[gtkada] Patches for gtkada-2.24.4 with gnat-pro-17.x (and higher)

[BEAUGY Alexandre]

Hi Björn,

About gtkada2-2.24.4, it came from a commercial version of GNAT.
I'm not that much aware of what is the latest released GPL version of gtkada2, but from what I can see on debian packages webpage, there exist a source package for gtkada2-gpl-2.24.4-src (http://deb.debian.org/debian/pool/main/libg/libgtkada/libgtkada_2.24.4dfsg.orig.tar.xz).

Also, thanks for the string copy patch update.

Br,

-- 
Alexandre

-----Message d'origine-----
De : gtkada-bounces at lists.adacore.com [mailto:gtkada-bounces at lists.adacore.com] De la part de Björn Persson
Envoyé : jeudi 7 mars 2019 15:20
À : gtkada at lists.adacore.com
Objet : Re: [gtkada] Patches for gtkada-2.24.4 with gnat-pro-17.x (and higher)

BEAUGY Alexandre wrote:
> First of all, to avoid any misunderstanding, the solution I will 
> detail below is mainly based on Fedora Project's work on gtkada2 
> (thanks to them),

You're welcome. It's good to know that my work is useful to people.

> 2. Then I did a(n incomplete) work of creating an equivalent set of 
> patches adapted to gtkada2-2.24.4,

I thought we had the last release of GTKada 2 in Fedora. Where did you find 2.24.4?

> - GtkAda-2.24.2-stringcopy.patch

That patch is outdated. I have fixed more format string bugs since Fedora 24. I have no proof that they're exploitable, but that doesn't mean that they aren't. It's best to not take the risk:

https://src.fedoraproject.org/rpms/GtkAda/raw/master/f/GtkAda-2.24.2-format_security.patch

Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7349 bytes
Desc: not available
URL: </pipermail/gtkada/attachments/20190313/95f2c200/attachment.bin>