- Fixing format-security flaws (#1037028)

2014-04-14 21:13:09 +02:00 · 2014-04-14 21:13:09 +02:00 · 8fd0c61965
commit 8fd0c61965
parent c118c4141d
2 changed files with 18 additions and 1 deletions
--- a/ctags-5.8-format-security.patch
+++ b/ctags-5.8-format-security.patch
@ -0,0 +1,12 @@
+diff -Naur ctags-5.8.orig/lregex.c ctags-5.8/lregex.c
+--- ctags-5.8.orig/lregex.c	2007-09-10 04:36:48.000000000 +0200
+++ ctags-5.8/lregex.c	2014-04-14 21:09:17.716000000 +0200
+@@ -408,7 +408,7 @@
+ 		const char* regexfile = parameter + 1;
+ 		FILE* const fp = fopen (regexfile, "r");
+ 		if (fp == NULL)
+-			error (WARNING | PERROR, regexfile);
+			error (WARNING | PERROR, "%s", regexfile);
+ 		else
+ 		{
+ 			vString* const regex = vStringNew ();
--- a/ctags.spec
+++ b/ctags.spec
@ -1,7 +1,7 @@
 Summary: A C programming language indexing and/or cross-reference tool
 Name: ctags
 Version: 5.8
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: GPLv2+ and LGPLv2+ and Public Domain
 Group: Development/Tools
 URL: http://ctags.sourceforge.net/
@ -12,6 +12,7 @@ Patch2: ctags-5.8-css.patch
 Patch3: ctags-5.8-ocaml-crash.patch
 Patch4: ctags-5.8-cssparse.patch
 Patch5: ctags-5.8-memmove.patch
+Patch6: ctags-5.8-format-security.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

 %description
@ -51,6 +52,7 @@ Note: some command line options is not compatible with GNU etags.
 %patch3 -p1 -b .ocaml-crash
 %patch4 -p1 -b .cssparse-crash
 %patch5 -p1 -b .memmove
+%patch6 -p1 -b .fmt-sec

 %build
 %configure
@ -93,6 +95,9 @@ rm -rf %{buildroot}
 %{_mandir}/man1/etags.%{name}.1*

 %changelog
+* Mon Apr 14 2014 Jaromir Capik <jcapik@redhat.com> - 5.8-13
+- Fixing format-security flaws (#1037028)
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.8-12
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild