diff --git a/afpfs-ng-0.8.1-formatsec.patch b/afpfs-ng-0.8.1-formatsec.patch new file mode 100644 index 0000000..22527b3 --- /dev/null +++ b/afpfs-ng-0.8.1-formatsec.patch @@ -0,0 +1,159 @@ +From 2c76660566d026d430305231e72c259372de4380 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Wed, 4 Dec 2013 23:17:10 +0100 +Subject: [PATCH] Fix build with -Werror=format-security + +Fedora, starting with version 21, will enable this flag in order to limit +potentially insecure uses of format strings. It is required for format strings +to be constant now. +--- + cmdline/cmdline_afp.c | 4 ++-- + cmdline/cmdline_testafp.c | 12 ++++++------ + fuse/client.c | 5 +---- + fuse/commands.c | 4 ++-- + lib/afp_url.c | 12 ++++++------ + 5 files changed, 17 insertions(+), 20 deletions(-) + +diff --git a/cmdline/cmdline_afp.c b/cmdline/cmdline_afp.c +index 827150b..59f0977 100644 +--- a/cmdline/cmdline_afp.c ++++ b/cmdline/cmdline_afp.c +@@ -828,11 +828,11 @@ int com_status(char * arg) + char text[40960]; + + afp_status_header(text,&len); +- printf(text); ++ printf("%s", text); + + len=40960; + afp_status_server(server,text,&len); +- printf(text); ++ printf("%s", text); + return 0; + } + +diff --git a/cmdline/cmdline_testafp.c b/cmdline/cmdline_testafp.c +index c40f2bd..f887aec 100644 +--- a/cmdline/cmdline_testafp.c ++++ b/cmdline/cmdline_testafp.c +@@ -26,12 +26,12 @@ static int test_one_url(char * url_string, + struct afp_url valid_url; + afp_default_url(&valid_url); + valid_url.protocol=protocol; +- sprintf(valid_url.servername,servername); +- sprintf(valid_url.volumename,volumename); +- sprintf(valid_url.path,path); +- sprintf(valid_url.username,username); +- sprintf(valid_url.password,password); +- sprintf(valid_url.uamname,uamname); ++ snprintf(valid_url.servername,sizeof(valid_url.servername),"%s",servername); ++ snprintf(valid_url.volumename,sizeof(valid_url.volumename),"%s",volumename); ++ snprintf(valid_url.path,sizeof(valid_url.path),"%s",path); ++ snprintf(valid_url.username,sizeof(valid_url.username),"%s",username); ++ snprintf(valid_url.password,sizeof(valid_url.password),"%s",password); ++ snprintf(valid_url.uamname,(valid_url.uamname),"%s",uamname); + valid_url.port=port; + + if (afp_url_validate(url_string,&valid_url)) +diff --git a/fuse/client.c b/fuse/client.c +index f795ca6..d19e9ef 100644 +--- a/fuse/client.c ++++ b/fuse/client.c +@@ -509,7 +509,6 @@ static int prepare_buffer(int argc, char * argv[]) + int read_answer(int sock) { + int len=0, expected_len=0, packetlen; + char incoming_buffer[MAX_CLIENT_RESPONSE]; +- char toprint[MAX_CLIENT_RESPONSE+200]; + struct timeval tv; + fd_set rds,ords; + int ret; +@@ -546,9 +545,7 @@ int read_answer(int sock) { + } + + done: +- memset(toprint,0,MAX_CLIENT_RESPONSE+200); +- snprintf(toprint,MAX_CLIENT_RESPONSE+200,"%s",incoming_buffer+sizeof(*answer)); +- printf(toprint); ++ printf("%.200s",incoming_buffer+sizeof(*answer)); + return ((struct afp_server_response *) incoming_buffer)->result; + + return 0; +diff --git a/fuse/commands.c b/fuse/commands.c +index aa7444d..bb06928 100644 +--- a/fuse/commands.c ++++ b/fuse/commands.c +@@ -163,6 +163,7 @@ static void fuse_log_for_client(void * priv, + len = strlen(c->client_string); + snprintf(c->client_string+len, + MAX_CLIENT_RESPONSE-len, ++ "%s", + message); + } else { + +@@ -468,7 +468,7 @@ static int process_mount(struct fuse_client * c) + volume->mapping=req->map; + afp_detect_mapping(volume); + +- snprintf(volume->mountpoint,255,req->mountpoint); ++ snprintf(volume->mountpoint,255,"%s",req->mountpoint); + + /* Create the new thread and block until we get an answer back */ + { +diff --git a/lib/afp_url.c