[libXaw] - Fixing format-security flaws (#1037174)

Jaromír Cápík jcapik at fedoraproject.org
Wed Apr 16 16:13:25 UTC 2014 

commit 00ac05ae68926c05c1c05419175317798eac25a0
Author: Jaromir Capik <jcapik at redhat.com>
Date:   Wed Apr 16 18:12:10 2014 +0200

    - Fixing format-security flaws (#1037174)

 libXaw-1.0.12-format-security.patch |   12 ++++++++++++
 libXaw.spec                         |    9 ++++++++-
 2 files changed, 20 insertions(+), 1 deletions(-)
---
diff --git a/libXaw-1.0.12-format-security.patch b/libXaw-1.0.12-format-security.patch
new file mode 100644
index 0000000..510fe3b
--- /dev/null
+++ b/libXaw-1.0.12-format-security.patch
@@ -0,0 +1,12 @@
+diff -Naur libXaw-1.0.12.orig/src/DisplayList.c libXaw-1.0.12/src/DisplayList.c
+--- libXaw-1.0.12.orig/src/DisplayList.c	2013-09-08 05:57:54.000000000 +0200
++++ libXaw-1.0.12/src/DisplayList.c	2014-04-16 18:08:03.440000000 +0200
+@@ -287,7 +287,7 @@
+ 	}
+       if (fp)
+ 	{
+-	  snprintf(cname, fp - fname + 1, fname);
++	  snprintf(cname, fp - fname + 1, "%s", fname);
+ 	  memmove(fname, fp + 1, strlen(fp));
+ 	  lc = cname[0] ? XawGetDisplayListClass(cname) : xlibc;
+ 	  if (!lc)
diff --git a/libXaw.spec b/libXaw.spec
index 13973f1..76c3b0e 100644
--- a/libXaw.spec
+++ b/libXaw.spec
@@ -3,13 +3,15 @@
 Summary: X Athena Widget Set
 Name: libXaw
 Version: 1.0.12
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: MIT
 URL: http://www.x.org
 Group: System Environment/Libraries
 
 Source0: ftp://ftp.x.org/pub/individual/lib/%{name}-%{version}.tar.bz2
 
+Patch0: libXaw-1.0.12-format-security.patch
+
 BuildRequires: autoconf automake libtool
 BuildRequires: pkgconfig(xproto) pkgconfig(x11) pkgconfig(xt)
 BuildRequires: pkgconfig(xmu) pkgconfig(xpm) pkgconfig(xext)
@@ -31,6 +33,8 @@ X.Org X11 libXaw development package
 %prep
 %setup -q
 
+%patch0 -p1
+
 %build
 autoreconf -v --install --force
 export CFLAGS="$RPM_OPT_FLAGS -Os"
@@ -78,6 +82,9 @@ rm -rf $RPM_BUILD_ROOT
 #{_pkgdocdir}/%{name}.txt
 
 %changelog
+* Wed Apr 16 2014 Jaromir Capik <jcapik at redhat.com> - 1.0.12-2
+- Fixing format-security flaws (#1037174)
+
 * Wed Feb 12 2014 Adam Jackson <ajax at redhat.com> 1.0.12-1
 - libXaw 1.0.12
 - Drop pre-F18 changelog

More information about the scm-commits mailing list