[xdialog] Fix fprintf() of untrusted format string (#1037393)
konradm
konradm at fedoraproject.org
Tue Dec 3 14:00:53 UTC 2013
commit af9515d9f75d634b549b53668a65e1704a8b783a
Author: Conrad Meyer <cse.cem at gmail.com>
Date: Tue Dec 3 09:00:40 2013 -0500
Fix fprintf() of untrusted format string (#1037393)
xdialog-2.3.1-secure-fprintf.diff | 25 +++++++++++++++++++++++++
xdialog.spec | 8 +++++++-
2 files changed, 32 insertions(+), 1 deletions(-)
---
diff --git a/xdialog-2.3.1-secure-fprintf.diff b/xdialog-2.3.1-secure-fprintf.diff
new file mode 100644
index 0000000..bc63ef3
--- /dev/null
+++ b/xdialog-2.3.1-secure-fprintf.diff
@@ -0,0 +1,25 @@
+--- src/main.c.orig 2006-08-13 14:22:58.000000000 -0400
++++ src/main.c 2013-12-03 08:56:48.341655122 -0500
+@@ -261,21 +261,21 @@
+ strcpy(cmd, strlen(name) < 32 ? name : XDIALOG);
+
+ strcpysafe(msg, HELP_TEXT1, HELP_MSG_SIZE);
+ strcatsafe(msg, cmd, HELP_MSG_SIZE);
+ strcatsafe(msg, HELP_TEXT2, HELP_MSG_SIZE);
+ #ifdef USE_SCANF
+ strcatsafe(msg, HELP_TEXT3, HELP_MSG_SIZE);
+ #endif
+
+ fprintf(stderr, "%s: %s !\n", cmd, errmsg);
+- fprintf(stderr, msg);
++ fprintf(stderr, "%s", msg);
+
+ if (strlen(msg) == HELP_MSG_SIZE-1)
+ fprintf(stderr, "\n\nHelp message truncated, please re-compile "\
+ "after increasing HELP_MSG_SIZE in main.c !\n");
+
+ strcpysafe(Xdialog.title, "Usage for ", MAX_TITLE_LENGTH);
+ strcatsafe(Xdialog.title, cmd, MAX_TITLE_LENGTH);
+ Xdialog.cancel_button = Xdialog.help = Xdialog.icon = Xdialog.check = FALSE;
+ if (!Xdialog.print) {
+ Xdialog.print = TRUE;
diff --git a/xdialog.spec b/xdialog.spec
index bc49248..e9b1d1e 100644
--- a/xdialog.spec
+++ b/xdialog.spec
@@ -3,13 +3,15 @@
Name: xdialog
Summary: X11 drop in replacement for cdialog
Version: 2.3.1
-Release: 11%{?dist}
+Release: 12%{?dist}
License: GPL+
Group: Applications/System
URL: http://xdialog.free.fr
Source0: http://xdialog.free.fr/%{real_name}-%{version}.tar.bz2
Patch0: xdialog-2.3.1-nostrip.patch
+# RHBZ #1037393: Fixes a format string vulnerability (via argv[0])
+Patch1: xdialog-2.3.1-secure-fprintf.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gtk+-devel >= 1.2.0
@@ -34,6 +36,7 @@ iconv -f latin1 -t utf8 ChangeLog > ChangeLog.utf8
touch -c -r ChangeLog ChangeLog.utf8
mv ChangeLog.utf8 ChangeLog
%patch0 -p1 -b .nostrip
+%patch1 -p0 -b .fprintf
touch -c -r configure.nostrip configure
touch -c -r configure.in.nostrip configure.in
@@ -75,6 +78,9 @@ rm -rf %{buildroot}
%exclude %{_docdir}/%{real_name}-%{version}
%changelog
+* Tue Dec 3 2013 Conrad Meyer <cemeyer at uw.edu> - 2.3.1-12
+- Fix fprintf() of untrusted format string (#1037393)
+
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.3.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
More information about the scm-commits
mailing list