[pmars] Fix format-security FTBFS.
Jon Ciesla
limb at fedoraproject.org
Mon Feb 10 18:35:10 UTC 2014
commit ca41184f6b720c62ae1666dc387aa61a3ab1933e
Author: Jon Ciesla <limburgher at gmail.com>
Date: Mon Feb 10 12:33:28 2014 -0600
Fix format-security FTBFS.
pmars-sfprintf-format.patch | 76 +++++++++++++++++++++++++++++++++++++++++++
pmars.spec | 7 +++-
2 files changed, 82 insertions(+), 1 deletions(-)
---
diff --git a/pmars-sfprintf-format.patch b/pmars-sfprintf-format.patch
new file mode 100644
index 0000000..93d10c9
--- /dev/null
+++ b/pmars-sfprintf-format.patch
@@ -0,0 +1,76 @@
+--- src/asm.c~ 2000-12-24 18:49:07.000000000 -0600
++++ src/asm.c 2014-02-10 12:10:04.739013581 -0600
+@@ -652,7 +652,7 @@
+ macputs(str);
+ #else
+ if (!inCdb)
+- fprintf(stderr, str);
++ fprintf(stderr, "%s", str);
+ #if defined DOSALLGRAPHX
+ else {
+ if (displayMode == TEXT)
+@@ -823,7 +823,7 @@
+ #ifdef __MAC__
+ textout(notEnoughMemErr);
+ #else
+- fprintf(stderr, notEnoughMemErr);
++ fprintf(stderr, "%s", notEnoughMemErr);
+ #endif
+ Exit(MEMERR);
+ break;
+@@ -906,7 +906,7 @@
+ }
+
+ if (ierr >= ERRMAX) {
+- sprintf(outs, tooManyMsgErr);
++ sprintf(outs, "%s", tooManyMsgErr);
+ #ifndef VMS
+ textout(outs);
+ #else
+--- src/cdb.c~ 2000-12-24 18:49:07.000000000 -0600
++++ src/cdb.c 2014-02-10 12:18:37.335027697 -0600
+@@ -2582,7 +2582,7 @@
+ fprintf(outp, nameByAuthorScores, warrior[idxV[i]].name, warrior[idxV[i]].authorName,
+ scrV[idxV[i]]);
+ if (warriors > 2) {
+- fprintf(outp, resultsAre);
++ fprintf(outp, "%s", resultsAre);
+ for (j = 0; j < warriors; ++j) {
+ fprintf(outp, " %d", warrior[idxV[i]].score[j]);
+ }
+--- src/xwindisp.c~ 2000-09-28 06:03:56.000000000 -0500
++++ src/xwindisp.c 2014-02-10 12:23:36.490035935 -0600
+@@ -253,7 +253,7 @@
+ my_err(s)
+ char *s;
+ {
+- fprintf(stderr, s);
++ fprintf(stderr, "%s", s);
+ Exit(1);
+ }
+
+--- src/clparse.c~ 2000-12-24 18:49:08.000000000 -0600
++++ src/clparse.c 2014-02-10 12:28:14.270043584 -0600
+@@ -289,7 +289,7 @@
+ if (next_input(filep, inputs)) {
+ if (!strcmp(inputs, "-")) {
+ newFile = stdin;
+- fprintf(stderr, readingStdin);
++ fprintf(stderr, "%s", readingStdin);
+ } else {
+ if ((newFile = fopen(inputs, "r")) == NULL) {
+ code = FILENAME; /* command file not found */
+@@ -430,11 +430,11 @@
+ errout(outs);
+ break;
+ case MEMORY:
+- sprintf(outs, outOfMemory);
++ sprintf(outs, "%s", outOfMemory);
+ errout(outs);
+ break;
+ case FILENAME:
+- sprintf(outs, cannotOpenParameterFile);
++ sprintf(outs, "%s", cannotOpenParameterFile);
+ errout(outs);
+ break;
+ }
diff --git a/pmars.spec b/pmars.spec
index 5f90900..a9fa8a3 100644
--- a/pmars.spec
+++ b/pmars.spec
@@ -1,6 +1,6 @@
Name: pmars
Version: 0.9.2
-Release: 9%{?dist}
+Release: 10%{?dist}
Summary: Portable corewar system with ICWS'94 extensions
Group: Amusements/Games
@@ -11,6 +11,7 @@ Source0: http://downloads.sourceforge.net/corewar/%{name}-%{version}.tar.
Patch0: pmars-0.9.2-nostrip.patch
#Show compiler commands
Patch1: pmars-0.9.2-CCat.patch
+Patch2: pmars-sfprintf-format.patch
BuildRequires: libX11-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: xorg-x11-fonts-75dpi
@@ -33,6 +34,7 @@ pMARS is a Memory Array Redcode Simulator (MARS) for corewar.
%setup -q
%patch0 -p0 -b .nostrip
%patch1 -p0 -b .CCat
+%patch2 -p0 -b .printf
# Make temporary doc dir
mkdir doc_install
@@ -61,6 +63,9 @@ rm -rf %{buildroot}
%{_mandir}/man6/pmars.6.*
%changelog
+* Mon Feb 10 2014 Jon Ciesla <limburgher at gmail.com> - 0.9.2-10
+- Fix format-security FTBFS, BZ 1037252.
+
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.2-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
More information about the scm-commits
mailing list