[jack-keyboard] format-security patch

Brendan Jones bsjones at fedoraproject.org
Thu Dec 12 06:04:34 UTC 2013 

commit a470666f9dda551418554efdb5562c564dbd4f72
Author: Brendan Jones <brendan.jones.it at gmail.com>
Date:   Thu Dec 12 06:58:32 2013 +0100

    format-security patch

 jack-keyboard-2.7.1-format-security.patch |   21 +++++++++++++++++++++
 jack-keyboard.spec                        |    7 ++++++-
 2 files changed, 27 insertions(+), 1 deletions(-)
---
diff --git a/jack-keyboard-2.7.1-format-security.patch b/jack-keyboard-2.7.1-format-security.patch
new file mode 100644
index 0000000..df115c1
--- /dev/null
+++ b/jack-keyboard-2.7.1-format-security.patch
@@ -0,0 +1,21 @@
+diff -Nurp jack-keyboard-2.7.1.a/src/jack-keyboard.c jack-keyboard-2.7.1.b/src/jack-keyboard.c
+--- jack-keyboard-2.7.1.a/src/jack-keyboard.c	2012-04-24 16:59:42.000000000 +0200
++++ jack-keyboard-2.7.1.b/src/jack-keyboard.c	2013-12-12 06:52:18.918176625 +0100
+@@ -256,7 +256,7 @@ warning_async(gpointer s)
+ {
+ 	const char *str = (const char *)s;
+ 
+-	g_warning(str);
++	g_warning("%s",str);
+ 
+ 	return (FALSE);
+ }
+@@ -1678,7 +1678,7 @@ log_handler(const gchar *log_domain, GLo
+ 
+ 	if ((log_level | G_LOG_LEVEL_CRITICAL) == G_LOG_LEVEL_CRITICAL) {
+ 		dialog = gtk_message_dialog_new(GTK_WINDOW(window), GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR,
+-			GTK_BUTTONS_CLOSE, message);
++			GTK_BUTTONS_CLOSE, "%s",message);
+ 
+ 		gtk_dialog_run(GTK_DIALOG(dialog));
+ 
diff --git a/jack-keyboard.spec b/jack-keyboard.spec
index e9bb68b..b09c14e 100644
--- a/jack-keyboard.spec
+++ b/jack-keyboard.spec
@@ -1,6 +1,6 @@
 Name:		jack-keyboard
 Version:	2.7.1
-Release:	4%{?dist}
+Release:	5%{?dist}
 Summary:	Virtual keyboard for JACK MIDI
 Group:		Applications/Multimedia
 License:	BSD
@@ -10,6 +10,7 @@ Source0:	http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 Source1:	%{name}.png
 # Upstreamable patch. Fix DSO linking
 Patch0: 	%{name}-dso-linking.patch
+Patch1:     jack-keyboard-2.7.1-format-security.patch
 
 BuildRequires:	cmake
 BuildRequires:	desktop-file-utils
@@ -27,6 +28,7 @@ so you have two and half octaves under your fingers.
 %prep
 %setup -q
 %patch0 -p1 -b .dso.linking
+%patch1 -p1 -b .format.security
 
 # Add GenericName to the desktop file
 echo "GenericName=Virtual MIDI Keyboard" >> src/%{name}.desktop
@@ -78,6 +80,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 
 
 %changelog
+* Thu Dec 12 2013 Brendan Jones <brendan.jones.it at gmail.com> 2.7.1-5
+- format-security patch
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.7.1-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

More information about the scm-commits mailing list