Package: rtkit
Version: 0.11-4
Severity: important
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear Maintainer,
rtkit uses dbus_message_new_error_printf in an unsafe way, which also causes
it to FTBFS when it builds against a newer dbus version (e.g. 1.11.8 and
newer, available in experimental):
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c: In function 'dbus_handler':
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c:1336:25: error: format not
a string literal and no format arguments [-Werror=format-security]
assert_se(r = dbus_message_new_error_printf(m,
translate_error_forward(ret), strerror(-ret)));
^
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c:1361:25: error: format not
a string literal and no format arguments [-Werror=format-security]
assert_se(r = dbus_message_new_error_printf(m,
translate_error_forward(ret), strerror(-ret)));
^
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c:1366:25: error: format not
a string literal and no format arguments [-Werror=format-security]
assert_se(r = dbus_message_new_error_printf(m,
translate_error_forward(ret), strerror(-ret)));
^
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c:1371:25: error: format not
a string literal and no format arguments [-Werror=format-security]
assert_se(r = dbus_message_new_error_printf(m,
translate_error_forward(ret), strerror(-ret)));
^
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c:1388:25: error: format not
a string literal and no format arguments [-Werror=format-security]
assert_se(r = dbus_message_new_error_printf(m,
translate_error_forward(ret), strerror(-ret)));
^
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c:1413:25: error: format not
a string literal and no format arguments [-Werror=format-security]
assert_se(r = dbus_message_new_error_printf(m,
translate_error_forward(ret), strerror(-ret)));
^
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c:1418:25: error: format not
a string literal and no format arguments [-Werror=format-security]
assert_se(r = dbus_message_new_error_printf(m,
translate_error_forward(ret), strerror(-ret)));
^
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c:1423:25: error: format not
a string literal and no format arguments [-Werror=format-security]
assert_se(r = dbus_message_new_error_printf(m,
translate_error_forward(ret), strerror(-ret)));
^
Please find an attached patch to fix it.
- --
Cheers,
Andrew
-BEGIN PGP SIGNATURE-
iQI8BAEBCAAmBQJYqzVrHxxhbmRyZXcuc2hhZHVyYUBjb2xsYWJvcmEuY28udWsA
CgkQQWcbs0qEk4G3FhAAzXBp0ljgzhQ6c5rsUsYzLMHU0fumzp3PNX0Ta6OkUOe0
6DShV8EEI81ejLiViaVnvyoJ5ThwpbcYojRYXws0lDCn7xmqdRspB3zCrgnmWc34
naI1UyP/Nvk1QqVGWP91ZKh31BHjp2UHGeknLwA2e87ausZvAqAdH/5b81J3moRs
0FtEGj3qT+IUnYPqdaS1rMsqUeTP9ePuI8r8qbnjYxJ9pomcIspCBcNculJThO/1
MQnGcLnLjCxtJl7vQ8EDajLgpmv+zn+oD33FEMxMdl4aB25jU/YolFe/g3ijK9jP
4Mj6AIB7yIWsL8p+wDi/BfRkKHoXQNzMb+Lwe1WuTTcBjVcggpYe6IsTF9Ux9MA/
hSilxWiuj3ahIi/qboWvmZHGG3+F68Vcr0AC/7VxtDiKMgf45lkRLp4xF+S3WMFW
y871BCOz21LqUi1jXZK+ab6IYN6FoqwSPhsxrvCv8PzC56pLU5+tgp68ADrTkhZo
6w4luPWjkYu7otxsQ95vI2BeVVXdpGBSrkSciTI1KFOdzgnfxFCHFAT9p+FQlmS2
1lQe4O3x4JAtAfrZ4zB/JDPdRYUWSb0FK25F03jZ361DOnfnSbvSvDmIi05CscM3
82xjg8gjfP8QGjLDb/EYMaFzhOD3cVPXyL4OefXMcoFHDeNFoXVAdDUY3G4yVAs=
=RfGv
-END PGP SIGNATURE-
diff -Nru rtkit-0.11/debian/changelog rtkit-0.11/debian/changelog
--- rtkit-0.11/debian/changelog 2015-10-24 23:44:21.0 +0200
+++ rtkit-0.11/debian/changelog 2017-02-20 19:15:34.0 +0100
@@ -1,3 +1,11 @@
+rtkit (0.11-4.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add a format string to dbus_message_new_error_printf (fixes an FTBFS due to
+-Werror=format-security).
+
+ -- Andrew Shadura Mon, 20 Feb 2017 19:15:34 +0100
+
rtkit (0.11-4) unstable; urgency=medium
* Remove stale ubuntu.series file.
diff -Nru rtkit-0.11/debian/patches/0006-fix-format-strings.patch rtkit-0.11/debian/patches/0006-fix-format-strings.patch
--- rtkit-0.11/debian/patches/0006-fix-format-strings.patch 1970-01-01 01:00:00.0 +0100
+++ rtkit-0.11/debian/patches/0006-fix-format-strings.patch 2017-02-20 19:15:34.0 +0100
@@ -0,0 +1,68 @@
+From: Andrew Shadura
+Date: Mon, 20 Feb 2017 19:17:18 +0100
+Subject: Add a format string to dbus_message_new_error_printf (fixes an FTBFS
+ due to -Werror=format-security).
+Forwarded: no
+
+--- a/rtkit-daemon.c
b/rtkit-daemon.c
+@@ -1333,7 +1333,7 @@
+ int ret;
+
+ if ((ret = verify_canary_refusal()) < 0) {
+-assert_se(r =