[qstat] fix format-security issues
Tom Callaway
spot at fedoraproject.org
Thu Dec 12 20:10:57 UTC 2013
commit 859607648fb304fdbe359032dc5111b7dd2ef612
Author: Tom Callaway <spot at fedoraproject.org>
Date: Thu Dec 12 15:11:03 2013 -0500
fix format-security issues
qstat-2.11-format-security.patch | 21 +++++++++++++++++++++
qstat.spec | 7 ++++++-
2 files changed, 27 insertions(+), 1 deletions(-)
---
diff --git a/qstat-2.11-format-security.patch b/qstat-2.11-format-security.patch
new file mode 100644
index 0000000..e4aaf7a
--- /dev/null
+++ b/qstat-2.11-format-security.patch
@@ -0,0 +1,21 @@
+diff -up qstat-2.11/ottd.c.format-security qstat-2.11/ottd.c
+--- qstat-2.11/ottd.c.format-security 2013-12-12 15:08:58.822971418 -0500
++++ qstat-2.11/ottd.c 2013-12-12 15:09:12.204953126 -0500
+@@ -88,7 +88,7 @@ int deal_with_ottdmaster_packet(struct q
+
+ if(!ok)
+ {
+- malformed_packet(server, reason);
++ malformed_packet(server, "%s", reason);
+ return DONE_FORCE;
+ }
+
+@@ -332,7 +332,7 @@ int deal_with_ottd_packet(struct qserver
+ out:
+ if(reason)
+ {
+- malformed_packet(server, reason);
++ malformed_packet(server, "%s", reason);
+ }
+
+ server->retry1 = n_retries; // we're done with this packet, reset retry counter
diff --git a/qstat.spec b/qstat.spec
index 27a312c..9b3d1cb 100644
--- a/qstat.spec
+++ b/qstat.spec
@@ -1,13 +1,14 @@
Summary: Real-time Game Server Status for FPS game servers
Name: qstat
Version: 2.11
-Release: 14.20080912svn311%{?dist}
+Release: 15.20080912svn311%{?dist}
License: Artistic 2.0
Group: Amusements/Games
URL: http://sourceforge.net/projects/qstat/
Source: http://downloads.sourceforge.net/qstat/qstat-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Patch0: qstat-2.11-20080912svn311.patch
+Patch1: qstat-2.11-format-security.patch
%description
QStat is a command-line program that gathers real-time statistics
@@ -17,6 +18,7 @@ person shooter variety (Quake, Half-Life, etc)
%prep
%setup -q
%patch0 -p1
+%patch1 -p1 -b .format-security
%build
%configure
@@ -44,6 +46,9 @@ rm -rf %{buildroot}
%{_bindir}/quakestat
%changelog
+* Thu Dec 12 2013 Tom Callaway <spot at fedoraproject.org> - 2.11-15.20080912svn311
+- apply fixes for format-security issues
+
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.11-14.20080912svn311
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
More information about the scm-commits
mailing list