Fix a compiler error with gcc 8, mozbz#1434070
This commit is contained in:
parent
ccf407af47
commit
0a70bce56d
7
nss.spec
7
nss.spec
@ -9,7 +9,7 @@ Name: nss
|
|||||||
Version: 3.35.0
|
Version: 3.35.0
|
||||||
# for Rawhide, please always use release >= 2
|
# for Rawhide, please always use release >= 2
|
||||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
@ -91,6 +91,7 @@ Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
|||||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
|
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520
|
||||||
Patch59: nss-check-policy-file.patch
|
Patch59: nss-check-policy-file.patch
|
||||||
Patch62: nss-skip-util-gtest.patch
|
Patch62: nss-skip-util-gtest.patch
|
||||||
|
Patch63: sign-sprintf-check.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Network Security Services (NSS) is a set of libraries designed to
|
Network Security Services (NSS) is a set of libraries designed to
|
||||||
@ -174,6 +175,7 @@ low level services.
|
|||||||
pushd nss
|
pushd nss
|
||||||
%patch59 -p1 -b .check_policy_file
|
%patch59 -p1 -b .check_policy_file
|
||||||
%patch62 -p1 -b .skip_util_gtest
|
%patch62 -p1 -b .skip_util_gtest
|
||||||
|
%patch63 -p2 -b .sign-sprintf-check
|
||||||
popd
|
popd
|
||||||
|
|
||||||
#########################################################
|
#########################################################
|
||||||
@ -749,6 +751,9 @@ done
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jan 29 2018 Kai Engert <kaie@redhat.com> - 3.35.0-4
|
||||||
|
- Fix a compiler error with gcc 8, mozbz#1434070
|
||||||
|
|
||||||
* Mon Jan 29 2018 Kai Engert <kaie@redhat.com> - 3.35.0-3
|
* Mon Jan 29 2018 Kai Engert <kaie@redhat.com> - 3.35.0-3
|
||||||
- Stop pulling in nss-pem automatically, packages that need it should
|
- Stop pulling in nss-pem automatically, packages that need it should
|
||||||
depend on it, rhbz#1539401
|
depend on it, rhbz#1539401
|
||||||
|
56
sign-sprintf-check.patch
Normal file
56
sign-sprintf-check.patch
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
diff -up ./nss/cmd/signtool/sign.c.org ./nss/cmd/signtool/sign.c
|
||||||
|
--- ./nss/cmd/signtool/sign.c.org 2018-01-18 15:19:59.000000000 +0100
|
||||||
|
+++ ./nss/cmd/signtool/sign.c 2018-01-29 22:46:32.599450048 +0100
|
||||||
|
@@ -83,7 +83,12 @@ SignArchive(char *tree, char *keyName, c
|
||||||
|
/* rsa/dsa to zip */
|
||||||
|
sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
|
||||||
|
: "rsa"));
|
||||||
|
- sprintf(fullfn, "%s/%s", tree, tempfn);
|
||||||
|
+ if (snprintf(fullfn, FNSIZE, "%s/%s", tree, tempfn) >= FNSIZE) {
|
||||||
|
+ PR_fprintf(errorFD, "buffer overflow, the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n",
|
||||||
|
+ tree);
|
||||||
|
+ errorCount++;
|
||||||
|
+ exit(ERRX);
|
||||||
|
+ }
|
||||||
|
JzipAdd(fullfn, tempfn, zipfile, compression_level);
|
||||||
|
|
||||||
|
/* Loop through all files & subdirectories, add to archive */
|
||||||
|
@@ -93,12 +98,22 @@ SignArchive(char *tree, char *keyName, c
|
||||||
|
}
|
||||||
|
/* mf to zip */
|
||||||
|
strcpy(tempfn, "META-INF/manifest.mf");
|
||||||
|
- sprintf(fullfn, "%s/%s", tree, tempfn);
|
||||||
|
+ if (snprintf(fullfn, FNSIZE, "%s/%s", tree, tempfn) >= FNSIZE) {
|
||||||
|
+ PR_fprintf(errorFD, "buffer overflow, the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n",
|
||||||
|
+ tree);
|
||||||
|
+ errorCount++;
|
||||||
|
+ exit(ERRX);
|
||||||
|
+ }
|
||||||
|
JzipAdd(fullfn, tempfn, zipfile, compression_level);
|
||||||
|
|
||||||
|
/* sf to zip */
|
||||||
|
sprintf(tempfn, "META-INF/%s.sf", base);
|
||||||
|
- sprintf(fullfn, "%s/%s", tree, tempfn);
|
||||||
|
+ if (snprintf(fullfn, FNSIZE, "%s/%s", tree, tempfn) >= FNSIZE) {
|
||||||
|
+ PR_fprintf(errorFD, "buffer overflow, the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n",
|
||||||
|
+ tree);
|
||||||
|
+ errorCount++;
|
||||||
|
+ exit(ERRX);
|
||||||
|
+ }
|
||||||
|
JzipAdd(fullfn, tempfn, zipfile, compression_level);
|
||||||
|
|
||||||
|
/* Add the rsa/dsa file to the zip archive normally */
|
||||||
|
@@ -106,7 +121,12 @@ SignArchive(char *tree, char *keyName, c
|
||||||
|
/* rsa/dsa to zip */
|
||||||
|
sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
|
||||||
|
: "rsa"));
|
||||||
|
- sprintf(fullfn, "%s/%s", tree, tempfn);
|
||||||
|
+ if (snprintf(fullfn, FNSIZE, "%s/%s", tree, tempfn) >= FNSIZE) {
|
||||||
|
+ PR_fprintf(errorFD, "buffer overflow, the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n",
|
||||||
|
+ tree);
|
||||||
|
+ errorCount++;
|
||||||
|
+ exit(ERRX);
|
||||||
|
+ }
|
||||||
|
JzipAdd(fullfn, tempfn, zipfile, compression_level);
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user