[qstat] fix format-security issues

Tom Callaway spot at fedoraproject.org
Thu Dec 12 20:10:57 UTC 2013 

commit 859607648fb304fdbe359032dc5111b7dd2ef612
Author: Tom Callaway <spot at fedoraproject.org>
Date:   Thu Dec 12 15:11:03 2013 -0500

    fix format-security issues

 qstat-2.11-format-security.patch |   21 +++++++++++++++++++++
 qstat.spec                       |    7 ++++++-
 2 files changed, 27 insertions(+), 1 deletions(-)
---
diff --git a/qstat-2.11-format-security.patch b/qstat-2.11-format-security.patch
new file mode 100644
index 0000000..e4aaf7a
--- /dev/null
+++ b/qstat-2.11-format-security.patch
@@ -0,0 +1,21 @@
+diff -up qstat-2.11/ottd.c.format-security qstat-2.11/ottd.c
+--- qstat-2.11/ottd.c.format-security	2013-12-12 15:08:58.822971418 -0500
++++ qstat-2.11/ottd.c	2013-12-12 15:09:12.204953126 -0500
+@@ -88,7 +88,7 @@ int deal_with_ottdmaster_packet(struct q
+ 
+ 	if(!ok)
+ 	{
+-		malformed_packet(server, reason);
++		malformed_packet(server, "%s", reason);
+ 		return DONE_FORCE;
+ 	}
+ 
+@@ -332,7 +332,7 @@ int deal_with_ottd_packet(struct qserver
+ out:
+ 	if(reason)
+ 	{
+-		malformed_packet(server, reason);
++		malformed_packet(server, "%s", reason);
+ 	}
+ 
+ 	server->retry1 = n_retries; // we're done with this packet, reset retry counter
diff --git a/qstat.spec b/qstat.spec
index 27a312c..9b3d1cb 100644
--- a/qstat.spec
+++ b/qstat.spec
@@ -1,13 +1,14 @@
 Summary: Real-time Game Server Status for FPS game servers
 Name: qstat
 Version: 2.11
-Release: 14.20080912svn311%{?dist}
+Release: 15.20080912svn311%{?dist}
 License: Artistic 2.0
 Group: Amusements/Games
 URL: http://sourceforge.net/projects/qstat/
 Source: http://downloads.sourceforge.net/qstat/qstat-%{version}.tar.gz
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Patch0: qstat-2.11-20080912svn311.patch
+Patch1:	qstat-2.11-format-security.patch
 
 %description
 QStat is a command-line program that gathers real-time statistics
@@ -17,6 +18,7 @@ person shooter variety (Quake, Half-Life, etc)
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1 -b .format-security
 
 %build
 %configure
@@ -44,6 +46,9 @@ rm -rf %{buildroot}
 %{_bindir}/quakestat
 
 %changelog
+* Thu Dec 12 2013 Tom Callaway <spot at fedoraproject.org> - 2.11-15.20080912svn311
+- apply fixes for format-security issues
+
 * Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.11-14.20080912svn311
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

More information about the scm-commits mailing list