[xmbdfed] fix format-security issues
Tom Callaway
spot at fedoraproject.org
Mon Dec 9 20:44:34 UTC 2013
commit ba3559c2610c7a394a5f8644ae4bb102ad2409e2
Author: Tom Callaway <spot at fedoraproject.org>
Date: Mon Dec 9 15:44:35 2013 -0500
fix format-security issues
xmbdfed-4.7-format-security.patch | 37 +++++++++++++++++++++++++++++++++++++
xmbdfed.spec | 7 ++++++-
2 files changed, 43 insertions(+), 1 deletions(-)
---
diff --git a/xmbdfed-4.7-format-security.patch b/xmbdfed-4.7-format-security.patch
new file mode 100644
index 0000000..161e967
--- /dev/null
+++ b/xmbdfed-4.7-format-security.patch
@@ -0,0 +1,37 @@
+diff -up xmbdfed-4.7/bdf.c.format-security xmbdfed-4.7/bdf.c
+--- xmbdfed-4.7/bdf.c.format-security 2013-12-09 15:40:40.203739949 -0500
++++ xmbdfed-4.7/bdf.c 2013-12-09 15:42:58.267547079 -0500
+@@ -3058,14 +3058,14 @@ void *data;
+ bpr = ((c->bbx.width * font->bpp) + 7) >> 3;
+ for (j = 0; bpr != 0 && j < c->bytes; j++) {
+ if (j && j % bpr == 0)
+- fprintf(out, eol);
++ fprintf(out, "%s", eol);
+ fprintf(out, "%02X", c->bitmap[j]);
+ }
+ /*
+ * Handle empty bitmaps like this.
+ */
+ if (c->bbx.height > 0)
+- fprintf(out, eol);
++ fprintf(out, "%s", eol);
+ fprintf(out, "ENDCHAR%s", eol);
+
+ /*
+@@ -3130,14 +3130,14 @@ void *data;
+ bpr = ((c->bbx.width * font->bpp) + 7) >> 3;
+ for (j = 0; bpr != 0 && j < c->bytes; j++) {
+ if (j && j % bpr == 0)
+- fprintf(out, eol);
++ fprintf(out, "%s", eol);
+ fprintf(out, "%02X", c->bitmap[j]);
+ }
+ /*
+ * Handle empty bitmaps like this.
+ */
+ if (c->bbx.height > 0)
+- fprintf(out, eol);
++ fprintf(out, "%s", eol);
+ fprintf(out, "ENDCHAR%s", eol);
+
+ /*
diff --git a/xmbdfed.spec b/xmbdfed.spec
index effa7a6..d1db8a9 100644
--- a/xmbdfed.spec
+++ b/xmbdfed.spec
@@ -1,7 +1,7 @@
Name: xmbdfed
Summary: Bitmap Font Editor
Version: 4.7
-Release: 12%{?dist}
+Release: 13%{?dist}
License: MIT
Group: Applications/System
Source0: http://crl.nmsu.edu/~mleisher/%{name}-%{version}.tar.bz2
@@ -11,6 +11,7 @@ Patch0: http://crl.nmsu.edu/~mleisher/%{name}-4.7-patch1
Patch1: xmbdfed-4.7-linux.patch
Patch2: xmbdfed-4.7-staticfix.patch
Patch3: xmbdfed-4.7-getline.patch
+Patch4: xmbdfed-4.7-format-security.patch
URL: http://crl.nmsu.edu/~mleisher/xmbdfed.html
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: freetype-devel, lesstif-devel, libXpm-devel, libXmu-devel
@@ -30,6 +31,7 @@ editing font properties. The editor works natively with BDF fonts.
%patch1 -p1 -b .linux
%patch2 -p1 -b .staticfix
%patch3 -p1 -b .getline
+%patch4 -p1 -b .format-security
%build
make %{?_smp_mflags} CFLAGS="%{optflags}"
@@ -59,6 +61,9 @@ rm -rf %{buildroot}
%{_mandir}/man1/xmbdfed*
%changelog
+* Mon Dec 9 2013 Tom Callaway <spot at fedoraproject.org> - 4.7-13
+- fix format-security issues
+
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.7-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
More information about the scm-commits
mailing list