- Fixing format-security flaws (#1037099)

2014-02-05 20:11:04 +01:00 · 2014-02-05 20:11:04 +01:00 · 9293aac88b
commit 9293aac88b
parent 93a1ab9482
2 changed files with 18 additions and 1 deletions
--- a/gpm-format-security.patch
+++ b/gpm-format-security.patch
@ -0,0 +1,12 @@
+diff -Naur gpm-1.20.6.orig/src/lib/report-lib.c gpm-1.20.6/src/lib/report-lib.c
+--- gpm-1.20.6.orig/src/lib/report-lib.c	2014-02-05 19:11:58.688000000 +0100
+++ gpm-1.20.6/src/lib/report-lib.c	2014-02-05 19:11:23.968000000 +0100
+@@ -55,7 +55,7 @@
+                            log_level = LOG_CRIT; break;
+    }
+ #ifdef HAVE_VSYSLOG
+-   syslog(log_level, string);
+   syslog(log_level, "%s", string);
+    vsyslog(log_level, text, ap);
+ #else
+    fprintf(stderr,"%s[%s(%d)]:\n",string,file,line);
--- a/gpm.spec
+++ b/gpm.spec
@ -1,7 +1,7 @@
 Summary: A mouse server for the Linux console
 Name: gpm
 Version: 1.20.7
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2 and GPLv2+ with exceptions and GPLv3+ and Verbatim and Copyright only
 Group: System Environment/Daemons
 URL: http://www.nico.schottelius.org/software/gpm/
@ -24,6 +24,7 @@ Patch4: gpm-1.20.5-close-fds.patch
 Patch5: gpm-1.20.1-weak-wgetch.patch
 Patch7: gpm-1.20.7-rhbz-668480-gpm-types-7-manpage-fixes.patch
 Patch8: gpm-1.20.6-missing-header-dir-in-make-depend.patch
+Patch9: gpm-format-security.patch
 #Patch7: gpm-1.20.6-capability.patch
 Requires(post): systemd systemd-sysv info
 Requires(preun): systemd info
@ -83,6 +84,7 @@ mouse support to text-based Linux applications.
 %patch7 -p1
 # not sure if this is really needed
 %patch8 -p1
+%patch9 -p1

 #%patch7 -p1 -b .capability

@ -177,6 +179,9 @@ fi
 %{_libdir}/libgpm.a

 %changelog
+* Wed Feb 05 2014 Jaromir Capik <jcapik@redhat.com> - 1.20.7-4
+- Fixing format-security flaws (#1037099)
+
 * Wed Aug 07 2013 Jaromir Capik <jcapik@redhat.com> - 1.20.7-3
 - Removing PDF docs with unclear licensing from the source archive
 - Fixing the license tag