- Fixing format-security flaws (#1037011)

2014-04-14 21:28:26 +02:00 · 2014-04-14 21:28:26 +02:00 · 8b84a5fd0f
commit 8b84a5fd0f
parent b3821a67cc
2 changed files with 22 additions and 1 deletions
--- a/cdparanoia-10.2-format-security.patch
+++ b/cdparanoia-10.2-format-security.patch
@ -0,0 +1,16 @@
+diff -Naur cdparanoia-III-10.2.orig/main.c cdparanoia-III-10.2/main.c
+--- cdparanoia-III-10.2.orig/main.c	2008-09-11 23:11:02.000000000 +0200
+++ cdparanoia-III-10.2/main.c	2014-04-14 21:24:10.023000000 +0200
+@@ -588,10 +588,10 @@
+ 	    buffer[aheadposition+19]='>';
+ 	}
+    
+-	fprintf(stderr,buffer);
+	fprintf(stderr, "%s", buffer);
+        
+ 	if (logfile != NULL && function==-1) {
+-	  fprintf(logfile,buffer+1);
+	  fprintf(logfile, "%s", buffer+1);
+ 	  fprintf(logfile,"\n\n");
+ 	  fflush(logfile);
+ 	}
--- a/cdparanoia.spec
+++ b/cdparanoia.spec
@ -1,7 +1,7 @@
 Summary: Compact Disc Digital Audio (CDDA) extraction tool (or ripper)
 Name: cdparanoia
 Version: 10.2
-Release: 14%{?dist}
+Release: 15%{?dist}
 # the app is GPLv2, everything else is LGPLv2
 License: GPLv2 and LGPLv2
 Group: Applications/Multimedia
@ -14,6 +14,7 @@ Patch0: cdparanoia-10.2-#463009.patch
 # #466659
 Patch1: cdparanoia-10.2-endian.patch
 Patch2: cdparanoia-10.2-install.patch
+Patch3: cdparanoia-10.2-format-security.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 Requires: cdparanoia-libs = %{version}-%{release}
 Obsoletes: cdparanoia-III <= alpha9.8
@ -62,6 +63,7 @@ for developing applications to read CD Digital Audio disks.
 %patch0 -p3 -b .#463009
 %patch1 -p1 -b .endian
 %patch2 -p1 -b .install
+%patch3 -p1 -b .fmt-sec

 %build
 %configure --includedir=%{_includedir}/cdda
@ -103,6 +105,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/*.a

 %changelog
+* Mon Apr 14 2014 Jaromir Capik <jcapik@redhat.com> - 10.2-15
+- Fixing format-security flaws (#1037011)
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 10.2-14
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild