[freetds] update to the latest git source for 0.91 branch fix format-security issue

Dmitry Butskoy buc at fedoraproject.org
Tue Dec 3 15:49:31 UTC 2013 

commit a3095455b9d7ba0f63be40a0d756750a6514f7ea
Author: Dmitry Butskoy <Dmitry at Butskoy.name>
Date:   Tue Dec 3 19:48:51 2013 +0400

    update to the latest git source for 0.91 branch
    fix format-security issue

 .gitignore                |    1 +
 freetds-0.91-printf.patch |   12 ++++++++++++
 freetds.spec              |   10 ++++++++--
 sources                   |    2 +-
 4 files changed, 22 insertions(+), 3 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index b4f43a2..368bcf7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@ freetds-0.82.tar.gz
 /freetds-0.91-f3ae29d.tar.gz
 /freetds-0.91-b760a89.tar.gz
 /freetds-0.91-748aa26.tar.gz
+/freetds-0.91-0a42888.tar.gz
diff --git a/freetds-0.91-printf.patch b/freetds-0.91-printf.patch
new file mode 100644
index 0000000..4442c0a
--- /dev/null
+++ b/freetds-0.91-printf.patch
@@ -0,0 +1,12 @@
+diff -rbu freetds-freetds/src/apps/bsqldb.c freetds-freetds-OK/src/apps/bsqldb.c
+--- freetds-freetds/src/apps/bsqldb.c	2013-08-22 00:19:20.000000000 +0400
++++ freetds-freetds-OK/src/apps/bsqldb.c	2013-12-03 19:32:39.916501589 +0400
+@@ -545,7 +545,7 @@
+ 							perror("could not write to output file");
+ 							exit(EXIT_FAILURE);
+ 						}
+-						fprintf(stdout, metadata[c].format_string); /* col/row separator */
++						fprintf(stdout, "%s", metadata[c].format_string); /* col/row separator */
+ 						continue;
+ 					}
+ 					switch (data[c].status) { /* handle nulls */
diff --git a/freetds.spec b/freetds.spec
index 50a3199..db55a28 100644
--- a/freetds.spec
+++ b/freetds.spec
@@ -1,4 +1,4 @@
-%define git_commit	748aa26
+%define git_commit	0a42888
 
 %ifarch alpha ia64 x86_64 ppc64 sparc64 s390x aarch64
 %define bits	64
@@ -9,7 +9,7 @@
 Name: freetds
 Summary: Implementation of the TDS (Tabular DataStream) protocol
 Version: 0.91
-Release: 10.git%{git_commit}%{?dist}
+Release: 11.git%{git_commit}%{?dist}
 Group: System Environment/Libraries
 License: LGPLv2+ and GPLv2+
 URL: http://www.freetds.org/
@@ -22,6 +22,7 @@ Source0: freetds-%{version}-%{git_commit}.tar.gz
 
 #Source0: ftp://ftp.freetds.org/pub/freetds/stable/freetds-%{version}.tar.bz2
 Source1: freetds-tds_sysdep_public.h
+Patch1: freetds-0.91-printf.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: unixODBC-devel, readline-devel, gnutls-devel, krb5-devel
@@ -62,6 +63,7 @@ If you like to develop programs using %{name}, you will need to install
 %prep 
 %setup -q -n freetds-freetds
 #%setup -q
+%patch1 -p1
 
 #  correct perl path
 sed -i '1 s,#!.*/perl,#!%{__perl},' samples/*.pl
@@ -144,6 +146,10 @@ rm -rf $RPM_BUILD_ROOT
  
 
 %changelog
+* Tue Dec  3 2013 Dmitry Butskoy <Dmitry at Butskoy.name> - 0.91-11.git0a42888
+- update to the latest git source for 0_91 branch
+- fix format-security issue (#1037071)
+
 * Thu Aug 22 2013 Dmitry Butskoy <Dmitry at Butskoy.name> - 0.91-10.git748aa26
 - update to the latest git source for 0_91 branch
 - fix #999696
diff --git a/sources b/sources
index 5711b3f..6df1edc 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-66aef9ea3e087a99fcaeeb5f39aad1e4  freetds-0.91-748aa26.tar.gz
+e216be46db3e44a500a438d5057c3ba8  freetds-0.91-0a42888.tar.gz

More information about the scm-commits mailing list