Summary: | sys-apps/cciss_vol_status-1.06 version bump | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Johan Bergström <bugs> |
Component: | New packages | Assignee: | Tony Vroon (RETIRED) <chainsaw> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | CC: | |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
cciss_vol_status-1.06.ebuild
1.06-strncmp.patch |
Description
Johan Bergström
2010-01-05 10:34:40 UTC
Created attachment 215258 [details]
cciss_vol_status-1.06.ebuild
Here's a quick update of the ebuild. It needs a patch to compile which is attached shortly.
Created attachment 215260 [details, diff]
1.06-strncmp.patch
Patch for compiling cciss_vol_status 1.06.
Severity should be changed to major. This is more than a version bump: "You are strongly advised to upgrade from previous version, 1.04 due to a bug in the latter in reporting of logical drive status for logical drives with active spares" Works fine for me for weeks on amd64 and x86 too. I don't agree with the patch in this report; I believe strnlen was a typo (it does indeed require two arguments). strlen is the right thing to do, that way the protection of strncmp remains in place. Your patch could allow a buffer overflow to take place. +*cciss_vol_status-1.06 (02 May 2010) + + 02 May 2010; <chainsaw@gentoo.org> +files/1.06-strlen-typo.patch, + +cciss_vol_status-1.06.ebuild: + Version bump, as requested by Johan Bergström in bug #299729. Patched out + a strnlen vs strlen typo. |