[tcl-snack] fix format-security issues
Tom Callaway
spot at fedoraproject.org
Mon Dec 9 21:28:12 UTC 2013
commit 683715a907c9a930bc0cd220a4d138f10db9d6cd
Author: Tom Callaway <spot at fedoraproject.org>
Date: Mon Dec 9 16:28:16 2013 -0500
fix format-security issues
snack2.2.10-format-security.patch | 12 ++++++++++++
tcl-snack.spec | 7 ++++++-
2 files changed, 18 insertions(+), 1 deletions(-)
---
diff --git a/snack2.2.10-format-security.patch b/snack2.2.10-format-security.patch
new file mode 100644
index 0000000..39505b4
--- /dev/null
+++ b/snack2.2.10-format-security.patch
@@ -0,0 +1,12 @@
+diff -up snack2.2.10/generic/jkSoundFile.c.format-security snack2.2.10/generic/jkSoundFile.c
+--- snack2.2.10/generic/jkSoundFile.c.format-security 2013-12-09 16:24:39.287083799 -0500
++++ snack2.2.10/generic/jkSoundFile.c 2013-12-09 16:26:03.693939137 -0500
+@@ -2380,7 +2380,7 @@ PutCslHeader(Sound *s, Tcl_Interp *inter
+ sprintf(&buf[12], "HEDR");
+ PutLELong(buf, 16, 32);
+ Tcl_GlobalEvalObj(s->interp, Tcl_NewStringObj(CSL_DATECOMMAND, -1));
+- sprintf(&buf[20], Tcl_GetStringResult(s->interp));
++ sprintf(&buf[20], "%s", Tcl_GetStringResult(s->interp));
+
+ PutLELong(buf, 40, s->samprate);
+ PutLELong(buf, 44, s->length);
diff --git a/tcl-snack.spec b/tcl-snack.spec
index 302d2f9..e54f09f 100644
--- a/tcl-snack.spec
+++ b/tcl-snack.spec
@@ -9,7 +9,7 @@
Name: tcl-%{realname}
Version: 2.2.10
-Release: 20%{?dist}
+Release: 21%{?dist}
Summary: Sound toolkit
Group: System Environment/Libraries
# generic/snackDecls.h, generic/snackStubInit.c and generic/snackStubLib.c
@@ -32,6 +32,7 @@ Patch1: snack2.2.10-extracflags.patch
Patch2: snack2.2.10-shared-stubs.patch
Patch3: snack2.2.10-newALSA.patch
Patch4: tcl-snack-2.2.10-CVE-2012-6303-fix.patch
+Patch5: snack2.2.10-format-security.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: tcl-devel, tk-devel, libogg-devel, libvorbis-devel
BuildRequires: libXft-devel
@@ -79,6 +80,7 @@ Tkinter are also required to use Snack.
%patch2 -p1 -b .shared-stubs
%patch3 -p1 -b .newALSA
%patch4 -p1 -b .CVE20126303
+%patch5 -p1 -b .format-security
cp %{SOURCE1} .
chmod -x generic/*.c generic/*.h unix/*.c COPYING README demos/python/*
iconv -f iso-8859-1 -t utf-8 -o README{.utf8,}
@@ -135,6 +137,9 @@ rm -rf %{buildroot}
%{python_sitelib}/tkSnack*
%changelog
+* Mon Dec 9 2013 Tom Callaway <spot at fedoraproject.org> - 2.2.10-21
+- fix format-security issues
+
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.2.10-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
More information about the scm-commits
mailing list