[rekall] add format-security fixes

Tom Callaway spot at fedoraproject.org
Tue Dec 10 19:15:51 UTC 2013


commit 2ec3a23914baf4558cd87924204e57b172f164ed
Author: Tom Callaway <spot at fedoraproject.org>
Date:   Tue Dec 10 14:15:53 2013 -0500

    add format-security fixes

 rekall-2.4.6-format-security.patch |   12 ++++++++++++
 rekall.spec                        |    5 ++++-
 2 files changed, 16 insertions(+), 1 deletions(-)
---
diff --git a/rekall-2.4.6-format-security.patch b/rekall-2.4.6-format-security.patch
new file mode 100644
index 0000000..d81e388
--- /dev/null
+++ b/rekall-2.4.6-format-security.patch
@@ -0,0 +1,12 @@
+diff -up rekall-2.4.6/support/dbtcp/dbug.c.format-security rekall-2.4.6/support/dbtcp/dbug.c
+--- rekall-2.4.6/support/dbtcp/dbug.c.format-security	2013-12-10 14:01:33.668988176 -0500
++++ rekall-2.4.6/support/dbtcp/dbug.c	2013-12-10 14:01:45.023970972 -0500
+@@ -1181,7 +1181,7 @@ Indent (indent)
+ 	}
+     }
+   buffer[count] = EOS;
+-  (VOID) fprintf (_db_fp_, buffer);
++  (VOID) fprintf (_db_fp_, "%s", buffer);
+   (VOID) fflush (_db_fp_);
+ }
+ 
diff --git a/rekall.spec b/rekall.spec
index 834de6d..7f6e998 100644
--- a/rekall.spec
+++ b/rekall.spec
@@ -3,7 +3,7 @@
 Name:		rekall
 Summary:	A KDE database front-end application
 Version:	2.4.6
-Release:	23%{?dist}
+Release:	24%{?dist}
 Group:		Development/Tools
 License:	GPLv2
 URL:		http://www.rekallrevealed.org/
@@ -22,6 +22,7 @@ Patch12:	rekall-unixODBCfix.patch
 Patch13:	rekall-2.4.6-fix-desktop-icon.patch
 Patch14:	rekall-gcc45.patch
 Patch15:	rekall-2.4.6-unistd.patch
+Patch16:	rekall-2.4.6-format-security.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	python-devel, mysql-devel, postgresql-devel, unixODBC-devel
 BuildRequires:	kdelibs3-devel, desktop-file-utils, libacl-devel
@@ -135,6 +136,8 @@ SQLite components and scripts for Rekall.
 %patch14 -p1 -b .gcc45
 # Fix rekall build against gcc47
 %patch15 -p1 -b .gcc47
+# Fix format-security issues
+%patch16 -p1 -b .format-security
 
 rm -rf libs/el32/hash.cpp.orig libs/kbase/kb_parse.cpp.orig libs/kbase/kb_link.cpp.orig
 


More information about the scm-commits mailing list