Control: tags -1 + patch On Sat, Jun 28, 2025 at 12:41:09PM +0100, Andrew Bower wrote: > A fix has been applied as a patch by Ubuntu: > > https://git.launchpad.net/ubuntu/+source/acct/commit/?id=25e47c5dda4ba79e2debec35cb206b1980c8f8c0 > > I propose that this patch be applied in Debian.
Proposed patch attached.
From 6097d8beeedf37e8773e3ff9c76110c24d9d4788 Mon Sep 17 00:00:00 2001 From: "Matthew L. Dailey" <matthew.l.dai...@dartmouth.edu> Date: Mon, 17 Feb 2025 10:20:50 -0500 Subject: [PATCH 1/2] Import Ubuntu patch for sprintf buffer overflow. (Closes: #1108428) --- .../patches/07_sprintf-buffer-overflow.patch | 18 ++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 19 insertions(+) create mode 100644 debian/patches/07_sprintf-buffer-overflow.patch diff --git a/debian/patches/07_sprintf-buffer-overflow.patch b/debian/patches/07_sprintf-buffer-overflow.patch new file mode 100644 index 0000000..828dce8 --- /dev/null +++ b/debian/patches/07_sprintf-buffer-overflow.patch @@ -0,0 +1,18 @@ +Description: Fix buffer overflow in dev_hash.c +Author: Jan Rybar +Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=2190057 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/2095035 + +Index: acct-6.6.4/dev_hash.c +=================================================================== +--- acct-6.6.4.orig/dev_hash.c ++++ acct-6.6.4/dev_hash.c +@@ -147,7 +147,7 @@ static void setup_devices(char *dirname) + { + char *fullname = (char *) alloca ((strlen (dirname) + + NAMLEN (dp) +- + 1) * sizeof (char)); ++ + 2) * sizeof (char)); /* slash + null; Fedora BZ#2190057 */ + + (void)sprintf (fullname, "%s/%s", dirname, dp->d_name); + if (stat (fullname, &sp)) diff --git a/debian/patches/series b/debian/patches/series index 3bf40bd..be317be 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -4,3 +4,4 @@ 04_Fix-spelling-errors.patch 05_Adapt_dump.acct.8-manpage.patch 06_adapt_dump-utmp.8-manpage.patch +07_sprintf-buffer-overflow.patch -- 2.50.0
From a1f5ff708ba6bdb1b47c7ca3d1f534cbe1acd56d Mon Sep 17 00:00:00 2001 From: Andrew Bower <and...@bower.uk> Date: Fri, 20 Jun 2025 22:16:33 +0100 Subject: [PATCH 2/2] Update metadata on Ubuntu sprintf patch --- debian/patches/07_sprintf-buffer-overflow.patch | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/patches/07_sprintf-buffer-overflow.patch b/debian/patches/07_sprintf-buffer-overflow.patch index 828dce8..d9f8bc5 100644 --- a/debian/patches/07_sprintf-buffer-overflow.patch +++ b/debian/patches/07_sprintf-buffer-overflow.patch @@ -2,6 +2,8 @@ Description: Fix buffer overflow in dev_hash.c Author: Jan Rybar Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=2190057 Bug-Ubuntu: https://bugs.launchpad.net/bugs/2095035 +Bug: http://savannah.gnu.org/bugs/?67028 +Last-Update: 2025-06-20 Index: acct-6.6.4/dev_hash.c =================================================================== -- 2.50.0
signature.asc
Description: PGP signature
