@ -133,6 +135,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed Aug 05 2009 Stu Tomlinson <stu at nosnilmot.com> 1.1.8-5
+- Backport patch to fix string format vulnerability (#515648)
+
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.1.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
- Previous message (by thread): rpms/libsilc/F-11 silc-toolkit-1.1.8-stringformat.patch, NONE, 1.1 libsilc.spec, 1.26, 1.27
- Next message (by thread): rpms/virtaal/devel .cvsignore, 1.9, 1.10 sources, 1.9, 1.10 virtaal.spec, 1.11, 1.12
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list