unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
blob 246161ff7cb4ec54fccbcbfc3c51235bda26a1c0 813 bytes (raw)
name: gnu/packages/patches/weex-CVE-2005-3150.patch 	 # note: path name is non-authoritative(*)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

 
From: Leo Famulari <leo@famulari.name>
Date: Sat, 5 Nov 2016 01:35:50 -0400
Subject: Fix CVE-2005-3150 (remotely exploitable format string bug).

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3150

Fix copied from Gentoo and FreeBSD:

https://bugs.gentoo.org/show_bug.cgi?id=107849
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=86833
https://svnweb.freebsd.org/ports/head/ftp/weex/files/patch-src__log.c?revision=143994&view=markup

---
 src/log.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/log.c b/src/log.c
index 5c06339..4174ee0 100644
--- a/src/log.c
+++ b/src/log.c
@@ -183,7 +183,7 @@ void log_flush(void)
 
 	fp=log_open();
 	for(i=0;i<max_log;i++){
-		fprintf(fp,log_str[i]);
+		fprintf(fp,"%s",log_str[i]);
 		free(log_str[i]);
 	}
 	free(log_str);
-- 
2.10.2


debug log:

solving 246161f ...
found 246161f in https://yhetil.org/guix-devel/665ebef4734c7a27067a5f3cdad30e65b562f4f7.1478324741.git.leo@famulari.name/

applying [1/1] https://yhetil.org/guix-devel/665ebef4734c7a27067a5f3cdad30e65b562f4f7.1478324741.git.leo@famulari.name/
diff --git a/gnu/packages/patches/weex-CVE-2005-3150.patch b/gnu/packages/patches/weex-CVE-2005-3150.patch
new file mode 100644
index 0000000..246161f

1:28: trailing whitespace.
 
1:29: space before tab in indent.
 	fp=log_open();
1:30: space before tab in indent.
 	for(i=0;i<max_log;i++){
1:33: space before tab in indent.
 		free(log_str[i]);
1:34: space before tab in indent.
 	}
Checking patch gnu/packages/patches/weex-CVE-2005-3150.patch...
Applied patch gnu/packages/patches/weex-CVE-2005-3150.patch cleanly.
warning: squelched 3 whitespace errors
warning: 8 lines add whitespace errors.

index at:
100644 246161ff7cb4ec54fccbcbfc3c51235bda26a1c0	gnu/packages/patches/weex-CVE-2005-3150.patch

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).