[meanwhile] Do not use string literals to printf()'s

Tony Breeds tbreeds at fedoraproject.org
Wed Dec 4 21:33:24 UTC 2013 

commit a10e8a2c7f36201a5960310709cbd20765142a88
Author: Tony Breeds <tony at bakeyournoodle.com>
Date:   Thu Dec 5 08:32:30 2013 +1100

    Do not use string literals to printf()'s
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1037196
    
    Signed-off-by: Tony Breeds <tony at bakeyournoodle.com>

 meanwhile-format-security-fix.patch |   21 +++++++++++++++++++++
 meanwhile.spec                      |    8 +++++++-
 2 files changed, 28 insertions(+), 1 deletions(-)
---
diff --git a/meanwhile-format-security-fix.patch b/meanwhile-format-security-fix.patch
new file mode 100644
index 0000000..8f3a7b7
--- /dev/null
+++ b/meanwhile-format-security-fix.patch
@@ -0,0 +1,21 @@
+diff -purN meanwhile-1.1.0.orig/src/mw_debug.c meanwhile-1.1.0/src/mw_debug.c
+--- meanwhile-1.1.0.orig/src/mw_debug.c	2013-12-03 14:32:31.828241985 +1100
++++ meanwhile-1.1.0/src/mw_debug.c	2013-12-03 14:34:30.152967856 +1100
+@@ -92,7 +92,7 @@ void mw_debug_datav(const guchar *buf, g
+   }
+   pretty_print(str, buf, len);
+ 
+-  g_debug(str->str);
++  g_debug("%s", str->str);
+   g_string_free(str, TRUE);
+ }
+ 
+@@ -149,7 +149,7 @@ void mw_mailme_datav(const guchar *buf,
+ 
+   g_string_append(str, MW_MAILME_CUT_STOP);
+ 
+-  g_debug(str->str);
++  g_debug("%s", str->str);
+   g_string_free(str, TRUE);
+ 
+ #else
diff --git a/meanwhile.spec b/meanwhile.spec
index 2705edb..4cdf59b 100644
--- a/meanwhile.spec
+++ b/meanwhile.spec
@@ -1,6 +1,6 @@
 Name:           meanwhile
 Version:        1.1.0
-Release:        12%{?dist}
+Release:        13%{?dist}
 Summary:        Lotus Sametime Community Client library
 License:        LGPLv2+
 URL:            http://%{name}.sourceforge.net
@@ -15,6 +15,8 @@ Patch0:         %{name}-crash.patch
 Patch1:         %{name}-fix-glib-headers.patch
 Patch2:         %{name}-file-transfer.patch
 Patch3:         %{name}-status-timestamp-workaround.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1037196
+Patch4:         %{name}-format-security-fix.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -54,6 +56,7 @@ Documentation for the %{name} library.
 %patch1 -p1 -b .fix-glib-headers
 %patch2 -p1 -b .file-transfer
 %patch3 -p1 -b .status-timestamp-workaround
+%patch4 -p1 -b .format-security-fix
 
 %build
 autoreconf -vif
@@ -88,6 +91,9 @@ rm -rf %{buildroot}%{_datadir}/doc/%{name}-doc-%{version}/
 %doc docs/*
 
 %changelog
+* Tue Dec 03 2013 Tony Breeds <tony at bakeyournoodle.com> - 1.1.0-13
+- Closes #1037196
+
 * Thu Aug 08 2013 Simone Caronni <negativo17 at gmail.com> - 1.1.0-12
 - Fix documentation generation.
 - SPEC file cleanup.

More information about the scm-commits mailing list