[portmidi] Format-security patch
Brendan Jones
bsjones at fedoraproject.org
Mon Jun 9 18:13:53 UTC 2014
commit 4417e21ff9b8c0c5aa73818339eb7ed27263f2f7
Author: Brendan Jones <brendan.jones.it at gmail.com>
Date: Mon Jun 9 20:13:47 2014 +0200
Format-security patch
portmidi-217-format-security.patch | 95 ++++++++++++++++++++++++++++++++++++
portmidi.spec | 7 ++-
2 files changed, 101 insertions(+), 1 deletions(-)
---
diff --git a/portmidi-217-format-security.patch b/portmidi-217-format-security.patch
new file mode 100644
index 0000000..01bd2f5
--- /dev/null
+++ b/portmidi-217-format-security.patch
@@ -0,0 +1,95 @@
+--- portmidi/pm_test/latency.c_old 2014-06-09 19:58:02.503837705 +0200
++++ portmidi/pm_test/latency.c 2014-06-09 19:59:15.645838404 +0200
+@@ -280,7 +280,7 @@ int get_number(char *prompt)
+ {
+ char line[STRING_MAX];
+ int n = 0, i;
+- printf(prompt);
++ printf("%s",prompt);
+ while (n != 1) {
+ n = scanf("%d", &i);
+ fgets(line, STRING_MAX, stdin);
+diff -Nurp portmidi/pm_test/midiclock.c portmidi/pm_test.new/midiclock.c
+--- portmidi/pm_test/midiclock.c 2014-06-09 20:05:10.783841793 +0200
++++ portmidi/pm_test.new/midiclock.c 2014-06-09 20:06:05.582842316 +0200
+@@ -167,7 +167,7 @@ int get_number(char *prompt)
+ {
+ char line[STRING_MAX];
+ int n = 0, i;
+- printf(prompt);
++ printf("%s",prompt);
+ while (n != 1) {
+ n = scanf("%d", &i);
+ fgets(line, STRING_MAX, stdin);
+@@ -256,7 +256,7 @@ int main(int argc, char **argv)
+ err = Pm_OpenOutput(&midi, outp, DRIVER_INFO, OUTPUT_BUFFER_SIZE,
+ TIME_PROC, TIME_INFO, LATENCY);
+ if (err) {
+- printf(Pm_GetErrorText(err));
++ printf("%s",Pm_GetErrorText(err));
+ goto error_exit_no_device;
+ }
+ active = true;
+diff -Nurp portmidi/pm_test/mm.c portmidi/pm_test.new/mm.c
+--- portmidi/pm_test/mm.c 2010-10-05 20:49:09.000000000 +0200
++++ portmidi/pm_test.new/mm.c 2014-06-09 20:09:26.222844231 +0200
+@@ -119,7 +119,7 @@ int get_number(char *prompt)
+ {
+ char line[STRING_MAX];
+ int n = 0, i;
+- printf(prompt);
++ printf("%s",prompt);
+ while (n != 1) {
+ n = scanf("%d", &i);
+ fgets(line, STRING_MAX, stdin);
+@@ -136,7 +136,7 @@ void receive_poll(PtTimestamp timestamp,
+ if (!active) return;
+ while ((count = Pm_Read(midi_in, &event, 1))) {
+ if (count == 1) output(event.message);
+- else printf(Pm_GetErrorText(count));
++ else printf("%s",Pm_GetErrorText(count));
+ }
+ }
+
+@@ -168,7 +168,7 @@ int main(int argc, char **argv)
+ inp = get_number("Type input device number: ");
+ err = Pm_OpenInput(&midi_in, inp, NULL, 512, NULL, NULL);
+ if (err) {
+- printf(Pm_GetErrorText(err));
++ printf("%s",Pm_GetErrorText(err));
+ Pt_Stop();
+ mmexit(1);
+ }
+@@ -484,7 +484,7 @@ private int put_pitch(int p)
+ "gs", "a", "bf", "b" };
+ /* note octave correction below */
+ sprintf(result, "%s%d", ptos[p % 12], (p / 12) - 1);
+- printf(result);
++ printf("%s",result);
+ return strlen(result);
+ }
+
+diff -Nurp portmidi/pm_test/test.c portmidi/pm_test.new/test.c
+--- portmidi/pm_test/test.c 2009-09-16 18:54:04.000000000 +0200
++++ portmidi/pm_test.new/test.c 2014-06-09 20:10:04.310844594 +0200
+@@ -37,7 +37,7 @@ int get_number(char *prompt)
+ {
+ char line[STRING_MAX];
+ int n = 0, i;
+- printf(prompt);
++ printf("%s",prompt);
+ while (n != 1) {
+ n = scanf("%d", &i);
+ fgets(line, STRING_MAX, stdin);
+diff -Nurp portmidi/pm_test/sysex.c portmidi/pm_test.new/sysex.c
+--- portmidi/pm_test/sysex.c 2010-09-20 21:57:48.000000000 +0200
++++ portmidi/pm_test.new/sysex.c 2014-06-09 20:12:05.502845751 +0200
+@@ -39,7 +39,7 @@ int get_number(char *prompt)
+ {
+ char line[STRING_MAX];
+ int n = 0, i;
+- printf(prompt);
++ printf("%s",prompt);
+ while (n != 1) {
+ n = scanf("%d", &i);
+ fgets(line, STRING_MAX, stdin);
diff --git a/portmidi.spec b/portmidi.spec
index 2125532..4d89c06 100644
--- a/portmidi.spec
+++ b/portmidi.spec
@@ -1,7 +1,7 @@
Summary: Real-time Midi I/O Library
Name: portmidi
Version: 217
-Release: 10%{?dist}
+Release: 11%{?dist}
License: MIT
Group: System Environment/Libraries
URL: http://portmedia.sourceforge.net/
@@ -11,6 +11,7 @@ Source1: pmdefaults.desktop
Patch0: portmidi-cmake.patch
# Fix multilib conflict RHBZ#831432
Patch1: portmidi-no_date_footer.patch
+Patch2: portmidi-217-format-security.patch
BuildRequires: alsa-lib-devel
BuildRequires: cmake
BuildRequires: desktop-file-utils
@@ -67,6 +68,7 @@ configuration utility "pmdefaults" and some test applications.
%setup -q -n %{name}
%patch0 -p1 -b .buildfix
%patch1 -p1 -b .no.date
+%patch2 -p1 -b .fmt.security
# ewwww... binaries
rm -f portmidi_cdt.zip */*.exe */*/*.exe
@@ -184,6 +186,9 @@ rm -f %{buildroot}%{_libdir}/libportmidi_s.so
%{_libdir}/lib*.so
%changelog
+* Mon Jun 09 2014 Brendan Jones <brendan.jones.it at gmail.com> 217-11
+- -Wformat-security patch
+
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 217-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
More information about the scm-commits
mailing list