From 683715a907c9a930bc0cd220a4d138f10db9d6cd Mon Sep 17 00:00:00 2001 From: Tom Callaway Date: Mon, 9 Dec 2013 16:28:16 -0500 Subject: [PATCH] fix format-security issues --- snack2.2.10-format-security.patch | 12 ++++++++++++ tcl-snack.spec | 7 ++++++- 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 snack2.2.10-format-security.patch diff --git a/snack2.2.10-format-security.patch b/snack2.2.10-format-security.patch new file mode 100644 index 0000000..39505b4 --- /dev/null +++ b/snack2.2.10-format-security.patch @@ -0,0 +1,12 @@ +diff -up snack2.2.10/generic/jkSoundFile.c.format-security snack2.2.10/generic/jkSoundFile.c +--- snack2.2.10/generic/jkSoundFile.c.format-security 2013-12-09 16:24:39.287083799 -0500 ++++ snack2.2.10/generic/jkSoundFile.c 2013-12-09 16:26:03.693939137 -0500 +@@ -2380,7 +2380,7 @@ PutCslHeader(Sound *s, Tcl_Interp *inter + sprintf(&buf[12], "HEDR"); + PutLELong(buf, 16, 32); + Tcl_GlobalEvalObj(s->interp, Tcl_NewStringObj(CSL_DATECOMMAND, -1)); +- sprintf(&buf[20], Tcl_GetStringResult(s->interp)); ++ sprintf(&buf[20], "%s", Tcl_GetStringResult(s->interp)); + + PutLELong(buf, 40, s->samprate); + PutLELong(buf, 44, s->length); diff --git a/tcl-snack.spec b/tcl-snack.spec index 302d2f9..e54f09f 100644 --- a/tcl-snack.spec +++ b/tcl-snack.spec @@ -9,7 +9,7 @@ Name: tcl-%{realname} Version: 2.2.10 -Release: 20%{?dist} +Release: 21%{?dist} Summary: Sound toolkit Group: System Environment/Libraries # generic/snackDecls.h, generic/snackStubInit.c and generic/snackStubLib.c @@ -32,6 +32,7 @@ Patch1: snack2.2.10-extracflags.patch Patch2: snack2.2.10-shared-stubs.patch Patch3: snack2.2.10-newALSA.patch Patch4: tcl-snack-2.2.10-CVE-2012-6303-fix.patch +Patch5: snack2.2.10-format-security.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: tcl-devel, tk-devel, libogg-devel, libvorbis-devel BuildRequires: libXft-devel @@ -79,6 +80,7 @@ Tkinter are also required to use Snack. %patch2 -p1 -b .shared-stubs %patch3 -p1 -b .newALSA %patch4 -p1 -b .CVE20126303 +%patch5 -p1 -b .format-security cp %{SOURCE1} . chmod -x generic/*.c generic/*.h unix/*.c COPYING README demos/python/* iconv -f iso-8859-1 -t utf-8 -o README{.utf8,} @@ -135,6 +137,9 @@ rm -rf %{buildroot} %{python_sitelib}/tkSnack* %changelog +* Mon Dec 9 2013 Tom Callaway - 2.2.10-21 +- fix format-security issues + * Sun Aug 04 2013 Fedora Release Engineering - 2.2.10-20 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild