FL 7.3: dhcp 2.x CAN-2004-1006

Ville Herva vherva at viasys.com
Mon Nov 8 14:24:35 UTC 2004 

Regarding dhcp CAN-2004-1006: see
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1006
  http://www.debian.org/security/2004/dsa-584
  and 
  http://secunia.com/advisories/13112/

I separated the fix for CAN-2004-1006 from the Debian dhcp package diff
  http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1.diff.gz
See the attached patch dhcp.CAN-2004-1006. (I hope I got the whole hunk -
Debian does not mark individual fixes in their diff.)

The patch appears to apply cleanly to the dhcp-2.0pl5-8.src.rpm:
  ftp://ftp.redhat.com/pub/redhat/linux/7.3/en/os/i386/SRPMS/dhcp-2.0pl5-8.src.rpm
(which is the same that shipped with RH72 and RHEL21 afaict, and newer
doesn't seem to be available in the updates either.)

I merely added lines
  Patch3: dhcp.CAN-2004-1006
and 
  %patch3 -p1
to the .spec and upped Release.

Should this fix be pushed via FL73, too?



-- v -- 

v at iki.fi

-------------- next part --------------
--- dhcp-2.0pl5/common/errwarn.c.orig2	Mon Nov  8 10:29:07 2004
+++ dhcp-2.0pl5/common/errwarn.c	Mon Nov  8 10:29:22 2004
@@ -71,7 +71,7 @@ void error (ANSI_DECL(char *) fmt, VA_DO
   va_end (list);
 
 #ifndef DEBUG
-  syslog (log_priority | LOG_ERR, mbuf);
+  syslog (log_priority | LOG_ERR, "%s", mbuf);
 #endif
 
   /* Also log it to stderr? */
@@ -104,7 +104,7 @@ int warn (ANSI_DECL (char *) fmt, VA_DOT
   va_end (list);
 
 #ifndef DEBUG
-  syslog (log_priority | LOG_ERR, mbuf);
+  syslog (log_priority | LOG_ERR, "%s", mbuf);
 #endif
 
   if (log_perror) {
@@ -130,7 +130,7 @@ int note (ANSI_DECL (char *) fmt, VA_DOT
   va_end (list);
 
 #ifndef DEBUG
-  syslog (log_priority | LOG_INFO, mbuf);
+  syslog (log_priority | LOG_INFO, "%s", mbuf);
 #endif
 
   if (log_perror) {
@@ -156,7 +156,7 @@ int debug (ANSI_DECL (char *) fmt, VA_DO
   va_end (list);
 
 #ifndef DEBUG
-  syslog (log_priority | LOG_DEBUG, mbuf);
+  syslog (log_priority | LOG_DEBUG, "%s", mbuf);
 #endif
 
   if (log_perror) {
@@ -231,8 +231,8 @@ int parse_warn (ANSI_DECL (char *) fmt, 
 	va_end (list);
 
 #ifndef DEBUG
-	syslog (log_priority | LOG_ERR, mbuf);
-	syslog (log_priority | LOG_ERR, token_line);
+        syslog (log_priority | LOG_ERR, "%s", mbuf);
+        syslog (log_priority | LOG_ERR, "%s", token_line);
 	if (lexline < 81)
 		syslog (log_priority | LOG_ERR,
 			"%s^", &spaces [sizeof spaces - lexchar]);

More information about the fedora-legacy-list mailing list