rpms/vnstat/devel vnstat-1.9-overflow.patch, NONE, 1.1 vnstat.spec, 1.16, 1.17

Robert Scheck robert at fedoraproject.org
Sat Dec 26 15:45:45 UTC 2009 

Author: robert

Update of /cvs/pkgs/rpms/vnstat/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2560

Modified Files:
	vnstat.spec 
Added Files:
	vnstat-1.9-overflow.patch 
Log Message:
Work around a buffer overflow in vnstati until 1.10 (#550635)


vnstat-1.9-overflow.patch:
 image.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE vnstat-1.9-overflow.patch ---
Workaround by Teemu Toivola <tst at iki.fi> for vnstat <= 1.9, which solves
a buffer overflow in vnstati. See Red Hat Bugzilla ID #550635 for details.

--- vnstat-1.9/src/image.c		2009-09-10 19:15:56.000000000 +0200
+++ vnstat-1.9/src/image.c.overflow	2009-12-26 16:39:36.000000000 +0100
@@ -1398,7 +1398,7 @@
 
 char *getimagescale(uint64_t kb, int rate)
 {
-	static char buffer[6];
+	static char buffer[7];
 	uint32_t limit[3];
 	int unit;
 	


Index: vnstat.spec
===================================================================
RCS file: /cvs/pkgs/rpms/vnstat/devel/vnstat.spec,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -p -r1.16 -r1.17
--- vnstat.spec	26 Dec 2009 13:26:10 -0000	1.16
+++ vnstat.spec	26 Dec 2009 15:45:45 -0000	1.17
@@ -1,12 +1,13 @@
 Summary: Console-based network traffic monitor
 Name: vnstat
 Version: 1.9
-Release: 1%{?dist}
+Release: 2%{?dist}
 
 License: GPLv2
 Group: System Environment/Daemons
 URL: http://humdi.net/vnstat/
 Source: http://humdi.net/vnstat/vnstat-%{version}.tar.gz
+Patch0: vnstat-1.9-overflow.patch
 Requires(pre): shadow-utils
 Requires(post): chkconfig
 Requires(preun): chkconfig
@@ -23,6 +24,7 @@ be used without root permissions. See th
 
 %prep
 %setup -q
+%patch0 -p1 -b .overflow
 
 # disable maximum bandwidth setting
 %{__sed} -e "s,MaxBandwidth 100,MaxBandwidth 0,g" \
@@ -129,6 +131,9 @@ fi
 %attr(-,vnstat,vnstat)%{_localstatedir}/lib/%{name}
 
 %changelog
+* Sat Dec 26 2009 Robert Scheck <robert at fedoraproject.org> - 1.9-2
+- Work around a buffer overflow in vnstati until 1.10 (#550635)
+
 * Sat Dec 26 2009 Robert Scheck <robert at fedoraproject.org> - 1.9-1
 - Upgrade to 1.9 and make rpmlint more silent
 - Make %%pre script with useradd more conform to guidelines

More information about the fedora-extras-commits mailing list