[freehoo] - Fixing format-security flaws (#1037069)
Jaromír Cápík
jcapik at fedoraproject.org
Wed Feb 5 19:46:31 UTC 2014
commit 4869bc215d0155f04b393f2dde782a131b39f275
Author: Jaromir Capik <jcapik at redhat.com>
Date: Wed Feb 5 20:46:53 2014 +0100
- Fixing format-security flaws (#1037069)
freehoo-format-security.patch | 12 ++++++++++++
freehoo.spec | 9 +++++++--
2 files changed, 19 insertions(+), 2 deletions(-)
---
diff --git a/freehoo-format-security.patch b/freehoo-format-security.patch
new file mode 100644
index 0000000..03870c8
--- /dev/null
+++ b/freehoo-format-security.patch
@@ -0,0 +1,12 @@
+diff -Naur freehoo-3.5.3.20100314cvs.orig/src/yahoo-backend.c freehoo-3.5.3.20100314cvs/src/yahoo-backend.c
+--- freehoo-3.5.3.20100314cvs.orig/src/yahoo-backend.c 2014-02-05 20:39:01.000000000 +0100
++++ freehoo-3.5.3.20100314cvs/src/yahoo-backend.c 2014-02-05 20:42:37.322000000 +0100
+@@ -1157,7 +1157,7 @@
+ "Yahoo read error: Server closed socket");
+
+ if(buff[0])
+- print_message((buff));
++ print_message(("%s",buff));
+ }
+ }
+
diff --git a/freehoo.spec b/freehoo.spec
index 19b3822..c217970 100644
--- a/freehoo.spec
+++ b/freehoo.spec
@@ -2,7 +2,7 @@
Name: freehoo
Version: 3.5.3
-Release: 15.%{cvs_version}%{?dist}
+Release: 16.%{cvs_version}%{?dist}
Summary: Freehoo is a free console based messenger for Yahoo IM Service
Group: Applications/Internet
License: GPLv2+
@@ -12,6 +12,7 @@ Patch0: freehoo-libyahoo2-1.0.0.patch
Patch1: freehoo-guile2.patch
Patch2: freehoo-guile2-scm.patch
Patch3: freehoo-texi-subsections-in-multitable.patch
+Patch4: freehoo-format-security.patch
Requires: libyahoo2 >= 0.7.7-2.20100314svn words openssl
Requires(post): info
@@ -35,9 +36,10 @@ unfeasible.
%patch1 -p1 -b .guile2
%patch2 -p1 -b .guile2-scm
%patch3 -p1 -b .subsec-multitable
+%patch4 -p1
%build
-%configure
+%configure
%{__make} %{?_smp_mflags}
@@ -72,6 +74,9 @@ fi
%{_mandir}/man?/*
%changelog
+* Wed Feb 05 2014 Jaromir Capik <jcapik at redhat.com> - 3.5.3-16.20100314cvs
+- Fixing format-security flaws (#1037069)
+
* Wed Sep 04 2013 jcapik at redhat.com - 3.5.3-15.20100314cvs
- Removing docdir config (#993759)
More information about the scm-commits
mailing list