[xpenguins] Fix printf format security issue. Bz #1037404.

Göran Uddeborg goeran at fedoraproject.org
Tue Dec 3 13:22:28 UTC 2013 

commit 83a2740001625902637d7efab84e157bb4616629
Author: Göran Uddeborg <goeran at uddeborg.se>
Date:   Tue Dec 3 14:21:40 2013 +0100

    Fix printf format security issue.  Bz #1037404.

 xpenguins-2.2-format-security.patch |   11 +++++++++++
 xpenguins.spec                      |   12 ++++++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)
---
diff --git a/xpenguins-2.2-format-security.patch b/xpenguins-2.2-format-security.patch
new file mode 100644
index 0000000..4aba352
--- /dev/null
+++ b/xpenguins-2.2-format-security.patch
@@ -0,0 +1,11 @@
+--- src/xpenguins_theme.c~	2001-10-02 00:36:12.000000000 +0200
++++ src/xpenguins_theme.c	2013-12-03 12:54:49.000000000 +0100
+@@ -608,7 +608,7 @@
+ 	    xpm_file_name = word;
+ 	  }
+ 	  else {
+-	    snprintf(file_base, MAX_STRING_LENGTH, word);
++	    snprintf(file_base, MAX_STRING_LENGTH, "%s", word);
+ 	    xpm_file_name = file_name;
+ 	  }
+ 	  if (current->image) {
diff --git a/xpenguins.spec b/xpenguins.spec
index 601ce30..7293ef4 100644
--- a/xpenguins.spec
+++ b/xpenguins.spec
@@ -1,6 +1,6 @@
 Name: xpenguins
 Version: 2.2
-Release: 7
+Release: 8
 Summary: Cute little penguins that walk along the tops of your windows
 Summary(sv): Söta små pingviner som vandrar längs överkanterna på dina fönster
 
@@ -9,6 +9,10 @@ License: GPLv2+
 URL: http://xpenguins.seul.org/
 
 Source: http://xpenguins.seul.org/%name-%version.tar.gz
+# Mailed upstreams developer with this patch, but it is unclear if
+# there ever will be a new release.  This is a rather inactive
+# project.
+Patch: xpenguins-2.2-format-security.patch
 
 BuildRequires: desktop-file-utils
 BuildRequires: ImageMagick
@@ -25,7 +29,7 @@ XPenguins animates a friendly family of penguins in your root window.
 They drop in from the top of the screen, walk along the tops of your
 windows, up the side of your windows, levitate, skateboard, and do
 other similarly exciting things.  XPenguins is now themeable so if
-you're bored of penguins, try something else.  The themes that come
+you are bored of penguins, try something else.  The themes that come
 with this package are "Penguins", "Classic Penguins", "Big Penguins",
 "Turtles" and "Bill".
 
@@ -41,6 +45,7 @@ Penguins" (klassiska pingviner), "Big Penguins" (stora pingviner),
 
 %prep
 %setup -q
+%patch
 
 %build
 %configure
@@ -88,6 +93,9 @@ gtk-update-icon-cache %icontop &>/dev/null || :
 %icondir/%name.png
 
 %changelog
+* Tue Dec 03 2013 Göran Uddeborg <goeran at uddeborg.se> - 2.2-8
+- Fix printf format security issue.  Bz #1037404.
+
 * Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.2-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

More information about the scm-commits mailing list