fix vasnprintf puts %%n into a writeable format string in all cases

m4-1.4.10-snprintf.patch

@@ -0,0 +1,25 @@
+--- m4-1.4.10/lib/vasnprintf.c_old	2007-07-05 13:48:27.000000000 +0200
++++ m4-1.4.10/lib/vasnprintf.c	2007-12-13 13:38:39.000000000 +0100
+@@ -3385,10 +3385,22 @@
+ #endif
+ 		  *fbp = dp->conversion;
+ #if USE_SNPRINTF
++#if !(__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 3))
+ 		fbp[1] = '%';
+ 		fbp[2] = 'n';
+ 		fbp[3] = '\0';
+ #else
++		/* On glibc2 systems from glibc >= 2.3 - probably also older
++		ones - we know that snprintf's returns value conforms to
++		ISO C 99: the gl_SNPRINTF_DIRECTIVE_N test passes.
++		Therefore we can avoid using %n in this situation.
++		On glibc2 systems from 2004-10-18 or newer, the use of %n
++		in format strings in writable memory may crash the program
++		(if compiled with _FORTIFY_SOURCE=2), so we should avoid it
++		in this situation.  */
++		fbp[1] = '\0';
++#endif 
++#else
+ 		fbp[1] = '\0';
+ #endif
+ 

m4.spec

@@ -1,11 +1,12 @@
 Summary: The GNU macro processor
 Name: m4
 Version: 1.4.10
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv3+
 Group: Applications/Text
 Source0: ftp://ftp.gnu.org/gnu/m4/m4-%{version}.tar.bz2
 Source1: ftp://ftp.gnu.org/gnu/m4/m4-%{version}.tar.bz2.sig
+Patch0: m4-1.4.10-snprintf.patch
 URL: http://www.gnu.org/software/m4/
 Buildroot: %{_tmppath}/%{name}-root
 Requires(post): /sbin/install-info
@@ -23,6 +24,7 @@ Install m4 if you need a macro processor.
 
 %prep
 %setup -q
+%patch0 -p1 -b .snprintf
 
 %build
 %configure
@@ -53,6 +55,10 @@ fi
 rm -rf $RPM_BUILD_ROOT
 
 %changelog
+* Mon Dec 17 2007 Vitezslav Crhonek <vcrhonek@redhat.com> - 1.4.10-2
+- Fix vasnprintf puts %%n into a writeable format string in all cases
+  Resolves: #345651
+
 * Wed Aug 22 2007 Vitezslav Crhonek <vcrhonek@redhat.com> - 1.4.10-1
 - Update to m4-1.4.10
 - Fix license to GPL version 3 or later