[traceroute] fix format-security issues

Tue Dec 3 15:23:40 UTC 2013

commit 8d7a2fd6285f4ed83dd06ef7331bdb1c45344db4
Author: Dmitry Butskoy <Dmitry at Butskoy.name>
Date:   Tue Dec 3 19:23:21 2013 +0400

    fix format-security issues

 traceroute-2.0.19-printf.patch |   24 ++++++++++++++++++++++++
 traceroute.spec                |    7 ++++++-
 2 files changed, 30 insertions(+), 1 deletions(-)
---

diff --git a/traceroute-2.0.19-printf.patch b/traceroute-2.0.19-printf.patch
new file mode 100644
index 0000000..6977b5f
--- /dev/null
+++ b/traceroute-2.0.19-printf.patch
@@ -0,0 +1,24 @@
+diff -Nrbu traceroute-2.0.19/libsupp/clif.c traceroute-2.0.19-OK/libsupp/clif.c
+--- traceroute-2.0.19/libsupp/clif.c	2007-08-06 19:20:17.000000000 +0400
++++ traceroute-2.0.19-OK/libsupp/clif.c	2013-12-03 19:18:36.100333217 +0400
+@@ -792,9 +792,9 @@
+ 	if (l > 0) {
+ 	    memset (buf, ' ', l);
+ 	    buf[l] = '\0';
+-	    fprintf (stderr, buf);
++	    fprintf (stderr, "%s", buf);
+ 	} else 
+-	    fprintf (stderr, spacer);
++	    fprintf (stderr, "%s", spacer);
+ 
+ 
+ 	endp = buf + width;
+@@ -833,7 +833,7 @@
+ 		    
+ 	    *p = '\0';
+ 	    fprintf (stderr, "%s", buf);
+-	    fprintf (stderr, spacer);
++	    fprintf (stderr, "%s", spacer);
+ 		
+ 	    p++;
+ 	    for (s = buf; *p; *s++ = *p++) ;
diff --git a/traceroute.spec b/traceroute.spec
index 5647939..e4ac4fa 100644
--- a/traceroute.spec
+++ b/traceroute.spec
@@ -2,12 +2,13 @@ Summary: Traces the route taken by packets over an IPv4/IPv6 network
 Name: traceroute
 Epoch: 3
 Version: 2.0.19
-Release: 4%{?dist}
+Release: 5%{?dist}
 Group: Applications/Internet
 License: GPLv2+
 URL:  http://traceroute.sourceforge.net
 Source0: http://downloads.sourceforge.net/project/traceroute/traceroute/traceroute-%{version}/traceroute-%{version}.tar.gz
 Patch0: traceroute-2.0.19-man.patch
+Patch1: traceroute-2.0.19-printf.patch
 
 Provides: tcptraceroute = 1.5-1
 Obsoletes: tcptraceroute < 1.5-1
@@ -28,6 +29,7 @@ problems.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 
 %build
@@ -61,6 +63,9 @@ popd
 
 
 %changelog
+* Tue Dec  3 2013 Dmitry Butskoy <Dmitry at Butskoy.name>  - 3:2.0.19-5
+- fix format-security issue (#1037363)
+
 * Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3:2.0.19-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 
