[packages/nagios-ndoutils] - fix format string errors

Wed, 04 Dec 2013 09:43:10 -0800 

commit 728c924c271f738095caa9adc1eaaec9d63ae57b
Author: Jan Rękorajski <[email protected]>
Date:   Wed Dec 4 18:42:08 2013 +0100

    - fix format string errors

 format-security.patch | 28 ++++++++++++++++++++++++++++
 nagios-ndoutils.spec  |  2 ++
 2 files changed, 30 insertions(+)
---
diff --git a/nagios-ndoutils.spec b/nagios-ndoutils.spec
index 00e08b1..e41d42c 100644
--- a/nagios-ndoutils.spec
+++ b/nagios-ndoutils.spec
@@ -19,6 +19,7 @@ Source0:      
http://downloads.sourceforge.net/nagios/%{addon}-%{version}.tar.gz
 # Source0-md5: 61460320d0deb8109e7e45e2b717ce1f
 Source1:       ndo2db.init
 Patch0:                config.patch
+Patch1:                format-security.patch
 URL:           http://sourceforge.net/projects/nagios/
 %{?with_mysql:BuildRequires:   mysql-devel}
 %{?with_ssl:BuildRequires:     openssl-devel}
@@ -45,6 +46,7 @@ późniejszego odczytu i przetwarzania.
 %prep
 %setup -q -n %{addon}-%{version}
 %patch0 -p1
+%patch1 -p1
 
 # some typo ;)
 grep -r 20052-2009 -l . | xargs sed -i -e 's,20052-2009,2005-2009,'
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..57763de
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,28 @@
+--- ndoutils-1.5.2/src/queue.c~        2012-06-07 12:21:50.000000000 +0200
++++ ndoutils-1.5.2/src/queue.c 2013-12-04 18:41:24.460952441 +0100
+@@ -77,7 +77,7 @@
+               if(msgctl(queue_id, IPC_STAT, &queue_stats)) {
+                       sprintf(curstats, "Unable to determine current message 
queue usage: error reading IPC_STAT: %d", errno);
+                       sprintf(logmsg, logfmt, curstats);
+-                      syslog(LOG_ERR, logmsg);
++                      syslog(LOG_ERR, "%s", logmsg);
+                       }
+               else {
+ #if defined( __linux__)
+@@ -86,14 +86,14 @@
+                       if( msgmni < 0) {
+                               sprintf(curstats, "Unable to determine current 
message queue usage: error reading IPC_INFO: %d", errno);
+                               sprintf(logmsg, logfmt, curstats);
+-                              syslog(LOG_ERR, logmsg);
++                              syslog(LOG_ERR, "%s", logmsg);
+                               }
+                       else {
+                               sprintf(curstats, statsfmt, 
queue_stats.msg_qnum, 
+                                               (unsigned long)msgmni, 
queue_stats.__msg_cbytes, 
+                                               queue_stats.msg_qbytes);
+                               sprintf(logmsg, logfmt, curstats);
+-                              syslog(LOG_ERR, logmsg);
++                              syslog(LOG_ERR, "%s", logmsg);
+                               }
+ #else
+                       sprintf(logmsg, logfmt, "");
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/nagios-ndoutils.git/commitdiff/728c924c271f738095caa9adc1eaaec9d63ae57b

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to