[mj] Upgraded to new upstream 1.13. Bz #1021370 Fixed printf format security issue. Bz #1037202. Removed
Göran Uddeborg
goeran at fedoraproject.org
Tue Dec 3 14:56:04 UTC 2013
commit 6e1a6b42f5971e1d2c33a17e6982185e2030c9eb
Author: Göran Uddeborg <goeran at uddeborg.se>
Date: Tue Dec 3 15:55:36 2013 +0100
Upgraded to new upstream 1.13. Bz #1021370
Fixed printf format security issue. Bz #1037202.
Removed obsolete %defattr declaration.
.gitignore | 1 +
mj-1.13-format-security.patch | 31 +++++++++++++++++++++++++++++++
mj.spec | 15 +++++++++++----
sources | 2 +-
4 files changed, 44 insertions(+), 5 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index e7fd408..1ec6aa4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
/mj-GPL-1.12-src.tar.bz2
+/mj-GPL-1.13-src.tar.bz2
diff --git a/mj-1.13-format-security.patch b/mj-1.13-format-security.patch
new file mode 100644
index 0000000..14db52b
--- /dev/null
+++ b/mj-1.13-format-security.patch
@@ -0,0 +1,31 @@
+--- gui.c~ 2013-08-28 23:11:11.000000000 +0200
++++ gui.c 2013-12-03 14:42:29.000000000 +0100
+@@ -3229,7 +3229,7 @@
+ /* check that we can actually read the file */
+ if ( !gfile || !(foo = fopen(gfile,"r")) ) {
+ char rdmsg[] = "Can't read game file: ";
+- sprintf(buf,rdmsg);
++ strcpy(buf,rdmsg);
+ strmcat(buf,strerror(errno),sizeof(buf)-sizeof(rdmsg));
+ error_dialog_popup(buf);
+ return;
+--- greedy.c~ 2013-08-28 23:11:11.000000000 +0200
++++ greedy.c 2013-12-03 15:25:06.000000000 +0100
+@@ -217,7 +217,7 @@
+ }
+ }
+ } else {
+- fprintf(stderr,argv[i]);
++ fputs(argv[i],stderr);
+ usage(argv[0],"unknown option or argument");
+ }
+ }
+@@ -1245,7 +1245,7 @@
+ sprintf(tb,"(%4.1f) ",mval);
+ strncpy(&totbuf[11*(reclevel-1)+4],tb,7);
+ }
+- else fprintf(debugf,totbuf);
++ else fputs(totbuf,debugf);
+ }
+ return mval;
+ }
diff --git a/mj.spec b/mj.spec
index ae2904d..b803cc1 100644
--- a/mj.spec
+++ b/mj.spec
@@ -1,6 +1,6 @@
Name: mj
-Version: 1.12
-Release: 5%{?dist}
+Version: 1.13
+Release: 1
Summary: Mah-Jong program with network option
Summary(sv): Mah-Jong-program med nätmöjlighet
@@ -17,6 +17,8 @@ Source0: %name-GPL-%version-src.tar.bz2
# and run the command:
# ./remove-non-GPL.sh %version
Source1: remove-non-GPL.sh
+# Submittet upstreams via email.
+Patch: mj-1.13-format-security.patch
BuildRequires: perl
BuildRequires: gtk2-devel
@@ -52,6 +54,7 @@ kombination av de två.
%prep
%setup -q -n %name-%version-src
+%patch
# Convert the kdegames tiles to the format of the bundled ones.
mkdir tiles-kdegames
cd tiles-kdegames
@@ -122,7 +125,6 @@ gtk-update-icon-cache %icontop &>/dev/null || :
%files
-%defattr(-,root,root,-)
%doc ChangeLog CHANGES LICENCE README rules.txt use.txt
%_bindir/*
%_mandir/man1/*
@@ -131,6 +133,11 @@ gtk-update-icon-cache %icontop &>/dev/null || :
%changelog
+* Tue Dec 3 2013 Göran Uddeborg <goeran at uddeborg.se> 1.13-1
+- Upgraded to new upstream 1.13. Bz #1021370
+- Fixed printf format security issue. Bz #1037202.
+- Removed obsolete %defattr declaration.
+
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.12-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
@@ -174,7 +181,7 @@ gtk-update-icon-cache %icontop &>/dev/null || :
* Thu Apr 22 2010 Göran Uddeborg <goeran at uddeborg.se> 1.10-4
- Remove non-free tile images from the upstreams tar file.
-* Mon Apr 10 2010 Göran Uddeborg <goeran at uddeborg.se> 1.10-3
+* Sat Apr 10 2010 Göran Uddeborg <goeran at uddeborg.se> 1.10-3
- Updated according to comments in review.
- Use names instead of hex codes on colors.
diff --git a/sources b/sources
index ac3922b..fb2ff53 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-d87399f9af42d8c0d32ac7c7a9f69e03 mj-GPL-1.12-src.tar.bz2
+2f1af411f6521d53cb31101be4246b03 mj-GPL-1.13-src.tar.bz2
More information about the scm-commits
mailing list