[xfig] Use fprintf in safe manner

Michal Srb msrb at fedoraproject.org
Mon Jan 6 12:31:18 UTC 2014 

commit 358a07033378aa78b4ce8ee94b5e7ba95c0c738c
Author: Michal Srb <msrb at redhat.com>
Date:   Mon Jan 6 13:02:28 2014 +0100

    Use fprintf in safe manner
    
    Needed due to -Werror=format-security

 38_formatstring.patch |   14 ++++++++++++++
 xfig.spec             |   11 ++++++++---
 2 files changed, 22 insertions(+), 3 deletions(-)
---
diff --git a/38_formatstring.patch b/38_formatstring.patch
new file mode 100644
index 0000000..985caa3
--- /dev/null
+++ b/38_formatstring.patch
@@ -0,0 +1,14 @@
+From: Roland Rosenfeld <roland at debian.org>
+Subject: Fix format string error with hardening.
+
+--- a/w_msgpanel.c
++++ b/w_msgpanel.c
+@@ -588,7 +588,7 @@
+ 
+     strcat(tmpstr,"\n");
+     if (update_figs) {
+-	fprintf(stderr,tmpstr);
++       fprintf(stderr, "%s", tmpstr);
+     } else {
+ 	/* append this message to the file message widget string */
+ 	block.firstPos = 0;
diff --git a/xfig.spec b/xfig.spec
index 74df78e..8a73879 100644
--- a/xfig.spec
+++ b/xfig.spec
@@ -3,7 +3,7 @@
 Summary: An X Window System tool for drawing basic vector graphics
 Name: xfig
 Version: 3.2.5
-Release: 39.c%{?dist}
+Release: 40.c%{?dist}
 License: MIT
 Group: Applications/Multimedia
 URL: http://www.xfig.org/
@@ -20,8 +20,9 @@ Patch4: 31_spelling.patch
 Patch5: 33_pdfimport_mediabox.patch
 # xfig_man.html is not in 3.2.5c tarball from some reason,
 # but makefile still tries to install it
-Patch6: 39_add_xfig_man_html.patch
-Patch7: 40_fix_dash_list_for_different_styles.patch
+Patch6: 38_formatstring.patch
+Patch7: 39_add_xfig_man_html.patch
+Patch8: 40_fix_dash_list_for_different_styles.patch
 
 BuildRequires: libjpeg-devel
 BuildRequires: libpng-devel
@@ -94,6 +95,7 @@ Files common to both the plain Xaw and the Xaw3d version of xfig.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
 
 iconv -f ISO-8859-1 -t UTF8 CHANGES > tmp; touch -r CHANGES tmp; mv tmp CHANGES
 rm Doc/html/images/sav1a0.tmp
@@ -176,6 +178,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 
 
 %changelog
+* Mon Jan 06 2014 Michal Srb <msrb at redhat.com> - 3.2.5-40.c
+- Use fprintf in safe manner
+
 * Fri Jan 03 2014 David Kaufmann <astra AT ionic DOT at> - 3.2.5-39.c
 - Version bump to 3.2.5-39c

More information about the scm-commits mailing list