- Fixing format-security flaws (#1037174)

2014-04-16 18:12:10 +02:00 · 2014-04-16 18:12:10 +02:00 · 00ac05ae68
commit 00ac05ae68
parent 65de741cbb
2 changed files with 20 additions and 1 deletions
--- a/libXaw-1.0.12-format-security.patch
+++ b/libXaw-1.0.12-format-security.patch
@ -0,0 +1,12 @@
+diff -Naur libXaw-1.0.12.orig/src/DisplayList.c libXaw-1.0.12/src/DisplayList.c
+--- libXaw-1.0.12.orig/src/DisplayList.c	2013-09-08 05:57:54.000000000 +0200
+++ libXaw-1.0.12/src/DisplayList.c	2014-04-16 18:08:03.440000000 +0200
+@@ -287,7 +287,7 @@
+ 	}
+       if (fp)
+ 	{
+-	  snprintf(cname, fp - fname + 1, fname);
+	  snprintf(cname, fp - fname + 1, "%s", fname);
+ 	  memmove(fname, fp + 1, strlen(fp));
+ 	  lc = cname[0] ? XawGetDisplayListClass(cname) : xlibc;
+ 	  if (!lc)
--- a/libXaw.spec
+++ b/libXaw.spec
@ -3,13 +3,15 @@
 Summary: X Athena Widget Set
 Name: libXaw
 Version: 1.0.12
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: MIT
 URL: http://www.x.org
 Group: System Environment/Libraries

 Source0: ftp://ftp.x.org/pub/individual/lib/%{name}-%{version}.tar.bz2

+Patch0: libXaw-1.0.12-format-security.patch
+
 BuildRequires: autoconf automake libtool
 BuildRequires: pkgconfig(xproto) pkgconfig(x11) pkgconfig(xt)
 BuildRequires: pkgconfig(xmu) pkgconfig(xpm) pkgconfig(xext)
@ -31,6 +33,8 @@ X.Org X11 libXaw development package
 %prep
 %setup -q

+%patch0 -p1
+
 %build
 autoreconf -v --install --force
 export CFLAGS="$RPM_OPT_FLAGS -Os"
@ -78,6 +82,9 @@ rm -rf $RPM_BUILD_ROOT
 #{_pkgdocdir}/%{name}.txt

 %changelog
+* Wed Apr 16 2014 Jaromir Capik <jcapik@redhat.com> - 1.0.12-2
+- Fixing format-security flaws (#1037174)
+
 * Wed Feb 12 2014 Adam Jackson <ajax@redhat.com> 1.0.12-1
 - libXaw 1.0.12
 - Drop pre-F18 changelog