[freehoo] - Fixing format-security flaws (#1037069)

Jaromír Cápík jcapik at fedoraproject.org
Wed Feb 5 19:46:31 UTC 2014 

commit 4869bc215d0155f04b393f2dde782a131b39f275
Author: Jaromir Capik <jcapik at redhat.com>
Date:   Wed Feb 5 20:46:53 2014 +0100

    - Fixing format-security flaws (#1037069)

 freehoo-format-security.patch |   12 ++++++++++++
 freehoo.spec                  |    9 +++++++--
 2 files changed, 19 insertions(+), 2 deletions(-)
---
diff --git a/freehoo-format-security.patch b/freehoo-format-security.patch
new file mode 100644
index 0000000..03870c8
--- /dev/null
+++ b/freehoo-format-security.patch
@@ -0,0 +1,12 @@
+diff -Naur freehoo-3.5.3.20100314cvs.orig/src/yahoo-backend.c freehoo-3.5.3.20100314cvs/src/yahoo-backend.c
+--- freehoo-3.5.3.20100314cvs.orig/src/yahoo-backend.c	2014-02-05 20:39:01.000000000 +0100
++++ freehoo-3.5.3.20100314cvs/src/yahoo-backend.c	2014-02-05 20:42:37.322000000 +0100
+@@ -1157,7 +1157,7 @@
+         "Yahoo read error: Server closed socket");
+ 
+     if(buff[0])
+-      print_message((buff));
++      print_message(("%s",buff));
+   }
+ }
+ 
diff --git a/freehoo.spec b/freehoo.spec
index 19b3822..c217970 100644
--- a/freehoo.spec
+++ b/freehoo.spec
@@ -2,7 +2,7 @@
 
 Name:             freehoo
 Version:          3.5.3
-Release:          15.%{cvs_version}%{?dist}
+Release:          16.%{cvs_version}%{?dist}
 Summary:          Freehoo is a free console based messenger for Yahoo IM Service
 Group:            Applications/Internet
 License:          GPLv2+
@@ -12,6 +12,7 @@ Patch0:           freehoo-libyahoo2-1.0.0.patch
 Patch1:           freehoo-guile2.patch
 Patch2:           freehoo-guile2-scm.patch
 Patch3:           freehoo-texi-subsections-in-multitable.patch
+Patch4:           freehoo-format-security.patch
 
 Requires:         libyahoo2 >= 0.7.7-2.20100314svn words openssl
 Requires(post):   info
@@ -35,9 +36,10 @@ unfeasible.
 %patch1 -p1 -b .guile2
 %patch2 -p1 -b .guile2-scm
 %patch3 -p1 -b .subsec-multitable
+%patch4 -p1
 
 %build
-%configure 
+%configure
 
 %{__make} %{?_smp_mflags}
 
@@ -72,6 +74,9 @@ fi
 %{_mandir}/man?/*
 
 %changelog
+* Wed Feb 05 2014 Jaromir Capik <jcapik at redhat.com> - 3.5.3-16.20100314cvs
+- Fixing format-security flaws (#1037069)
+
 * Wed Sep 04 2013 jcapik at redhat.com - 3.5.3-15.20100314cvs
 - Removing docdir config (#993759)

More information about the scm-commits mailing list