[afpfs-ng/f20] is a combination of 6 commits. Backport spec sanitization from F21 spec Fix mount_afp crash (RHBZ #
Haïkel Guémar
hguemar at fedoraproject.org
Tue Nov 25 23:00:19 UTC 2014
commit 5cfeb917640a1aaa357d12f34023b6a9fd028e0e
Author: Lubomir Rintel <lkundrak at v3.sk>
Date: Thu Oct 24 11:39:53 2013 +0200
is a combination of 6 commits.
Backport spec sanitization from F21 spec
Fix mount_afp crash (RHBZ #1165296)
afpfs-ng-0.8.1-formatsec.patch | 159 ++++++++++++++++++++++++++++++++++++++++
afpfs-ng.spec | 24 +++---
2 files changed, 170 insertions(+), 13 deletions(-)
---
diff --git a/afpfs-ng-0.8.1-formatsec.patch b/afpfs-ng-0.8.1-formatsec.patch
new file mode 100644
index 0000000..22527b3
--- /dev/null
+++ b/afpfs-ng-0.8.1-formatsec.patch
@@ -0,0 +1,159 @@
+From 2c76660566d026d430305231e72c259372de4380 Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak at v3.sk>
+Date: Wed, 4 Dec 2013 23:17:10 +0100
+Subject: [PATCH] Fix build with -Werror=format-security
+
+Fedora, starting with version 21, will enable this flag in order to limit
+potentially insecure uses of format strings. It is required for format strings
+to be constant now.
+---
+ cmdline/cmdline_afp.c | 4 ++--
+ cmdline/cmdline_testafp.c | 12 ++++++------
+ fuse/client.c | 5 +----
+ fuse/commands.c | 4 ++--
+ lib/afp_url.c | 12 ++++++------
+ 5 files changed, 17 insertions(+), 20 deletions(-)
+
+diff --git a/cmdline/cmdline_afp.c b/cmdline/cmdline_afp.c
+index 827150b..59f0977 100644
+--- a/cmdline/cmdline_afp.c
++++ b/cmdline/cmdline_afp.c
+@@ -828,11 +828,11 @@ int com_status(char * arg)
+ char text[40960];
+
+ afp_status_header(text,&len);
+- printf(text);
++ printf("%s", text);
+
+ len=40960;
+ afp_status_server(server,text,&len);
+- printf(text);
++ printf("%s", text);
+ return 0;
+ }
+
+diff --git a/cmdline/cmdline_testafp.c b/cmdline/cmdline_testafp.c
+index c40f2bd..f887aec 100644
+--- a/cmdline/cmdline_testafp.c
++++ b/cmdline/cmdline_testafp.c
+@@ -26,12 +26,12 @@ static int test_one_url(char * url_string,
+ struct afp_url valid_url;
+ afp_default_url(&valid_url);
+ valid_url.protocol=protocol;
+- sprintf(valid_url.servername,servername);
+- sprintf(valid_url.volumename,volumename);
+- sprintf(valid_url.path,path);
+- sprintf(valid_url.username,username);
+- sprintf(valid_url.password,password);
+- sprintf(valid_url.uamname,uamname);
++ snprintf(valid_url.servername,sizeof(valid_url.servername),"%s",servername);
++ snprintf(valid_url.volumename,sizeof(valid_url.volumename),"%s",volumename);
++ snprintf(valid_url.path,sizeof(valid_url.path),"%s",path);
++ snprintf(valid_url.username,sizeof(valid_url.username),"%s",username);
++ snprintf(valid_url.password,sizeof(valid_url.password),"%s",password);
++ snprintf(valid_url.uamname,(valid_url.uamname),"%s",uamname);
+ valid_url.port=port;
+
+ if (afp_url_validate(url_string,&valid_url))
+diff --git a/fuse/client.c b/fuse/client.c
+index f795ca6..d19e9ef 100644
+--- a/fuse/client.c
++++ b/fuse/client.c
+@@ -509,7 +509,6 @@ static int prepare_buffer(int argc, char * argv[])
+ int read_answer(int sock) {
+ int len=0, expected_len=0, packetlen;
+ char incoming_buffer[MAX_CLIENT_RESPONSE];
+- char toprint[MAX_CLIENT_RESPONSE+200];
+ struct timeval tv;
+ fd_set rds,ords;
+ int ret;
+@@ -546,9 +545,7 @@ int read_answer(int sock) {
+ }
+
+ done:
+- memset(toprint,0,MAX_CLIENT_RESPONSE+200);
+- snprintf(toprint,MAX_CLIENT_RESPONSE+200,"%s",incoming_buffer+sizeof(*answer));
+- printf(toprint);
++ printf("%.200s",incoming_buffer+sizeof(*answer));
+ return ((struct afp_server_response *) incoming_buffer)->result;
+
+ return 0;
+diff --git a/fuse/commands.c b/fuse/commands.c
+index aa7444d..bb06928 100644
+--- a/fuse/commands.c
++++ b/fuse/commands.c
+@@ -163,6 +163,7 @@ static void fuse_log_for_client(void * priv,
+ len = strlen(c->client_string);
+ snprintf(c->client_string+len,
+ MAX_CLIENT_RESPONSE-len,
++ "%s",
+ message);
+ } else {
+
+@@ -468,7 +468,7 @@ static int process_mount(struct fuse_client * c)
+ volume->mapping=req->map;
+ afp_detect_mapping(volume);