b/lib/afp_url.c +index 42bac1c..f152d7b 100644 +--- a/lib/afp_url.c ++++ b/lib/afp_url.c +@@ -233,7 +233,7 @@ int afp_parse_url(struct afp_url * url, const char * toparse, int verbose) + } + } + +- snprintf(url->servername,strlen(p)+1,p); ++ snprintf(url->servername,strlen(p)+1,"%s",p); + if (check_servername(url->servername)) { + if (verbose) printf("This isn't a valid servername\n"); + return -1; +@@ -263,7 +263,7 @@ int afp_parse_url(struct afp_url * url, const char * toparse, int verbose) + if ((q=escape_strrchr(p,':',":"))) { + *q='\0'; + q++; +- snprintf(url->password,strlen(q)+1,q); ++ snprintf(url->password,strlen(q)+1,"%s",q); + if (check_password(url->password)) { + if (verbose) printf("This isn't a valid passwd\n"); + return -1; +@@ -276,7 +276,7 @@ int afp_parse_url(struct afp_url * url, const char * toparse, int verbose) + if ((q=strstr(p,";AUTH="))) { + *q='\0'; + q+=6; +- snprintf(url->uamname,strlen(q)+1,q); ++ snprintf(url->uamname,strlen(q)+1,"%s",q); + if (check_uamname(url->uamname)) { + if (verbose) printf("This isn't a valid uamname\n"); + return -1; +@@ -284,7 +284,7 @@ int afp_parse_url(struct afp_url * url, const char * toparse, int verbose) + } + + if (strlen(p)>0) { +- snprintf(url->username,strlen(p)+1,p); ++ snprintf(url->username,strlen(p)+1,"%s",p); + if (check_username(url->username)) { + if (verbose) printf("This isn't a valid username\n"); + return -1;; +@@ -304,12 +304,12 @@ parse_secondpart: + *q='\0'; + q++; + } +- snprintf(url->volumename,strlen(p)+1,p); ++ snprintf(url->volumename,strlen(p)+1,"%s",p); + + + if (q) { + url->path[0]='/'; +- snprintf(url->path+1,strlen(q)+1,q); ++ snprintf(url->path+1,strlen(q)+1,"%s",q); + } + + done: +-- +1.8.4.2 + diff --git a/afpfs-ng.spec b/afpfs-ng.spec index 3bdd838..e639d88 100644 --- a/afpfs-ng.spec +++ b/afpfs-ng.spec @@ -5,7 +5,7 @@ Name: afpfs-ng Version: 0.8.1 -Release: 12%{?dist}.3 +Release: 13%{?dist} Summary: Apple Filing Protocol client Group: System Environment/Base @@ -14,7 +14,8 @@ URL: http://alexthepuffin.googlepages.com/home Source0: http://downloads.sourceforge.net/afpfs-ng/%{name}-%{version}.tar.bz2 Patch0: afpfs-ng-0.8.1-overflows.patch Patch1: afpfs-ng-0.8.1-pointer.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +# Sent by e-mail to Alex deVries +Patch2: afpfs-ng-0.8.1-formatsec.patch %{?!_without_fuse:BuildRequires: fuse-devel} BuildRequires: libgcrypt-devel gmp-devel readline-devel @@ -50,6 +51,7 @@ Library for dynamic linking and header files of afpfs-ng. %setup -q %patch0 -p1 -b .overflows %patch1 -p1 -b .pointer +%patch2 -p1 -b .formatsec %build @@ -64,18 +66,12 @@ make %{?_smp_mflags} %install -rm -rf $RPM_BUILD_ROOT -make install DESTDIR=$RPM_BUILD_ROOT -install -d $RPM_BUILD_ROOT%{_includedir}/afpfs-ng -cp -p include/* $RPM_BUILD_ROOT%{_includedir}/afpfs-ng - - -%clean -rm -rf $RPM_BUILD_ROOT +make install DESTDIR=%{buildroot} +install -d %{buildroot}%{_includedir}/afpfs-ng +cp -p include/* %{buildroot}%{_includedir}/afpfs-ng %files -%defattr(-,root,root,-) %{_bindir}/afpcmd %{_bindir}/afpgetstatus %{_mandir}/man1/afpcmd.1* @@ -87,7 +83,6 @@ rm -rf $RPM_BUILD_ROOT %if %{?!_without_fuse:1}0 %files -n fuse-afp -%defattr(-,root,root,-) %{_bindir}/afp_client %{_bindir}/afpfs %{_bindir}/afpfsd @@ -100,7 +95,6 @@ rm -rf $RPM_BUILD_ROOT %files devel -%defattr(-,root,root,-) %{_includedir}/afpfs-ng %{_libdir}/*.so @@ -112,6 +106,10 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Tue Nov 25 2014 - 0.8.1-13 +- Fix mount_afp crash (RHBZ #1165296) +- Backport spec sanitization from F21 spec + * Sat Aug 03 2013 Fedora Release Engineering - 0.8.1-12.3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild