[clearsilver] CVE-2011-4357.

Mon Dec 12 14:04:46 UTC 2011

commit 10cc46eec2cef08d4f3b23c25ad8cd3816bd11a3
Author: Jon Ciesla <limburgher at gmail.com>
Date:   Mon Dec 12 08:04:28 2011 -0600

    CVE-2011-4357.

 clearsilver-0.10.5-CVE-2011-4357.patch |   13 +++++++++++++
 clearsilver.spec                       |    7 ++++++-
 2 files changed, 19 insertions(+), 1 deletions(-)
---

diff --git a/clearsilver-0.10.5-CVE-2011-4357.patch b/clearsilver-0.10.5-CVE-2011-4357.patch
new file mode 100644
index 0000000..b1cfc28
--- /dev/null
+++ b/clearsilver-0.10.5-CVE-2011-4357.patch
@@ -0,0 +1,13 @@
+Description: Fix FTBFS with -Werror=format-security
+
+--- a/python/neo_cgi.c
++++ b/python/neo_cgi.c
+@@ -178,7 +178,7 @@
+   if (!PyArg_ParseTuple(args, "s:error(str)", &s))
+     return NULL;
+ 
+-  cgi_error (cgi, s);
++  cgi_error (cgi, "%s", s);
+   rv = Py_None;
+   Py_INCREF(rv);
+   return rv;
diff --git a/clearsilver.spec b/clearsilver.spec
index 8829757..69a749a 100644
--- a/clearsilver.spec
+++ b/clearsilver.spec
@@ -2,7 +2,7 @@
 
 Name:           clearsilver
 Version:        0.10.5
-Release:        14%{?dist}
+Release:        15%{?dist}
 Summary:        Fast and powerful HTML templating system
 Group:          Development/Libraries
 # Technically, the license is "Neotonic ClearSilver", but it is a copy of 
@@ -12,6 +12,7 @@ URL:            http://www.clearsilver.net/
 Source0:        http://www.clearsilver.net/downloads/%{name}-%{version}.tar.gz
 Patch0:         clearsilver-0.10.5-fedora.patch
 Patch1:		clearsilver-0.10.5-regression.patch
+Patch2:		clearsilver-0.10.5-CVE-2011-4357.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  zlib-devel
 BuildRequires:  httpd-devel
@@ -83,6 +84,7 @@ Provides:       %{name}-java = %{version}-%{release}
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 touch configure
 sed -i 's|/neo/opt/bin/python|%{__python}|' python/examples/*/*.py
 sed -i 's|PYTHON_SITE = @PYTHON_SITE@|PYTHON_SITE = %{python_sitearch}|' rules.mk.in
@@ -172,6 +174,9 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Mon Dec 12 2011 Jon Ciesla <limburgher at gmail.com> - 0.10.5-15
+- Patch for CVE-2011-4357, BZ 757543.
+
 * Fri Jun 17 2011 Marcela Mašláňová <mmaslano at redhat.com> - 0.10.5-14
 - Perl mass rebuild
 
