From 21d8a2251221c959c9c9df331de91b9c74736de2 Mon Sep 17 00:00:00 2001
From: Jaromir Capik <jcapik@redhat.com>
Date: Mon, 14 Apr 2014 17:21:57 +0200
Subject: [PATCH] - Fixing format-security flaws (#1037217)

---
 netpbm-format-security.patch | 81 ++++++++++++++++++++++++++++++++++++
 netpbm.spec                  |  7 +++-
 2 files changed, 87 insertions(+), 1 deletion(-)
 create mode 100644 netpbm-format-security.patch

diff --git a/netpbm-format-security.patch b/netpbm-format-security.patch
new file mode 100644
index 0000000..7d3e71f
--- /dev/null
+++ b/netpbm-format-security.patch
@@ -0,0 +1,81 @@
+diff -Naur netpbm-10.61.02.orig/converter/pbm/cmuwmtopbm.c netpbm-10.61.02/converter/pbm/cmuwmtopbm.c
+--- netpbm-10.61.02.orig/converter/pbm/cmuwmtopbm.c	2014-04-14 16:25:31.000000000 +0200
++++ netpbm-10.61.02/converter/pbm/cmuwmtopbm.c	2014-04-14 17:05:23.049000000 +0200
+@@ -48,20 +48,20 @@
+ 
+     rc = pm_readbiglong(ifP, &l);
+     if (rc == -1 )
+-        pm_error(initReadError);
++        pm_error("%s", initReadError);
+     if ((uint32_t)l != cmuwmMagic)
+         pm_error("bad magic number in CMU window manager file");
+     rc = pm_readbiglong(ifP, &l);
+     if (rc == -1)
+-        pm_error(initReadError);
++        pm_error("%s", initReadError);
+     *colsP = l;
+     rc = pm_readbiglong(ifP, &l);
+     if (rc == -1 )
+-        pm_error(initReadError);
++        pm_error("%s", initReadError);
+     *rowsP = l;
+     rc = pm_readbigshort(ifP, &s);
+     if (rc == -1)
+-        pm_error(initReadError);
++        pm_error("%s", initReadError);
+     *depthP = s;
+ }
+ 
+diff -Naur netpbm-10.61.02.orig/converter/other/tifftopnm.c netpbm-10.61.02/converter/other/tifftopnm.c
+--- netpbm-10.61.02.orig/converter/other/tifftopnm.c	2014-04-14 17:06:26.000000000 +0200
++++ netpbm-10.61.02/converter/other/tifftopnm.c	2014-04-14 17:09:55.731000000 +0200
+@@ -1459,7 +1459,7 @@
+         int ok;
+         ok = TIFFRGBAImageOK(tif, emsg);
+         if (!ok) {
+-            pm_message(emsg);
++            pm_message("%s", emsg);
+             *statusP = CONV_UNABLE;
+         } else {
+             uint32 * raster;
+@@ -1479,14 +1479,14 @@
+                 
+                 ok = TIFFRGBAImageBegin(&img, tif, stopOnErrorFalse, emsg);
+                 if (!ok) {
+-                    pm_message(emsg);
++                    pm_message("%s", emsg);
+                     *statusP = CONV_FAILED;
+                 } else {
+                     int ok;
+                     ok = TIFFRGBAImageGet(&img, raster, cols, rows);
+                     TIFFRGBAImageEnd(&img) ;
+                     if (!ok) {
+-                        pm_message(emsg);
++                        pm_message("%s", emsg);
+                         *statusP = CONV_FAILED;
+                     } else {
+                         *statusP = CONV_DONE;
+diff -Naur netpbm-10.61.02.orig/converter/other/fiasco/pnmtofiasco.c netpbm-10.61.02/converter/other/fiasco/pnmtofiasco.c
+--- netpbm-10.61.02.orig/converter/other/fiasco/pnmtofiasco.c	2013-02-20 07:31:32.000000000 +0100
++++ netpbm-10.61.02/converter/other/fiasco/pnmtofiasco.c	2014-04-14 17:12:14.995000000 +0200
+@@ -170,7 +170,7 @@
+       return 0;
+    else
+    {
+-      fprintf (stderr, fiasco_get_error_message ());
++      fprintf (stderr, "%s", fiasco_get_error_message ());
+       fprintf (stderr, "\n");
+       return 1;
+    }
+diff -Naur netpbm-10.61.02.orig/converter/other/fiasco/params.c netpbm-10.61.02/converter/other/fiasco/params.c
+--- netpbm-10.61.02.orig/converter/other/fiasco/params.c	2013-02-20 07:31:32.000000000 +0100
++++ netpbm-10.61.02/converter/other/fiasco/params.c	2014-04-14 17:15:00.067000000 +0200
+@@ -656,7 +656,7 @@
+     fprintf (stderr, "Usage: %s [OPTION]...%s\n", progname,
+              non_opt_string ? non_opt_string : " ");
+     if (synopsis != NULL)
+-        fprintf (stderr, synopsis);
++        fprintf (stderr, "%s", synopsis);
+     fprintf (stderr, "\n\n");
+     fprintf (stderr, "Mandatory or optional arguments to long options "
+              "are mandatory or optional\nfor short options too. "
diff --git a/netpbm.spec b/netpbm.spec
index 96d1e25..95650c7 100644
--- a/netpbm.spec
+++ b/netpbm.spec
@@ -1,7 +1,7 @@
 Summary: A library for handling different graphics file formats
 Name: netpbm
 Version: 10.61.02
-Release: 7%{?dist}
+Release: 8%{?dist}
 # See copyright_summary for details
 License: BSD and GPLv2 and IJG and MIT and Public Domain
 Group: System Environment/Libraries
@@ -38,6 +38,7 @@ Patch27: netpbm-multipage-pam.patch
 Patch28: netpbm-compare-same-images.patch
 #Patch29: netpbm-man-corrections.patch
 Patch29: netpbm-manual-pages.patch
+Patch30: netpbm-format-security.patch
 BuildRequires: libjpeg-devel, libpng-devel, libtiff-devel, flex
 BuildRequires: libX11-devel, python, jasper-devel, libxml2-devel
 
@@ -116,6 +117,7 @@ netpbm-doc.  You'll also need to install the netpbm-progs package.
 %patch28 -p1 -b .compare-same-images
 #%patch29 -p1 -b .man-corrections
 %patch29 -p1 -b .manual-pages
+%patch30 -p1 -b .fmt-sec
 exit 0
 
 sed -i 's/STRIPFLAG = -s/STRIPFLAG =/g' config.mk.in
@@ -271,6 +273,9 @@ rm -rf $RPM_BUILD_ROOT
 %doc userguide/*
 
 %changelog
+* Mon Apr 14 2014 Jaromir Capik <jcapik@redhat.com> - 10.61.02-8
+- Fixing format-security flaws (#1037217)
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 10.61.02-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild