[freewrl] fix format-security issue

Tom Callaway spot at fedoraproject.org
Tue Dec 3 15:53:43 UTC 2013 

commit 0b63ddb68351f26f67a289ef833efc344e06d164
Author: Tom Callaway <spot at fedoraproject.org>
Date:   Tue Dec 3 10:53:38 2013 -0500

    fix format-security issue

 freewrl-1.22.13-format-security-fix.patch |   12 ++++++++++++
 freewrl.spec                              |   15 ++++++---------
 2 files changed, 18 insertions(+), 9 deletions(-)
---
diff --git a/freewrl-1.22.13-format-security-fix.patch b/freewrl-1.22.13-format-security-fix.patch
new file mode 100644
index 0000000..6f41440
--- /dev/null
+++ b/freewrl-1.22.13-format-security-fix.patch
@@ -0,0 +1,12 @@
+diff -up freewrl-1.22.13/src/lib/main/ConsoleMessage.c.format-security freewrl-1.22.13/src/lib/main/ConsoleMessage.c
+--- freewrl-1.22.13/src/lib/main/ConsoleMessage.c.format-security	2013-12-03 10:31:01.132222031 -0500
++++ freewrl-1.22.13/src/lib/main/ConsoleMessage.c	2013-12-03 10:33:18.232054080 -0500
+@@ -327,7 +327,7 @@ int fwvsnprintf(char *buffer,int buffer_
+ 
+ 		if (j) {
+ 			format[j] = '\0';
+-			count += sprintf(tempbuf, format);/* printf it verbatim				*/
++			count += sprintf(tempbuf, "%s", format);/* printf it verbatim				*/
+ 			fmt += j;
+ 		} else {
+ 			for (j = 0; !isalpha(fmt[j]); j++) {	 /* find end of format specifier */
diff --git a/freewrl.spec b/freewrl.spec
index 5562f04..cc3b9bf 100644
--- a/freewrl.spec
+++ b/freewrl.spec
@@ -2,13 +2,14 @@
 
 Name:		freewrl
 Version:	%{basever}.1
-Release:	10%{?dist}
+Release:	11%{?dist}
 Summary:	X3D / VRML visualization program
 Group:		Applications/Internet
 License:	LGPLv3+
 URL:		http://freewrl.sourceforge.net
 Source0:	http://sourceforge.net/projects/freewrl/files/freewrl-linux/1.22/%{name}-%{version}.tar.bz2
 Source1:	README.FreeWRL.java
+Patch0:		freewrl-1.22.13-format-security-fix.patch
 BuildRequires:	zlib-devel, freetype-devel, fontconfig-devel 
 BuildRequires:	imlib2-devel, nspr-devel, xulrunner-devel, js-devel
 BuildRequires:	expat-devel, libXxf86vm-devel, libX11-devel, libXext-devel
@@ -69,14 +70,7 @@ browser plugin for Firefox (and other xulrunner compatible browsers).
 
 %prep
 %setup -q -n %{name}-%{basever}
-# %patch0 -p1 -b .xul13
-# %patch1 -p1 -b .noJS_FinalizeStub
-# %patch2 -p1 -b .noMaybeGC
-# %patch3 -p1 -b .NewGlobalObject
-# %patch4 -p1 -b .jsgp
-# %patch5 -p1 -b .wrappers
-# %patch6 -p1 -b .nojsco
-# %patch7 -p1 -b .jsnvv
+%patch0 -p1 -b .format-security
 cp %{SOURCE1} .
 # Don't need it.
 rm -rf appleOSX/
@@ -150,6 +144,9 @@ chrpath --delete %{buildroot}%{_libdir}/libFreeWRLEAI.so.*
 %{_libdir}/mozilla/plugins/libFreeWRLplugin.so
 
 %changelog
+* Tue Dec  3 2013 Tom Callaway <spot at fedoraproject.org> - 1.22.13.1-11
+- fix error with -Werror=format-security 
+
 * Mon Nov 18 2013 Dave Airlie <airlied at redhat.com> - 1.22.13.1-10
 - rebuilt for GLEW 1.10

More information about the scm-commits mailing list