- Fixing format-security flaws (#1037011)

2014-04-14 21:28:26 +02:00 · 2014-04-14 21:28:26 +02:00 · 8b84a5fd0f
commit 8b84a5fd0f
parent b3821a67cc
2 changed files with 22 additions and 1 deletions
--- a/cdparanoia-10.2-format-security.patch
+++ b/cdparanoia-10.2-format-security.patch
@ -0,0 +1,16 @@
 diff -Naur cdparanoia-III-10.2.orig/main.c cdparanoia-III-10.2/main.c
 --- cdparanoia-III-10.2.orig/main.c	2008-09-11 23:11:02.000000000 +0200
 +++ cdparanoia-III-10.2/main.c	2014-04-14 21:24:10.023000000 +0200
@@ -588,10 +588,10 @@
 	    buffer[aheadposition+19]='>';
 	}
 -	fprintf(stderr,buffer);
 +	fprintf(stderr, "%s", buffer);
 	if (logfile != NULL && function==-1) {
 -	  fprintf(logfile,buffer+1);
 +	  fprintf(logfile, "%s", buffer+1);
 	  fprintf(logfile,"\n\n");
 	  fflush(logfile);
 	}
--- a/cdparanoia.spec
+++ b/cdparanoia.spec
@ -1,7 +1,7 @@
 Summary: Compact Disc Digital Audio (CDDA) extraction tool (or ripper)
 Name: cdparanoia
 Version: 10.2
-Release: 14%{?dist}
+Release: 15%{?dist}
 # the app is GPLv2, everything else is LGPLv2
 License: GPLv2 and LGPLv2
 Group: Applications/Multimedia
@ -14,6 +14,7 @@ Patch0: cdparanoia-10.2-#463009.patch
 # #466659
 Patch1: cdparanoia-10.2-endian.patch
 Patch2: cdparanoia-10.2-install.patch
 Patch3: cdparanoia-10.2-format-security.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 Requires: cdparanoia-libs = %{version}-%{release}
 Obsoletes: cdparanoia-III <= alpha9.8
@ -62,6 +63,7 @@ for developing applications to read CD Digital Audio disks.
 %patch0 -p3 -b .#463009
 %patch1 -p1 -b .endian
 %patch2 -p1 -b .install
 %patch3 -p1 -b .fmt-sec
 %build
 %configure --includedir=%{_includedir}/cdda
@ -103,6 +105,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/*.a
 %changelog
 * Mon Apr 14 2014 Jaromir Capik <jcapik@redhat.com> - 10.2-15
 - Fixing format-security flaws (#1037011)
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 10.2-14
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild