[swarp] Fix format security error (bz #1037344)

Sergio Pascual sergiopr at fedoraproject.org
Thu Dec 5 10:34:36 UTC 2013 

commit 221034b3620c6f48bd374d9e89f5f265e69f4b96
Author: Sergio Pascual <sergiopr at fis.ucm.es>
Date:   Thu Dec 5 11:34:08 2013 +0100

    Fix format security error (bz #1037344)
    
    - Spec cleanup

 swarp-format-sec.patch |   12 ++++++++++++
 swarp.spec             |   16 ++++++++--------
 2 files changed, 20 insertions(+), 8 deletions(-)
---
diff --git a/swarp-format-sec.patch b/swarp-format-sec.patch
new file mode 100644
index 0000000..0496758
--- /dev/null
+++ b/swarp-format-sec.patch
@@ -0,0 +1,12 @@
+diff -ur sextractor-2.8.6/src/fits/fitskey.c sextractor-2.8.6.format/src/fits/fitskey.c
+--- sextractor-2.8.6/src/fits/fitskey.c	2009-01-29 14:51:59.000000000 +0100
++++ sextractor-2.8.6.format/src/fits/fitskey.c	2013-12-05 10:32:54.873268916 +0100
+@@ -946,7 +946,7 @@
+   if (kflag)
+     free(keys);
+   if (o_type == SHOW_SKYCAT) 
+-     fprintf(stream, skycattail);
++     fprintf(stream, "%s", skycattail);
+   return;
+   }
+ 
diff --git a/swarp.spec b/swarp.spec
index fbdd06a..ab62020 100644
--- a/swarp.spec
+++ b/swarp.spec
@@ -1,13 +1,13 @@
 Name: swarp
 Version: 2.19.1
-Release: 7%{?dist}
+Release: 8%{?dist}
 Summary: Tool that resamples and co-adds together FITS images
 
 Group: Applications/Engineering
 License: CeCILL
 URL: http://www.astromatic.net/software/%{name}
 Source0: ftp://ftp.iap.fr/pub/from_users/bertin/%{name}/%{name}-%{version}.tar.gz
-Buildroot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
+Patch0: swarp-format-sec.patch
 
 %description
 SWarp is a program that resamples and co-adds together FITS images 
@@ -23,6 +23,7 @@ This package contains the documentation for %{name}.
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 %configure --enable-threads
@@ -32,11 +33,7 @@ make %{?_smp_mflags}
 rm -rf %{buildroot}
 make DESTDIR=%{buildroot} install
 
-%clean
-rm -fr %{buildroot}
-
 %files
-%defattr(-,root,root)
 %doc AUTHORS BUGS COPYRIGHT HISTORY README THANKS TODO
 %{_bindir}/*
 %{_mandir}/man1/*
@@ -44,10 +41,13 @@ rm -fr %{buildroot}
 %{_datadir}/%{name}/
 
 %files doc
-%defattr(-,root,root,-)
 %doc COPYRIGHT doc/swarp.pdf 
 
 %changelog
+* Thu Dec 05 2013 Sergio Pascual <sergiopr at fedoraproject.org> - 2.19.1-8
+- Fix format security error (bz #1037344)
+- Spec cleanup
+
 * Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.19.1-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 
@@ -90,5 +90,5 @@ rm -fr %{buildroot}
 * Sat Jun 21 2008 Sergio Pascual <sergiopr at fedoraproject.org> 2.17.1-2
 - Spec cleanup
 
-* Tue Jun 19 2008 Sergio Pascual <sergiopr at fedoraproject.org> 2.17.1-1
+* Thu Jun 19 2008 Sergio Pascual <sergiopr at fedoraproject.org> 2.17.1-1
 - Initial spec file.

More information about the scm-commits mailing list