Bug#855605: rtkit uses dbus_message_new_error_printf unsafely
Andrew Shadura
andrew.shadura at collabora.co.uk
Mon Feb 20 18:28:59 UTC 2017
Package: rtkit
Version: 0.11-4
Severity: important
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
rtkit uses dbus_message_new_error_printf in an unsafe way, which also causes
it to FTBFS when it builds against a newer dbus version (e.g. 1.11.8 and
newer, available in experimental):
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c: In function 'dbus_handler':
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c:1336:25: error: format not a string literal and no format arguments [-Werror=format-security]
assert_se(r = dbus_message_new_error_printf(m, translate_error_forward(ret), strerror(-ret)));
^
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c:1361:25: error: format not a string literal and no format arguments [-Werror=format-security]
assert_se(r = dbus_message_new_error_printf(m, translate_error_forward(ret), strerror(-ret)));
^
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c:1366:25: error: format not a string literal and no format arguments [-Werror=format-security]
assert_se(r = dbus_message_new_error_printf(m, translate_error_forward(ret), strerror(-ret)));
^
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c:1371:25: error: format not a string literal and no format arguments [-Werror=format-security]
assert_se(r = dbus_message_new_error_printf(m, translate_error_forward(ret), strerror(-ret)));
^
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c:1388:25: error: format not a string literal and no format arguments [-Werror=format-security]
assert_se(r = dbus_message_new_error_printf(m, translate_error_forward(ret), strerror(-ret)));
^
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c:1413:25: error: format not a string literal and no format arguments [-Werror=format-security]
assert_se(r = dbus_message_new_error_printf(m, translate_error_forward(ret), strerror(-ret)));
^
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c:1418:25: error: format not a string literal and no format arguments [-Werror=format-security]
assert_se(r = dbus_message_new_error_printf(m, translate_error_forward(ret), strerror(-ret)));
^
/usr/src/packages/BUILD/rtkit-0.11/./rtkit-daemon.c:1423:25: error: format not a string literal and no format arguments [-Werror=format-security]
assert_se(r = dbus_message_new_error_printf(m, translate_error_forward(ret), strerror(-ret)));
^
Please find an attached patch to fix it.
- --
Cheers,
Andrew
-----BEGIN PGP SIGNATURE-----
iQI8BAEBCAAmBQJYqzVrHxxhbmRyZXcuc2hhZHVyYUBjb2xsYWJvcmEuY28udWsA
CgkQQWcbs0qEk4G3FhAAzXBp0ljgzhQ6c5rsUsYzLMHU0fumzp3PNX0Ta6OkUOe0
6DShV8EEI81ejLiViaVnvyoJ5ThwpbcYojRYXws0lDCn7xmqdRspB3zCrgnmWc34
naI1UyP/Nvk1QqVGWP91ZKh31BHjp2UHGeknLwA2e87ausZvAqAdH/5b81J3moRs
0FtEGj3qT+IUnYPqdaS1rMsqUeTP9ePuI8r8qbnjYxJ9pomcIspCBcNculJThO/1
MQnGcLnLjCxtJl7vQ8EDajLgpmv+zn+oD33FEMxMdl4aB25jU/YolFe/g3ijK9jP
4Mj6AIB7yIWsL8p+wDi/BfRkKHoXQNzMb+Lwe1WuTTcBjVcggpYe6IsTF9Ux9MA/
hSilxWiuj3ahIi/qboWvmZHGG3+F68Vcr0AC/7VxtDiKMgf45lkRLp4xF+S3WMFW
y871BCOz21LqUi1jXZK+ab6IYN6FoqwSPhsxrvCv8PzC56pLU5+tgp68ADrTkhZo
6w4luPWjkYu7otxsQ95vI2BeVVXdpGBSrkSciTI1KFOdzgnfxFCHFAT9p+FQlmS2
1lQe4O3x4JAtAfrZ4zB/JDPdRYUWSb0FK25F03jZ361DOnfnSbvSvDmIi05CscM3
82xjg8gjfP8QGjLDb/EYMaFzhOD3cVPXyL4OefXMcoFHDeNFoXVAdDUY3G4yVAs=
=RfGv
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rtkit_0.11-4..4.1.debdiff
Type: text/x-diff
Size: 5042 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20170220/05e0cb6e/attachment-0001.diff>
More information about the pkg-multimedia-maintainers
mailing list