From 00ac05ae68926c05c1c05419175317798eac25a0 Mon Sep 17 00:00:00 2001 From: Jaromir Capik Date: Wed, 16 Apr 2014 18:12:10 +0200 Subject: [PATCH] - Fixing format-security flaws (#1037174) --- libXaw-1.0.12-format-security.patch | 12 ++++++++++++ libXaw.spec | 9 ++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 libXaw-1.0.12-format-security.patch diff --git a/libXaw-1.0.12-format-security.patch b/libXaw-1.0.12-format-security.patch new file mode 100644 index 0000000..510fe3b --- /dev/null +++ b/libXaw-1.0.12-format-security.patch @@ -0,0 +1,12 @@ +diff -Naur libXaw-1.0.12.orig/src/DisplayList.c libXaw-1.0.12/src/DisplayList.c +--- libXaw-1.0.12.orig/src/DisplayList.c 2013-09-08 05:57:54.000000000 +0200 ++++ libXaw-1.0.12/src/DisplayList.c 2014-04-16 18:08:03.440000000 +0200 +@@ -287,7 +287,7 @@ + } + if (fp) + { +- snprintf(cname, fp - fname + 1, fname); ++ snprintf(cname, fp - fname + 1, "%s", fname); + memmove(fname, fp + 1, strlen(fp)); + lc = cname[0] ? XawGetDisplayListClass(cname) : xlibc; + if (!lc) diff --git a/libXaw.spec b/libXaw.spec index 13973f1..76c3b0e 100644 --- a/libXaw.spec +++ b/libXaw.spec @@ -3,13 +3,15 @@ Summary: X Athena Widget Set Name: libXaw Version: 1.0.12 -Release: 1%{?dist} +Release: 2%{?dist} License: MIT URL: http://www.x.org Group: System Environment/Libraries Source0: ftp://ftp.x.org/pub/individual/lib/%{name}-%{version}.tar.bz2 +Patch0: libXaw-1.0.12-format-security.patch + BuildRequires: autoconf automake libtool BuildRequires: pkgconfig(xproto) pkgconfig(x11) pkgconfig(xt) BuildRequires: pkgconfig(xmu) pkgconfig(xpm) pkgconfig(xext) @@ -31,6 +33,8 @@ X.Org X11 libXaw development package %prep %setup -q +%patch0 -p1 + %build autoreconf -v --install --force export CFLAGS="$RPM_OPT_FLAGS -Os" @@ -78,6 +82,9 @@ rm -rf $RPM_BUILD_ROOT #{_pkgdocdir}/%{name}.txt %changelog +* Wed Apr 16 2014 Jaromir Capik - 1.0.12-2 +- Fixing format-security flaws (#1037174) + * Wed Feb 12 2014 Adam Jackson 1.0.12-1 - libXaw 1.0.12 - Drop pre-F18 changelog