[packages/nagios-ndoutils] - fix format string errors

Wed Dec 4 18:42:18 CET 2013

commit 728c924c271f738095caa9adc1eaaec9d63ae57b
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Wed Dec 4 18:42:08 2013 +0100

    - fix format string errors

 format-security.patch | 28 ++++++++++++++++++++++++++++
 nagios-ndoutils.spec  |  2 ++
 2 files changed, 30 insertions(+)
---

diff --git a/nagios-ndoutils.spec b/nagios-ndoutils.spec
index 00e08b1..e41d42c 100644
--- a/nagios-ndoutils.spec
+++ b/nagios-ndoutils.spec
@@ -19,6 +19,7 @@ Source0:	http://downloads.sourceforge.net/nagios/%{addon}-%{version}.tar.gz
 # Source0-md5:	61460320d0deb8109e7e45e2b717ce1f
 Source1:	ndo2db.init
 Patch0:		config.patch
+Patch1:		format-security.patch
 URL:		http://sourceforge.net/projects/nagios/
 %{?with_mysql:BuildRequires:	mysql-devel}
 %{?with_ssl:BuildRequires:	openssl-devel}
@@ -45,6 +46,7 @@ późniejszego odczytu i przetwarzania.
 %prep
 %setup -q -n %{addon}-%{version}
 %patch0 -p1
+%patch1 -p1
 
 # some typo ;)
 grep -r 20052-2009 -l . | xargs sed -i -e 's,20052-2009,2005-2009,'
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..57763de
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,28 @@
+--- ndoutils-1.5.2/src/queue.c~	2012-06-07 12:21:50.000000000 +0200
++++ ndoutils-1.5.2/src/queue.c	2013-12-04 18:41:24.460952441 +0100
+@@ -77,7 +77,7 @@
+ 		if(msgctl(queue_id, IPC_STAT, &queue_stats)) {
+ 			sprintf(curstats, "Unable to determine current message queue usage: error reading IPC_STAT: %d", errno);
+ 			sprintf(logmsg, logfmt, curstats);
+-			syslog(LOG_ERR, logmsg);
++			syslog(LOG_ERR, "%s", logmsg);
+ 			}
+ 		else {
+ #if defined( __linux__)
+@@ -86,14 +86,14 @@
+ 			if( msgmni < 0) {
+ 				sprintf(curstats, "Unable to determine current message queue usage: error reading IPC_INFO: %d", errno);
+ 				sprintf(logmsg, logfmt, curstats);
+-				syslog(LOG_ERR, logmsg);
++				syslog(LOG_ERR, "%s", logmsg);
+ 				}
+ 			else {
+ 				sprintf(curstats, statsfmt, queue_stats.msg_qnum, 
+ 						(unsigned long)msgmni, queue_stats.__msg_cbytes, 
+ 						queue_stats.msg_qbytes);
+ 				sprintf(logmsg, logfmt, curstats);
+-				syslog(LOG_ERR, logmsg);
++				syslog(LOG_ERR, "%s", logmsg);
+ 				}
+ #else
+ 			sprintf(logmsg, logfmt, "");
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/nagios-ndoutils.git/commitdiff/728c924c271f738095caa9adc1eaaec9d63ae57b

