[sane-backends] - Fixing format-security flaws

Jaromír Cápík jcapik at fedoraproject.org
Mon Apr 14 19:17:13 UTC 2014 

commit a01f91d700213e5294475ef9511ae227a87e69a1
Author: Jaromir Capik <jcapik at redhat.com>
Date:   Mon Apr 14 21:16:39 2014 +0200

    - Fixing format-security flaws

 sane-backends-1.0.24-format-security2.patch |   21 +++++++++++++++++++++
 sane-backends.spec                          |    7 ++++++-
 2 files changed, 27 insertions(+), 1 deletions(-)
---
diff --git a/sane-backends-1.0.24-format-security2.patch b/sane-backends-1.0.24-format-security2.patch
new file mode 100644
index 0000000..0fb859e
--- /dev/null
+++ b/sane-backends-1.0.24-format-security2.patch
@@ -0,0 +1,21 @@
+diff -Naur sane-backends-1.0.24.orig/frontend/scanimage.c sane-backends-1.0.24/frontend/scanimage.c
+--- sane-backends-1.0.24.orig/frontend/scanimage.c	2013-08-25 23:22:58.000000000 +0200
++++ sane-backends-1.0.24/frontend/scanimage.c	2014-04-14 21:04:13.512000000 +0200
+@@ -1894,7 +1894,7 @@
+ 				printf (start, int_arg);
+ 				break;
+ 			      case 0:
+-				printf (start);
++				printf ("%s", start);
+ 				break;
+ 			      }
+ 			    *percent = cc;
+@@ -1908,7 +1908,7 @@
+ 			  }
+ 		      }
+ 		    if (*start)
+-		      printf (start);
++		      printf ("%s", start);
+ 		  }
+ 	      }
+ 	    if (i == 0 && ch != 'f')
diff --git a/sane-backends.spec b/sane-backends.spec
index 6b975a4..b0b9869 100644
--- a/sane-backends.spec
+++ b/sane-backends.spec
@@ -37,7 +37,7 @@
 Summary: Scanner access software
 Name: sane-backends
 Version: 1.0.24
-Release: 8%{?dist}
+Release: 9%{?dist}
 # lib/ is LGPLv2+, backends are GPLv2+ with exceptions
 # Tools are GPLv2+, docs are public domain
 # see LICENSE for details
@@ -77,6 +77,7 @@ Patch6: sane-backends-1.0.24-static-code-check.patch
 Patch7: sane-backends-1.0.24-scsi-permissions.patch
 # Upstream commit 8082a42ec4f3b3cf2cffc30a45dda5fc41d55576
 Patch8: sane-backends-1.0.24-format-security.patch
+Patch9: sane-backends-1.0.24-format-security2.patch
 
 URL: http://www.sane-project.org
 
@@ -193,6 +194,7 @@ This package contains backend drivers to access digital cameras through SANE.
 %patch5 -p1 -b .pixma_bjnp-crash
 %patch6 -p1 -b .static-code-check
 %patch7 -p1 -b .scsi-permissions
+%patch9 -p1 -b .format-security
 
 %build
 CFLAGS="%optflags -fno-strict-aliasing"
@@ -314,6 +316,9 @@ udevadm hwdb --update >/dev/null 2>&1 || :
 %{_libdir}/sane/*gphoto2.so*
 
 %changelog
+* Mon Apr 14 2014 Jaromir Capik <jcapik at redhat.com> - 1.0.24-9
+- Fixing format-security flaws
+
 * Wed Dec 04 2013 Nils Philippsen <nils at redhat.com> - 1.0.24-8
 - use string literals as format strings (#1037316)

More information about the scm-commits mailing list