[traceroute] fix format-security issues
Dmitry Butskoy
buc at fedoraproject.org
Tue Dec 3 15:23:40 UTC 2013
commit 8d7a2fd6285f4ed83dd06ef7331bdb1c45344db4
Author: Dmitry Butskoy <Dmitry at Butskoy.name>
Date: Tue Dec 3 19:23:21 2013 +0400
fix format-security issues
traceroute-2.0.19-printf.patch | 24 ++++++++++++++++++++++++
traceroute.spec | 7 ++++++-
2 files changed, 30 insertions(+), 1 deletions(-)
---
diff --git a/traceroute-2.0.19-printf.patch b/traceroute-2.0.19-printf.patch
new file mode 100644
index 0000000..6977b5f
--- /dev/null
+++ b/traceroute-2.0.19-printf.patch
@@ -0,0 +1,24 @@
+diff -Nrbu traceroute-2.0.19/libsupp/clif.c traceroute-2.0.19-OK/libsupp/clif.c
+--- traceroute-2.0.19/libsupp/clif.c 2007-08-06 19:20:17.000000000 +0400
++++ traceroute-2.0.19-OK/libsupp/clif.c 2013-12-03 19:18:36.100333217 +0400
+@@ -792,9 +792,9 @@
+ if (l > 0) {
+ memset (buf, ' ', l);
+ buf[l] = '\0';
+- fprintf (stderr, buf);
++ fprintf (stderr, "%s", buf);
+ } else
+- fprintf (stderr, spacer);
++ fprintf (stderr, "%s", spacer);
+
+
+ endp = buf + width;
+@@ -833,7 +833,7 @@
+
+ *p = '\0';
+ fprintf (stderr, "%s", buf);
+- fprintf (stderr, spacer);
++ fprintf (stderr, "%s", spacer);
+
+ p++;
+ for (s = buf; *p; *s++ = *p++) ;
diff --git a/traceroute.spec b/traceroute.spec
index 5647939..e4ac4fa 100644
--- a/traceroute.spec
+++ b/traceroute.spec
@@ -2,12 +2,13 @@ Summary: Traces the route taken by packets over an IPv4/IPv6 network
Name: traceroute
Epoch: 3
Version: 2.0.19
-Release: 4%{?dist}
+Release: 5%{?dist}
Group: Applications/Internet
License: GPLv2+
URL: http://traceroute.sourceforge.net
Source0: http://downloads.sourceforge.net/project/traceroute/traceroute/traceroute-%{version}/traceroute-%{version}.tar.gz
Patch0: traceroute-2.0.19-man.patch
+Patch1: traceroute-2.0.19-printf.patch
Provides: tcptraceroute = 1.5-1
Obsoletes: tcptraceroute < 1.5-1
@@ -28,6 +29,7 @@ problems.
%prep
%setup -q
%patch0 -p1
+%patch1 -p1
%build
@@ -61,6 +63,9 @@ popd
%changelog
+* Tue Dec 3 2013 Dmitry Butskoy <Dmitry at Butskoy.name> - 3:2.0.19-5
+- fix format-security issue (#1037363)
+
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3:2.0.19-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
More information about the scm-commits
mailing list