[xmbdfed] fix format-security issues

[Tom Callaway]

commit ba3559c2610c7a394a5f8644ae4bb102ad2409e2
Author: Tom Callaway <spot at fedoraproject.org>
Date:   Mon Dec 9 15:44:35 2013 -0500

    fix format-security issues

 xmbdfed-4.7-format-security.patch |   37 +++++++++++++++++++++++++++++++++++++
 xmbdfed.spec                      |    7 ++++++-
 2 files changed, 43 insertions(+), 1 deletions(-)
---
diff --git a/xmbdfed-4.7-format-security.patch b/xmbdfed-4.7-format-security.patch
new file mode 100644
index 0000000..161e967
--- /dev/null
+++ b/xmbdfed-4.7-format-security.patch
@@ -0,0 +1,37 @@
+diff -up xmbdfed-4.7/bdf.c.format-security xmbdfed-4.7/bdf.c
+--- xmbdfed-4.7/bdf.c.format-security	2013-12-09 15:40:40.203739949 -0500
++++ xmbdfed-4.7/bdf.c	2013-12-09 15:42:58.267547079 -0500
+@@ -3058,14 +3058,14 @@ void *data;
+         bpr = ((c->bbx.width * font->bpp) + 7) >> 3;
+         for (j = 0; bpr != 0 && j < c->bytes; j++) {
+             if (j && j % bpr == 0)
+-              fprintf(out, eol);
++              fprintf(out, "%s", eol);
+             fprintf(out, "%02X", c->bitmap[j]);
+         }
+         /*
+          * Handle empty bitmaps like this.
+          */
+         if (c->bbx.height > 0)
+-          fprintf(out, eol);
++          fprintf(out, "%s", eol);
+         fprintf(out, "ENDCHAR%s", eol);
+ 
+         /*
+@@ -3130,14 +3130,14 @@ void *data;
+         bpr = ((c->bbx.width * font->bpp) + 7) >> 3;
+         for (j = 0; bpr != 0 && j < c->bytes; j++) {
+             if (j && j % bpr == 0)
+-              fprintf(out, eol);
++              fprintf(out, "%s", eol);
+             fprintf(out, "%02X", c->bitmap[j]);
+         }
+         /*
+          * Handle empty bitmaps like this.
+          */
+         if (c->bbx.height > 0)
+-          fprintf(out, eol);
++          fprintf(out, "%s", eol);
+         fprintf(out, "ENDCHAR%s", eol);
+ 
+         /*
diff --git a/xmbdfed.spec b/xmbdfed.spec
index effa7a6..d1db8a9 100644
--- a/xmbdfed.spec
+++ b/xmbdfed.spec
@@ -1,7 +1,7 @@
 Name:		xmbdfed
 Summary: 	Bitmap Font Editor
 Version:	4.7
-Release:	12%{?dist}
+Release:	13%{?dist}
 License:	MIT
 Group:		Applications/System
 Source0:	http://crl.nmsu.edu/~mleisher/%{name}-%{version}.tar.bz2
@@ -11,6 +11,7 @@ Patch0:		http://crl.nmsu.edu/~mleisher/%{name}-4.7-patch1
 Patch1:		xmbdfed-4.7-linux.patch
 Patch2:		xmbdfed-4.7-staticfix.patch
 Patch3:		xmbdfed-4.7-getline.patch
+Patch4:		xmbdfed-4.7-format-security.patch
 URL:		http://crl.nmsu.edu/~mleisher/xmbdfed.html
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	freetype-devel, lesstif-devel, libXpm-devel, libXmu-devel
@@ -30,6 +31,7 @@ editing font properties. The editor works natively with BDF fonts.
 %patch1 -p1 -b .linux
 %patch2 -p1 -b .staticfix
 %patch3 -p1 -b .getline
+%patch4 -p1 -b .format-security
 
 %build
 make %{?_smp_mflags} CFLAGS="%{optflags}"
@@ -59,6 +61,9 @@ rm -rf %{buildroot}
 %{_mandir}/man1/xmbdfed*
 
 %changelog
+* Mon Dec  9 2013 Tom Callaway <spot at fedoraproject.org> - 4.7-13
+- fix format-security issues
+
 * Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.7-12
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild