Bug#646448: libexosip2: diff for NMU version 3.3.0-1.1

Julien Cristau jcristau at debian.org
Tue Dec 6 21:20:20 UTC 2011 

On Tue, Dec  6, 2011 at 21:15:01 +0100, Simon Paillard wrote:

> tags 646448 + patch
> tags 646448 + pending
> thanks
> 
> Dear maintainer,
> 
> I've prepared an NMU for libexosip2 (versioned as 3.3.0-1.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.
> 
> Regards.
> 
> -- 
> Simon Paillard

> diffstat for libexosip2_3.3.0-1 libexosip2_3.3.0-1.1
> 
>  libexosip2-3.3.0/debian/changelog |    7 +++++++
>  src/eXutils.c                     |    4 ++--
>  src/jauth.c                       |    2 +-
>  3 files changed, 10 insertions(+), 3 deletions(-)
> 
> diff -u libexosip2-3.3.0/debian/changelog libexosip2-3.3.0/debian/changelog
> --- libexosip2-3.3.0/debian/changelog
> +++ libexosip2-3.3.0/debian/changelog
> @@ -1,3 +1,10 @@
> +libexosip2 (3.3.0-1.1) unstable; urgency=low
> +
> +  * Non-maintainer upload.
> +  * Fix FTBFS -Werror=format-security (Closes: #646448)
> +
> + -- Simon Paillard <spaillard at debian.org>  Tue, 06 Dec 2011 20:48:18 +0100
> +
>  libexosip2 (3.3.0-1) unstable; urgency=low
>  
>    * New upstream release
> only in patch2:
> unchanged:
> --- libexosip2-3.3.0.orig/src/jauth.c
> +++ libexosip2-3.3.0/src/jauth.c
> @@ -1189,7 +1189,7 @@
>        http_auth = &eXosip.http_auths[pos];
>        if (http_auth->pszCallId[0] == '\0')
>          {
> -          snprintf (http_auth->pszCallId, sizeof (http_auth->pszCallId), call_id);
> +          snprintf (http_auth->pszCallId, sizeof (http_auth->pszCallId), "%s", call_id);
>            snprintf (http_auth->pszCNonce, sizeof (http_auth->pszCNonce),
>                      "0a4f113b");
>            http_auth->iNonceCount = 1;
> only in patch2:
> unchanged:
> --- libexosip2-3.3.0.orig/src/eXutils.c
> +++ libexosip2-3.3.0/src/eXutils.c
> @@ -1375,7 +1375,7 @@
>  
>    if (strlen (protocol) >= 100)
>      return OSIP_BADPARAMETER;
> -  snprintf (tr, 100, protocol);
> +  snprintf (tr, 100, "%s", protocol);
>    osip_tolower (tr);
>  
>    snprintf (zone, 1024, "%s", domain);
> @@ -1594,7 +1594,7 @@
>  
>    if (strlen (protocol) >= 100)
>      return OSIP_BADPARAMETER;
> -  snprintf (tr, 100, protocol);
> +  snprintf (tr, 100, "%s", protocol);
>    osip_tolower (tr);
>    if (eXosip.use_naptr)
>      n = eXosip_get_naptr (domain, protocol, zone, sizeof (zone) - 1);

strncpy would seem like the right function in both those places...

Cheers,
Julien

More information about the Pkg-voip-maintainers mailing list