Ar 16/02/2005 am 14:10, ysgrifennodd Joey Hess: > Dafydd Harries wrote: > > Since I don't have a copy of the original security patch, I tried to > > extract the changes by interdiffing the fixed stable version with the > > latest unstable version. The changes to network.c and typespeed.c apply > > cleanly, but the changes to file.c don't. I'm working on resolving those > > conflicts. > > > > Note, however, that my time and Internet access are limited this week, > > and I won't be back home until next Monday, so it may be best for a fix > > to be NMUd. > > If you run out of time, why not send what you have to the bug as I can > try to do a NMU.
Turns out that I was looking at the wrong interdiff (stable fixed package vs. unstable rather than unfixed stable vs. fixed stable) and that the security fix in question applies cleanly to file.c. I've attached the correct interdiff, and a .diff.gz and .dsc for an updated package. Checking this and sponsoring the upload if it looks OK would be very welcome. If there are any problems, please go ahead and NMU since I might not have more time to work on it. Thanks! -- Dafydd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.0 Source: typespeed Version: 0.4.4-8 Binary: typespeed Maintainer: Dafydd Harries <[EMAIL PROTECTED]> Architecture: any Standards-Version: 3.6.1 Build-Depends: debhelper (>> 4), libncurses5-dev Files: 97ca3e3d0323c41ecc4f453f557287ea 38526 typespeed_0.4.4.orig.tar.gz 13f3872783215151a7a6d0406fd4826f 9942 typespeed_0.4.4-8.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCE6r0pD5tJxKCh+gRAmYmAJ92U0gFKe3ERwcGJj1lrqu5vw0VNQCeJVq5 0wjtTpbJ4aMWqAJ9ELm2oS8= =L3c6 -----END PGP SIGNATURE-----
typespeed_0.4.4-8.diff.gz
Description: Binary data
diff -u typespeed-0.4.1/file.c typespeed-0.4.1/file.c
--- typespeed-0.4.1/file.c
+++ typespeed-0.4.1/file.c
@@ -509,8 +509,8 @@
char tmp[10];
char *userhome;
- userhome =
malloc(1+strlen(getenv("HOME"))+strlen(LOCALCONF)*sizeof(char));
- sprintf(userhome,getenv("HOME"));
+ userhome =
malloc((2+strlen(getenv("HOME"))+strlen(LOCALCONF))*sizeof(char));
+ strcpy(userhome,getenv("HOME"));
strcat(userhome,"/");
strcat(userhome,LOCALCONF);
hakemisto = malloc(1026 * sizeof(char));
diff -u typespeed-0.4.1/debian/changelog typespeed-0.4.1/debian/changelog
--- typespeed-0.4.1/debian/changelog
+++ typespeed-0.4.1/debian/changelog
@@ -1,3 +1,11 @@
+typespeed (0.4.1-2.3) stable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team
+ * Applied patch by Ulf Härnhammar to fix format string vulnerability
+ [file.c, CAN-2005-0105]
+
+ -- Martin Schulze <[EMAIL PROTECTED]> Sat, 22 Jan 2005 09:06:48 +0100
+
typespeed (0.4.1-2.2) stable-security; urgency=high
* Non-maintainer upload by the Security Team
