[rakarrack] add patch for format function security (rhbz#1037302), and apply it.

Tue May 13 11:28:44 UTC 2014

commit 2829b51ef74556e6cfc3a2c1d8f91d68e6aa9920
Author: David Timms <dtimms at iinet.net.au>
Date:   Tue May 13 20:50:23 2014 +1000

    add patch for format function security (rhbz#1037302), and apply it.

 rakarrack-0.6.2.format-security.diff |   29 +++++++++++++++++++++++++++++
 rakarrack.spec                       |    9 ++++++++-
 2 files changed, 37 insertions(+), 1 deletions(-)
---

diff --git a/rakarrack-0.6.2.format-security.diff b/rakarrack-0.6.2.format-security.diff
new file mode 100644
index 0000000..aaca811
--- /dev/null
+++ b/rakarrack-0.6.2.format-security.diff
@@ -0,0 +1,29 @@
+--- rakarrack-git-b358630c2c17ef6b18b97ff5d22f91664033197b.orig/src/rakarrack.cxx	2013-04-14 23:10:34.000000000 +1000
++++ rakarrack-git-b358630c2c17ef6b18b97ff5d22f91664033197b/src/rakarrack.cxx	2014-05-13 07:04:04.917008568 +1000
+@@ -23583,7 +23583,7 @@
+   Fl_Widget *m = fl_message_icon();
+   m->parent()->copy_label(rkr->jackcliname);
+   sprintf(temp2,"Overwrite \"%s\"?",w->label());
+-  ok=fl_choice(temp2, "No","Yes", NULL);
++  ok=fl_choice("%s", temp2, "No", "Yes", NULL);
+  if (!ok)
+  { 
+  o->value(0);
+@@ -24850,7 +24850,7 @@
+  w->parent()->copy_label(rkr->jackcliname);
+  
+ 
+- ok=fl_choice("Bank was modified, but not saved", "Discard","Save",NULL);
++ ok=fl_choice("%s", "Bank was modified, but not saved", "Discard", "Save", NULL);
+ 
+ 
+ 
+@@ -28008,7 +28008,7 @@
+ } 
+ 
+ sprintf(temp2,"Delete? \"%s\"",s->text());
+-ok=fl_choice("%d",temp2,"No","Yes",NULL);
++ok=fl_choice("%s", temp2, "No", "Yes", NULL);
+ if (!ok) return;
+ memset(Rname,0,sizeof(Rname));
+ sprintf(Rname,"%s",s->text());
diff --git a/rakarrack.spec b/rakarrack.spec
index e5ce8d2..462e4e7 100644
--- a/rakarrack.spec
+++ b/rakarrack.spec
@@ -5,7 +5,7 @@
 Summary: Audio effects processing rack for guitar
 Name:    rakarrack
 Version: 0.6.2
-Release: 0.1.20130414git%{shortcommit}%{?dist}
+Release: 0.2.20130414git%{shortcommit}%{?dist}
 License: GPLv2
 Group:   Applications/Multimedia
 URL:     http://%{name}.sourceforge.net/
@@ -13,6 +13,8 @@ URL:     http://%{name}.sourceforge.net/
 #S#ource0: http://rakarrack.git.sourceforge.net/git/gitweb.cgi?p=rakarrack/rakarrack;a=snapshot;h=47245c3fd30dc326fedd7cdae444ddcf0fd97490;sf=tgz
 #S#ource0:  rakarrack-47245c3.tar.gz
 Source0: http://sourceforge.net/code-snapshots/git/r/ra/rakarrack/git.git/rakarrack-git-%{commit}.zip
+Patch1:  rakarrack-0.6.2.format-security.diff
+
 
 Requires: hicolor-icon-theme
 
@@ -48,6 +50,8 @@ Nasca is our hero and a continuous inspiration
 # for git snapshot
 %setup -q -n %{name}-git-%{commit}
 
+%patch1 -p1 -b .format-security
+
 %{__sed} -i 's/Icon=icono_rakarrack_128x128/Icon=rakarrack/' data/%{name}.desktop
 %{__sed} -i 's/Guitar Effects Processor/Real-time audio effects processing rack for guitar/' data/%{name}.desktop
 echo "GenericName=Digital audio effects processor" >> data/%{name}.desktop
@@ -125,6 +129,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 
 
 %changelog
+* Mon May 12 2014 David Timms <iinet.net.au @ dtimms> - 0.6.2-0.2.20130414gitb358630
+- Apply patch for format function security.
+
 * Mon May 12 2014 David Timms <iinet.net.au @ dtimms> - 0.6.2-0.1.20130414gitb358630
 - Update to current git snapshot from 2013-04-14
 
