[tcl-snack] fix format-security issues

Tom Callaway spot at fedoraproject.org
Mon Dec 9 21:28:12 UTC 2013 

commit 683715a907c9a930bc0cd220a4d138f10db9d6cd
Author: Tom Callaway <spot at fedoraproject.org>
Date:   Mon Dec 9 16:28:16 2013 -0500

    fix format-security issues

 snack2.2.10-format-security.patch |   12 ++++++++++++
 tcl-snack.spec                    |    7 ++++++-
 2 files changed, 18 insertions(+), 1 deletions(-)
---
diff --git a/snack2.2.10-format-security.patch b/snack2.2.10-format-security.patch
new file mode 100644
index 0000000..39505b4
--- /dev/null
+++ b/snack2.2.10-format-security.patch
@@ -0,0 +1,12 @@
+diff -up snack2.2.10/generic/jkSoundFile.c.format-security snack2.2.10/generic/jkSoundFile.c
+--- snack2.2.10/generic/jkSoundFile.c.format-security	2013-12-09 16:24:39.287083799 -0500
++++ snack2.2.10/generic/jkSoundFile.c	2013-12-09 16:26:03.693939137 -0500
+@@ -2380,7 +2380,7 @@ PutCslHeader(Sound *s, Tcl_Interp *inter
+   sprintf(&buf[12], "HEDR");
+   PutLELong(buf, 16, 32);
+   Tcl_GlobalEvalObj(s->interp, Tcl_NewStringObj(CSL_DATECOMMAND, -1));
+-  sprintf(&buf[20], Tcl_GetStringResult(s->interp));
++  sprintf(&buf[20], "%s", Tcl_GetStringResult(s->interp));
+   
+   PutLELong(buf, 40, s->samprate);
+   PutLELong(buf, 44, s->length);
diff --git a/tcl-snack.spec b/tcl-snack.spec
index 302d2f9..e54f09f 100644
--- a/tcl-snack.spec
+++ b/tcl-snack.spec
@@ -9,7 +9,7 @@
 
 Name:		tcl-%{realname}
 Version:	2.2.10
-Release:	20%{?dist}
+Release:	21%{?dist}
 Summary:	Sound toolkit
 Group:		System Environment/Libraries
 # generic/snackDecls.h, generic/snackStubInit.c and generic/snackStubLib.c 
@@ -32,6 +32,7 @@ Patch1:		snack2.2.10-extracflags.patch
 Patch2:		snack2.2.10-shared-stubs.patch
 Patch3:		snack2.2.10-newALSA.patch
 Patch4:		tcl-snack-2.2.10-CVE-2012-6303-fix.patch
+Patch5:		snack2.2.10-format-security.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	tcl-devel, tk-devel, libogg-devel, libvorbis-devel
 BuildRequires:	libXft-devel
@@ -79,6 +80,7 @@ Tkinter are also required to use Snack.
 %patch2 -p1 -b .shared-stubs
 %patch3 -p1 -b .newALSA
 %patch4 -p1 -b .CVE20126303
+%patch5 -p1 -b .format-security
 cp %{SOURCE1} .
 chmod -x generic/*.c generic/*.h unix/*.c COPYING README demos/python/*
 iconv -f iso-8859-1 -t utf-8 -o README{.utf8,}
@@ -135,6 +137,9 @@ rm -rf %{buildroot}
 %{python_sitelib}/tkSnack*
 
 %changelog
+* Mon Dec  9 2013 Tom Callaway <spot at fedoraproject.org> - 2.2.10-21
+- fix format-security issues
+
 * Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.2.10-20
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

More information about the scm-commits mailing list