Merge branch 'cves' into 'master'

CVE catch up, part one See merge request adelie/packages!307
author: A. Wilcox <awilcox@wilcox-tech.com> 2019-08-04 22:53:11 +0000
committer: A. Wilcox <awilcox@wilcox-tech.com> 2019-08-04 22:53:11 +0000
commit: 2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9 (patch)
tree: c99a2ff0b1366a5f6bb2d61b13916acb3012cea6 /user/plib/CVE-2012-4552.patch
parent: 8410df6cbcf43832292026f4487ca2642be5cf15 (diff)
parent: 3c0917832c46ca76601c4e2e7388c4570bfbcb86 (diff)
download: packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.gz
packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.bz2
packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.xz
packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.zip
1 files changed, 54 insertions, 0 deletions
diff --git a/user/plib/CVE-2012-4552.patch b/user/plib/CVE-2012-4552.patch
new file mode 100644
index 000000000..78f1b22ae
--- /dev/null
+++ b/user/plib/CVE-2012-4552.patch
@@ -0,0 +1,54 @@
+--- plib-1.8.5/src/ssg/ssgParser.cxx~
++++ plib-1.8.5/src/ssg/ssgParser.cxx
+@@ -57,18 +57,16 @@ void _ssgParser::error( const char *form
+   char msgbuff[ 255 ];
+   va_list argp;
+ 
+-  char* msgptr = msgbuff;
+-  if (linenum)
+-  {
+-    msgptr += sprintf ( msgptr,"%s, line %d: ",
+-      path, linenum );
+-  }
+-
+   va_start( argp, format );
+-  vsprintf( msgptr, format, argp );
++  vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
+   va_end( argp );
+ 
+-  ulSetError ( UL_WARNING, "%s", msgbuff ) ;
++  if (linenum)
++  {
++    ulSetError ( UL_WARNING, "%s, line %d: %s", path, linenum, msgbuff ) ;
++  } else {
++    ulSetError ( UL_WARNING, "%s", msgbuff ) ;
++  }
+ }
+ 
+ 
+@@ -78,18 +76,16 @@ void _ssgParser::message( const char *fo
+   char msgbuff[ 255 ];
+   va_list argp;
+ 
+-  char* msgptr = msgbuff;
+-  if (linenum)
+-  {
+-    msgptr += sprintf ( msgptr,"%s, line %d: ",
+-      path, linenum );
+-  }
+-
+   va_start( argp, format );
+-  vsprintf( msgptr, format, argp );
++  vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
+   va_end( argp );
+ 
+-  ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
++  if (linenum)
++  {
++    ulSetError ( UL_DEBUG, "%s, line %d: %s", path, linenum, msgbuff ) ;
++  } else {
++    ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
++  }
+ }
+ 
+ // Opens the file and does a few internal calculations based on the spec.
author	A. Wilcox <awilcox@wilcox-tech.com>	2019-08-04 22:53:11 +0000
committer	A. Wilcox <awilcox@wilcox-tech.com>	2019-08-04 22:53:11 +0000
commit	2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9 (patch)
tree	c99a2ff0b1366a5f6bb2d61b13916acb3012cea6 /user/plib/CVE-2012-4552.patch
parent	8410df6cbcf43832292026f4487ca2642be5cf15 (diff)
parent	3c0917832c46ca76601c4e2e7388c4570bfbcb86 (diff)
download	packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.gz packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.bz2 packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.tar.xz packages-2d76f59134fc1cbd5ea3704b6d79761ffa50d6a9.zip