FL 7.3: dhcp 2.x CAN-2004-1006
Ville Herva
vherva at viasys.com
Mon Nov 8 14:24:35 UTC 2004
Regarding dhcp CAN-2004-1006: see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1006
http://www.debian.org/security/2004/dsa-584
and
http://secunia.com/advisories/13112/
I separated the fix for CAN-2004-1006 from the Debian dhcp package diff
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1.diff.gz
See the attached patch dhcp.CAN-2004-1006. (I hope I got the whole hunk -
Debian does not mark individual fixes in their diff.)
The patch appears to apply cleanly to the dhcp-2.0pl5-8.src.rpm:
ftp://ftp.redhat.com/pub/redhat/linux/7.3/en/os/i386/SRPMS/dhcp-2.0pl5-8.src.rpm
(which is the same that shipped with RH72 and RHEL21 afaict, and newer
doesn't seem to be available in the updates either.)
I merely added lines
Patch3: dhcp.CAN-2004-1006
and
%patch3 -p1
to the .spec and upped Release.
Should this fix be pushed via FL73, too?
-- v --
v at iki.fi
-------------- next part --------------
--- dhcp-2.0pl5/common/errwarn.c.orig2 Mon Nov 8 10:29:07 2004
+++ dhcp-2.0pl5/common/errwarn.c Mon Nov 8 10:29:22 2004
@@ -71,7 +71,7 @@ void error (ANSI_DECL(char *) fmt, VA_DO
va_end (list);
#ifndef DEBUG
- syslog (log_priority | LOG_ERR, mbuf);
+ syslog (log_priority | LOG_ERR, "%s", mbuf);
#endif
/* Also log it to stderr? */
@@ -104,7 +104,7 @@ int warn (ANSI_DECL (char *) fmt, VA_DOT
va_end (list);
#ifndef DEBUG
- syslog (log_priority | LOG_ERR, mbuf);
+ syslog (log_priority | LOG_ERR, "%s", mbuf);
#endif
if (log_perror) {
@@ -130,7 +130,7 @@ int note (ANSI_DECL (char *) fmt, VA_DOT
va_end (list);
#ifndef DEBUG
- syslog (log_priority | LOG_INFO, mbuf);
+ syslog (log_priority | LOG_INFO, "%s", mbuf);
#endif
if (log_perror) {
@@ -156,7 +156,7 @@ int debug (ANSI_DECL (char *) fmt, VA_DO
va_end (list);
#ifndef DEBUG
- syslog (log_priority | LOG_DEBUG, mbuf);
+ syslog (log_priority | LOG_DEBUG, "%s", mbuf);
#endif
if (log_perror) {
@@ -231,8 +231,8 @@ int parse_warn (ANSI_DECL (char *) fmt,
va_end (list);
#ifndef DEBUG
- syslog (log_priority | LOG_ERR, mbuf);
- syslog (log_priority | LOG_ERR, token_line);
+ syslog (log_priority | LOG_ERR, "%s", mbuf);
+ syslog (log_priority | LOG_ERR, "%s", token_line);
if (lexline < 81)
syslog (log_priority | LOG_ERR,
"%s^", &spaces [sizeof spaces - lexchar]);
More information about the fedora-legacy-list
mailing list