From: Leo Famulari <leo@famulari.name>
To: guix-devel@gnu.org
Subject: [PATCH 1/1] gnu: weex: Fix CVE-2005-3150.
Date: Sat, 5 Nov 2016 01:45:48 -0400 [thread overview]
Message-ID: <665ebef4734c7a27067a5f3cdad30e65b562f4f7.1478324741.git.leo@famulari.name> (raw)
* gnu/packages/patches/weex-CVE-2005-3150.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ftp.scm (weex)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/ftp.scm | 3 ++-
gnu/packages/patches/weex-CVE-2005-3150.patch | 32 +++++++++++++++++++++++++++
3 files changed, 35 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/weex-CVE-2005-3150.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 49b6721..c4c0e8d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -893,6 +893,7 @@ dist_patch_DATA = \
%D%/packages/patches/vtk-mesa-10.patch \
%D%/packages/patches/weechat-python.patch \
%D%/packages/patches/weex-vacopy.patch \
+ %D%/packages/patches/weex-CVE-2005-3150.patch \
%D%/packages/patches/wicd-bitrate-none-fix.patch \
%D%/packages/patches/wicd-get-selected-profile-fix.patch \
%D%/packages/patches/wicd-urwid-1.3.patch \
diff --git a/gnu/packages/ftp.scm b/gnu/packages/ftp.scm
index a112655..149ebe2 100644
--- a/gnu/packages/ftp.scm
+++ b/gnu/packages/ftp.scm
@@ -136,7 +136,8 @@ FTP browser, as well as non-interactive commands such as 'ncftpput' and
(sha256
(base32
"0f5cj5p852wkm24mzy2sxgxyahv2p9rk4wlq21j310pi7wlhgwyl"))
- (patches (search-patches "weex-vacopy.patch"))))
+ (patches (search-patches "weex-vacopy.patch"
+ "weex-CVE-2005-3150.patch"))))
(build-system gnu-build-system)
(arguments
`(#:phases
diff --git a/gnu/packages/patches/weex-CVE-2005-3150.patch b/gnu/packages/patches/weex-CVE-2005-3150.patch
new file mode 100644
index 0000000..246161f
--- /dev/null
+++ b/gnu/packages/patches/weex-CVE-2005-3150.patch
@@ -0,0 +1,32 @@
+From: Leo Famulari <leo@famulari.name>
+Date: Sat, 5 Nov 2016 01:35:50 -0400
+Subject: Fix CVE-2005-3150 (remotely exploitable format string bug).
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3150
+
+Fix copied from Gentoo and FreeBSD:
+
+https://bugs.gentoo.org/show_bug.cgi?id=107849
+https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=86833
+https://svnweb.freebsd.org/ports/head/ftp/weex/files/patch-src__log.c?revision=143994&view=markup
+
+---
+ src/log.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/log.c b/src/log.c
+index 5c06339..4174ee0 100644
+--- a/src/log.c
++++ b/src/log.c
+@@ -183,7 +183,7 @@ void log_flush(void)
+
+ fp=log_open();
+ for(i=0;i<max_log;i++){
+- fprintf(fp,log_str[i]);
++ fprintf(fp,"%s",log_str[i]);
+ free(log_str[i]);
+ }
+ free(log_str);
+--
+2.10.2
+
--
2.10.2
next reply other threads:[~2016-11-05 5:46 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-05 5:45 Leo Famulari [this message]
2016-11-05 10:53 ` [PATCH 1/1] gnu: weex: Fix CVE-2005-3150 Marius Bakke
2016-11-05 17:53 ` Leo Famulari
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=665ebef4734c7a27067a5f3cdad30e65b562f4f7.1478324741.git.leo@famulari.name \
--to=leo@famulari.name \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.