From 99c9d550cf51fd10615137bfac811d74630b3298 Mon Sep 17 00:00:00 2001 From: Sebastian Harl Date: Thu, 24 Jan 2013 16:06:06 +0100 Subject: [PATCH] patches: Added format-security; fixing a missing printf-style format argument. --- debian/changelog | 1 + debian/patches/format-security | 18 ++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 20 insertions(+) create mode 100644 debian/patches/format-security diff --git a/debian/changelog b/debian/changelog index c009762..262264b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -17,6 +17,7 @@ pnp4nagios (0.6.19-1) UNRELEASED; urgency=low (cf. #684420). * debian/patches: - fix-npcd-path updated for 0.6.19. + - Added format-security; fixing a missing printf-style format argument. * debian/rules: - Manually clean-up auto-generated scripts/rrd_modify.pl. * debian/icinga-module.cfg, debian/rules: diff --git a/debian/patches/format-security b/debian/patches/format-security new file mode 100644 index 0000000..5de4e84 --- /dev/null +++ b/debian/patches/format-security @@ -0,0 +1,18 @@ +Description: Fixed a missing printf-style format argument. + This was identified by GCC's format-security check which forbids any non + string literals to be used as format argument. +Author: Sebastian Harl +Forwarded: yes + +diff a/src/logging.c b/src/logging.c +--- a/src/logging.c ++++ b/src/logging.c +@@ -27,7 +27,7 @@ extern int max_logfile_size; + + int do_log(char *message) { + if (use_syslog) { +- syslog(LOG_NOTICE, message); ++ syslog(LOG_NOTICE, "%s", message); + return OK; + } else if (use_syslog == FALSE) { + if (write_log(message)==0) diff --git a/debian/patches/series b/debian/patches/series index 78f6972..c760587 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,3 +3,4 @@ apache-fix-path-to-userfile fix-npcd-path fix-nagios-url adjust-template-path +format-security -- 2.30.2