[qhull] - Fixing format-security flaws (#1037293)

Jaromír Cápík jcapik at fedoraproject.org
Mon Apr 14 16:46:59 UTC 2014 

commit 8e03d2bb818953aa285775647415eea4272a092b
Author: Jaromir Capik <jcapik at redhat.com>
Date:   Mon Apr 14 18:46:16 2014 +0200

    - Fixing format-security flaws (#1037293)

 qhull-2003.1-format-security.patch |   12 ++++++++++++
 qhull.spec                         |    7 ++++++-
 2 files changed, 18 insertions(+), 1 deletions(-)
---
diff --git a/qhull-2003.1-format-security.patch b/qhull-2003.1-format-security.patch
new file mode 100644
index 0000000..727b809
--- /dev/null
+++ b/qhull-2003.1-format-security.patch
@@ -0,0 +1,12 @@
+diff -Naur qhull-2003.1.orig/src/io.c qhull-2003.1/src/io.c
+--- qhull-2003.1.orig/src/io.c	2014-04-14 18:38:38.000000000 +0200
++++ qhull-2003.1/src/io.c	2014-04-14 18:42:15.924000000 +0200
+@@ -2166,7 +2166,7 @@
+     qh_memfree (point, qh normal_size);
+   qh_settempfree(&points);
+   qh_settempfree(&vertices);
+-  fprintf(fp, endfmt);
++  fprintf(fp, "%s", endfmt);
+ } /* printfacet3math */
+ 
+ 
diff --git a/qhull.spec b/qhull.spec
index cd61860..d256fe7 100644
--- a/qhull.spec
+++ b/qhull.spec
@@ -1,7 +1,7 @@
 Summary: General dimension convex hull programs
 Name: qhull
 Version: 2003.1
-Release: 22%{?dist}
+Release: 23%{?dist}
 License: Qhull
 Group: System Environment/Libraries
 Source0: http://www.qhull.org/download/qhull-%{version}.tar.gz
@@ -13,6 +13,7 @@ Patch2: qhull-2003.1-pkgconfig.patch
 Patch3: qhull-2003.1-64bit.patch
 # Update config.{guess,sub} for *-aarch64 (RHBZ #926411)
 Patch4: qhull-2003.1-config.patch
+Patch5: qhull-2003.1-format-security.patch
 
 URL: http://www.qhull.org
 
@@ -48,6 +49,7 @@ about a point.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 sed -i -e "s,\"../html/,\"html/,g" src/*.htm
 
 %build
@@ -91,6 +93,9 @@ install -m644 -D qhull.pc ${RPM_BUILD_ROOT}%{_libdir}/pkgconfig/qhull.pc
 
 
 %changelog
+* Mon Apr 14 2014 Jaromir Capik <jcapik at redhat.com> - 2003.1-23
+- Fixing format-security flaws (#1037293)
+
 * Tue Aug 06 2013 Ralf Corsépius <corsepiu at fedoraproject.org> - 2003.1-22
 - Reflect docdir changes (RHBZ #993921).
 - Fix bogus %%changelog date.

More information about the scm-commits mailing list