[coda] Resolves bz 1037020
Neil Horman
nhorman at fedoraproject.org
Wed Dec 4 20:19:53 UTC 2013
commit 91a32627676a57296522715cf125e9ba01959ca5
Author: Neil Horman <nhorman at tuxdriver.com>
Date: Wed Dec 4 15:19:42 2013 -0500
Resolves bz 1037020
coda-6.9.5-format-secure.patch | 70 ++++++++++++++++++++++++++++++++++++++++
coda.spec | 8 ++++-
2 files changed, 77 insertions(+), 1 deletions(-)
---
diff --git a/coda-6.9.5-format-secure.patch b/coda-6.9.5-format-secure.patch
new file mode 100644
index 0000000..8bdc81d
--- /dev/null
+++ b/coda-6.9.5-format-secure.patch
@@ -0,0 +1,70 @@
+diff -up ./coda-src/auth2/tokentool.c.orig ./coda-src/auth2/tokentool.c
+--- ./coda-src/auth2/tokentool.c.orig 2006-05-24 16:20:16.000000000 -0400
++++ ./coda-src/auth2/tokentool.c 2013-12-04 15:15:58.576713587 -0500
+@@ -40,7 +40,7 @@ static int read_int(char *question)
+ while (1) {
+ if (feof(stdin)) exit(-1);
+
+- fprintf(stdout, question);
++ fprintf(stdout, "%s", question);
+ fflush(stdout);
+
+ fgets(input_str, 80, stdin);
+@@ -61,7 +61,7 @@ static float read_float(char *question)
+ while (1) {
+ if (feof(stdin)) exit(-1);
+
+- fprintf(stdout, question);
++ fprintf(stdout, "%s", question);
+ fflush(stdout);
+
+ fgets(input_str, 80, stdin);
+@@ -80,7 +80,7 @@ char *read_string(char *question)
+ char *resp = (char *)malloc(80+1);
+
+ memset(resp, 0, 80);
+- fprintf(stdout, question);
++ fprintf(stdout, "%s", question);
+ fflush(stdout);
+ fgets(resp, 80, stdin);
+ fflush(stdin);
+diff -up ./coda-src/util/util.c.orig ./coda-src/util/util.c
+--- ./coda-src/util/util.c.orig 2013-12-04 15:16:46.016046314 -0500
++++ ./coda-src/util/util.c 2013-12-04 15:16:06.660940700 -0500
+@@ -46,6 +46,7 @@ extern "C" {
+ #endif
+
+ #include <stdio.h>
++#include <stdarg.h>
+ #include <ctype.h>
+ #include <math.h>
+ #include "coda_string.h"
+@@ -185,23 +186,20 @@ void fdprint(long afd, const char *fmt,
+ void eprint(const char *fmt, ...)
+ {
+ va_list ap;
+- char msg[240];
+- char *cp = msg;
+
+ /* Construct message in buffer and add newline */
+ va_start(ap, fmt);
+- vsnprintf(cp, 239, (const char *)fmt, ap); /* leave 1 char for the "\n" */
+- va_end(ap);
+- cp += strlen(cp);
+- strcat(cp, "\n");
+
+ /* Write to stderr & stdout*/
+ PrintTimeStamp(stdout);
+- fprintf(stdout, msg);
++ vfprintf(stdout, fmt, ap);
++ printf(stdout, "\n");
+ fflush(stdout);
+ PrintTimeStamp(stderr);
+- fprintf(stderr, msg);
++ vfprintf(stderr, fmt, ap);
++ printf(stderr, "\n");
+ fflush(stderr);
++ va_end(ap);
+ }
+
+
diff --git a/coda.spec b/coda.spec
index be7b165..15bc531 100644
--- a/coda.spec
+++ b/coda.spec
@@ -1,6 +1,6 @@
Name: coda
Version: 6.9.5
-Release: 12%{?dist}
+Release: 13%{?dist}
Summary: Coda distributed file system
Group: System Environment/Daemons
License: GPLv2
@@ -15,6 +15,7 @@ Source6: coda-update-slave.service
Patch0: coda-6.9.4-rc2-no-default-krb.patch
Patch1: coda-6.9.5-venus-coda-client-convert.patch
Patch2: coda-6.9.5-vcodacon-configure.patch
+Patch3: coda-6.9.5-format-secure.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: lwp-devel
BuildRequires: rpc2-devel
@@ -105,6 +106,8 @@ system client.
# fix building vcodacon (already fixed differently upstream in git)
%patch2 -p1
+%patch3 -p1
+
# Avoid rerunning autotools
touch -r aclocal.m4 configure configure.ac configs/*.m4
@@ -315,6 +318,9 @@ fi
%changelog
+* Wed Dec 03 2013 Neil Horman <nhorman at redhat.com> - 6.9.5-13
+- Fixed format-secure errors (bz 1037020)
+
* Wed Aug 28 2013 Neil Horman <nhorman at redhat.com> - 6.9.5-12
- Rebuilt with fixed obsoletes tags
More information about the scm-commits
mailing list