[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 1/1] gnu: weex: Fix CVE-2005-3150.
|
From: |
Leo Famulari |
|
Subject: |
[PATCH 1/1] gnu: weex: Fix CVE-2005-3150. |
|
Date: |
Sat, 5 Nov 2016 01:45:48 -0400 |
* gnu/packages/patches/weex-CVE-2005-3150.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ftp.scm (weex)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/ftp.scm | 3 ++-
gnu/packages/patches/weex-CVE-2005-3150.patch | 32 +++++++++++++++++++++++++++
3 files changed, 35 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/weex-CVE-2005-3150.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 49b6721..c4c0e8d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -893,6 +893,7 @@ dist_patch_DATA =
\
%D%/packages/patches/vtk-mesa-10.patch \
%D%/packages/patches/weechat-python.patch \
%D%/packages/patches/weex-vacopy.patch \
+ %D%/packages/patches/weex-CVE-2005-3150.patch \
%D%/packages/patches/wicd-bitrate-none-fix.patch \
%D%/packages/patches/wicd-get-selected-profile-fix.patch \
%D%/packages/patches/wicd-urwid-1.3.patch \
diff --git a/gnu/packages/ftp.scm b/gnu/packages/ftp.scm
index a112655..149ebe2 100644
--- a/gnu/packages/ftp.scm
+++ b/gnu/packages/ftp.scm
@@ -136,7 +136,8 @@ FTP browser, as well as non-interactive commands such as
'ncftpput' and
(sha256
(base32
"0f5cj5p852wkm24mzy2sxgxyahv2p9rk4wlq21j310pi7wlhgwyl"))
- (patches (search-patches "weex-vacopy.patch"))))
+ (patches (search-patches "weex-vacopy.patch"
+ "weex-CVE-2005-3150.patch"))))
(build-system gnu-build-system)
(arguments
`(#:phases
diff --git a/gnu/packages/patches/weex-CVE-2005-3150.patch
b/gnu/packages/patches/weex-CVE-2005-3150.patch
new file mode 100644
index 0000000..246161f
--- /dev/null
+++ b/gnu/packages/patches/weex-CVE-2005-3150.patch
@@ -0,0 +1,32 @@
+From: Leo Famulari <address@hidden>
+Date: Sat, 5 Nov 2016 01:35:50 -0400
+Subject: Fix CVE-2005-3150 (remotely exploitable format string bug).
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3150
+
+Fix copied from Gentoo and FreeBSD:
+
+https://bugs.gentoo.org/show_bug.cgi?id=107849
+https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=86833
+https://svnweb.freebsd.org/ports/head/ftp/weex/files/patch-src__log.c?revision=143994&view=markup
+
+---
+ src/log.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/log.c b/src/log.c
+index 5c06339..4174ee0 100644
+--- a/src/log.c
++++ b/src/log.c
+@@ -183,7 +183,7 @@ void log_flush(void)
+
+ fp=log_open();
+ for(i=0;i<max_log;i++){
+- fprintf(fp,log_str[i]);
++ fprintf(fp,"%s",log_str[i]);
+ free(log_str[i]);
+ }
+ free(log_str);
+--
+2.10.2
+
--
2.10.2
- [PATCH 1/1] gnu: weex: Fix CVE-2005-3150.,
Leo Famulari <=