[lzma-sdk] Fix format-security FTBFS.
Jon Ciesla
limb at fedoraproject.org
Mon Feb 10 16:18:51 UTC 2014
commit aea34279daa280901724a8dfb4d76ab7e49f7e9c
Author: Jon Ciesla <limburgher at gmail.com>
Date: Mon Feb 10 10:17:10 2014 -0600
Fix format-security FTBFS.
lzma-sdk-fprintf-format.patch | 50 +++++++++++++++++++++++++++++++++++++++++
lzma-sdk.spec | 7 +++++-
2 files changed, 56 insertions(+), 1 deletions(-)
---
diff --git a/lzma-sdk-fprintf-format.patch b/lzma-sdk-fprintf-format.patch
new file mode 100644
index 0000000..20f782e
--- /dev/null
+++ b/lzma-sdk-fprintf-format.patch
@@ -0,0 +1,50 @@
+--- CPP/7zip/Compress/LZMA_Alone/LzmaAlone.cpp~ 2008-12-23 03:35:45.000000000 -0600
++++ CPP/7zip/Compress/LZMA_Alone/LzmaAlone.cpp 2014-02-10 10:00:32.636799560 -0600
+@@ -464,7 +464,7 @@
+ Byte b = Byte(fileSize >> (8 * i));
+ if (outStream->Write(&b, 1, 0) != S_OK)
+ {
+- fprintf(stderr, kWriteError);
++ fprintf(stderr, "%s", kWriteError);
+ return 1;
+ }
+ }
+--- CPP/7zip/Compress/LZMA_Alone/LzmaAlone.cpp~ 2014-02-10 10:03:46.000000000 -0600
++++ CPP/7zip/Compress/LZMA_Alone/LzmaAlone.cpp 2014-02-10 10:07:01.128810258 -0600
+@@ -489,7 +489,7 @@
+ Byte header[kPropertiesSize + 8];
+ if (ReadStream_FALSE(inStream, header, kPropertiesSize + 8) != S_OK)
+ {
+- fprintf(stderr, kReadError);
++ fprintf(stderr, "%s", kReadError);
+ return 1;
+ }
+ if (decoderSpec->SetDecoderProperties2(header, kPropertiesSize) != S_OK)
+--- CPP/7zip/Compress/LZMA_Alone/LzmaBenchCon.cpp~ 2008-08-06 06:21:51.000000000 -0500
++++ CPP/7zip/Compress/LZMA_Alone/LzmaBenchCon.cpp 2014-02-10 10:10:22.475815803 -0600
+@@ -142,7 +142,7 @@
+ if (final)
+ {
+ UInt64 rating = GetDecompressRating(info.GlobalTime, info.GlobalFreq, info.UnpackSize, info.PackSize, info.NumIterations);
+- fprintf(f, kSep);
++ fprintf(f, "%s", kSep);
+ CBenchInfo info2 = info;
+ info2.UnpackSize *= info2.NumIterations;
+ info2.PackSize *= info2.NumIterations;
+@@ -201,14 +201,14 @@
+ {
+ fprintf(f, " Speed Usage R/U Rating");
+ if (j == 0)
+- fprintf(f, kSep);
++ fprintf(f, "%s", kSep);
+ }
+ fprintf(f, "\n ");
+ for (j = 0; j < 2; j++)
+ {
+ fprintf(f, " KB/s %% MIPS MIPS");
+ if (j == 0)
+- fprintf(f, kSep);
++ fprintf(f, "%s", kSep);
+ }
+ fprintf(f, "\n\n");
+ for (UInt32 i = 0; i < numIterations; i++)
diff --git a/lzma-sdk.spec b/lzma-sdk.spec
index 6e81ae9..c407d9f 100644
--- a/lzma-sdk.spec
+++ b/lzma-sdk.spec
@@ -1,6 +1,6 @@
Name: lzma-sdk
Version: 4.6.5
-Release: 10%{?dist}
+Release: 11%{?dist}
Summary: SDK for lzma compression
Group: Applications/Archiving
@@ -9,6 +9,7 @@ URL: http://sourceforge.net/projects/sevenzip/
Source0: http://downloads.sourceforge.net/sevenzip/lzma465.tar.bz2
Source1: lzma-sdk-LICENSE.fedora
Patch0: lzma-sdk-4.6.5-sharedlib.patch
+Patch1: lzma-sdk-fprintf-format.patch
%description
LZMA SDK provides the documentation, samples, header files, libraries,
@@ -33,6 +34,7 @@ Development libraries and headers for %{name}.
%prep
%setup -q -c -n lzma465
%patch0 -p1 -b .shared
+%patch1 -p0 -b .fprintf
rm lzma.exe
for f in .h .c .cpp .dsw .dsp .java .cs .txt makefile; do
@@ -97,6 +99,9 @@ find -iname '*.h' | xargs -I {} install -m0644 -D {} %{buildroot}/%{_includedir}
%{_libdir}/liblzmasdk.so
%changelog
+* Mon Feb 10 2014 Jon Ciesla <limburgher at gmail.com> - 4.6.5-11
+- Fix format-security FTBFS, BZ 1037188.
+
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.6.5-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
More information about the scm-commits
mailing list