+
+- snprintf(volume->mountpoint,255,req->mountpoint);
++ snprintf(volume->mountpoint,255,"%s",req->mountpoint);
+
+ /* Create the new thread and block until we get an answer back */
+ {
+diff --git a/lib/afp_url.c b/lib/afp_url.c
+index 42bac1c..f152d7b 100644
+--- a/lib/afp_url.c
++++ b/lib/afp_url.c
+@@ -233,7 +233,7 @@ int afp_parse_url(struct afp_url * url, const char * toparse, int verbose)
+ }
+ }
+
+- snprintf(url->servername,strlen(p)+1,p);
++ snprintf(url->servername,strlen(p)+1,"%s",p);
+ if (check_servername(url->servername)) {
+ if (verbose) printf("This isn't a valid servername\n");
+ return -1;
+@@ -263,7 +263,7 @@ int afp_parse_url(struct afp_url * url, const char * toparse, int verbose)
+ if ((q=escape_strrchr(p,':',":"))) {
+ *q='\0';
+ q++;
+- snprintf(url->password,strlen(q)+1,q);
++ snprintf(url->password,strlen(q)+1,"%s",q);
+ if (check_password(url->password)) {
+ if (verbose) printf("This isn't a valid passwd\n");
+ return -1;
+@@ -276,7 +276,7 @@ int afp_parse_url(struct afp_url * url, const char * toparse, int verbose)
+ if ((q=strstr(p,";AUTH="))) {
+ *q='\0';
+ q+=6;
+- snprintf(url->uamname,strlen(q)+1,q);
++ snprintf(url->uamname,strlen(q)+1,"%s",q);
+ if (check_uamname(url->uamname)) {
+ if (verbose) printf("This isn't a valid uamname\n");
+ return -1;
+@@ -284,7 +284,7 @@ int afp_parse_url(struct afp_url * url, const char * toparse, int verbose)
+ }
+
+ if (strlen(p)>0) {
+- snprintf(url->username,strlen(p)+1,p);
++ snprintf(url->username,strlen(p)+1,"%s",p);
+ if (check_username(url->username)) {
+ if (verbose) printf("This isn't a valid username\n");
+ return -1;;
+@@ -304,12 +304,12 @@ parse_secondpart:
+ *q='\0';
+ q++;
+ }
+- snprintf(url->volumename,strlen(p)+1,p);
++ snprintf(url->volumename,strlen(p)+1,"%s",p);
+
+
+ if (q) {
+ url->path[0]='/';
+- snprintf(url->path+1,strlen(q)+1,q);
++ snprintf(url->path+1,strlen(q)+1,"%s",q);
+ }
+
+ done:
+--
+1.8.4.2
+
diff --git a/afpfs-ng.spec b/afpfs-ng.spec
index 3bdd838..e639d88 100644
--- a/afpfs-ng.spec
+++ b/afpfs-ng.spec
@@ -5,7 +5,7 @@
Name: afpfs-ng
Version: 0.8.1
-Release: 12%{?dist}.3
+Release: 13%{?dist}
Summary: Apple Filing Protocol client
Group: System Environment/Base
@@ -14,7 +14,8 @@ URL: http://alexthepuffin.googlepages.com/home
Source0: http://downloads.sourceforge.net/afpfs-ng/%{name}-%{version}.tar.bz2
Patch0: afpfs-ng-0.8.1-overflows.patch
Patch1: afpfs-ng-0.8.1-pointer.patch
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+# Sent by e-mail to Alex deVries <alexthepuffin at gmail.com>
+Patch2: afpfs-ng-0.8.1-formatsec.patch
%{?!_without_fuse:BuildRequires: fuse-devel}
BuildRequires: libgcrypt-devel gmp-devel readline-devel
@@ -50,6 +51,7 @@ Library for dynamic linking and header files of afpfs-ng.
%setup -q
%patch0 -p1 -b .overflows
%patch1 -p1 -b .pointer
+%patch2 -p1 -b .formatsec
%build
@@ -64,18 +66,12 @@ make %{?_smp_mflags}
%install
-rm -rf $RPM_BUILD_ROOT
-make install DESTDIR=$RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT%{_includedir}/afpfs-ng
-cp -p include/* $RPM_BUILD_ROOT%{_includedir}/afpfs-ng
-
-
-%clean
-rm -rf $RPM_BUILD_ROOT
+make install DESTDIR=%{buildroot}
+install -d %{buildroot}%{_includedir}/afpfs-ng
+cp -p include/* %{buildroot}%{_includedir}/afpfs-ng
%files
-%defattr(-,root,root,-)
%{_bindir}/afpcmd
%{_bindir}/afpgetstatus
%{_mandir}/man1/afpcmd.1*
@@ -87,7 +83,6 @@ rm -rf $RPM_BUILD_ROOT
%if %{?!_without_fuse:1}0
%files -n fuse-afp
-%defattr(-,root,root,-)
%{_bindir}/afp_client
%{_bindir}/afpfs
%{_bindir}/afpfsd
@@ -100,7 +95,6 @@ rm -rf $RPM_BUILD_ROOT
%files devel
-%defattr(-,root,root,-)
%{_includedir}/afpfs-ng
%{_libdir}/*.so
@@ -112,6 +106,10 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Tue Nov 25 2014 <hguemar at fedoraproject.org> - 0.8.1-13
+- Fix mount_afp crash (RHBZ #1165296)
+- Backport spec sanitization from F21 spec
+
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.8.1-12.3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
More information about the scm-commits
mailing list