tags 664513 patch
thanks

The attached 04_fix_format_security.patch fixes unsafe uses of fprintf
and printf and allows freesci to build with hardening flags.  The
attached diff to debian/rules enables the hardening flags.
Description: fix format security
 This patch fixes unsafe uses of fprintf and printf.
Bug-Debian: http://bugs.debian.org/664513
Author: Graham Inggs <[email protected]>
Forwarded: No
Last-Update: 2013-11-08
--- freesci-0.6.4/src/engine/kfile.c
+++ freesci-0.6.4/src/engine/kfile.c
@@ -919,7 +919,7 @@

 		if ((idfile = sci_fopen(game_id_file_name, "w"))) {

-			fprintf(idfile, game_description);
+			fprintf(idfile, "%s", game_description);
 			fclose(idfile);

 		} else {
--- freesci-0.6.4/src/tools/sciunpack.c
+++ freesci-0.6.4/src/tools/sciunpack.c
@@ -223,7 +223,7 @@
 #endif /* DRAW_GRAPHICS */
 				;

-			printf(gcc_3_0_can_kiss_my_ass);
+			printf("%s", gcc_3_0_can_kiss_my_ass);
 			exit(0);
 		}

--- freesci-0.6.4/src/tools/bdf.c
+++ freesci-0.6.4/src/tools/bdf.c
@@ -3042,14 +3042,14 @@
         bpr = ((c->bbx.width * font->bpp) + 7) >> 3;
         for (j = 0; bpr != 0 && j < c->bytes; j++) {
             if (j && j % bpr == 0)
-              fprintf(out, eol);
+              fprintf(out, "%s", eol);
             fprintf(out, "%02X", c->bitmap[j]);
         }
         /*
          * Handle empty bitmaps like this.
          */
         if (c->bbx.height > 0)
-          fprintf(out, eol);
+          fprintf(out, "%s", eol);
         fprintf(out, "ENDCHAR%s", eol);

         /*
@@ -3116,14 +3116,14 @@
         bpr = ((c->bbx.width * font->bpp) + 7) >> 3;
         for (j = 0; bpr != 0 && j < c->bytes; j++) {
             if (j && j % bpr == 0)
-              fprintf(out, eol);
+              fprintf(out, "%s", eol);
             fprintf(out, "%02X", c->bitmap[j]);
         }
         /*
          * Handle empty bitmaps like this.
          */
         if (c->bbx.height > 0)
-          fprintf(out, eol);
+          fprintf(out, "%s", eol);
         fprintf(out, "ENDCHAR%s", eol);

         /*
--- freesci-0.6.4/src/main.c
+++ freesci-0.6.4/src/main.c
@@ -301,7 +301,7 @@
 		if (i != 0)
 			printf(", ");

-		printf(gfx_get_driver_name(i));
+		printf("%s", gfx_get_driver_name(i));

 		i++;
 	}
--- a/rules
+++ b/rules
@@ -27,18 +27,11 @@
 VERSION_DEB:=$(shell dpkg-parsechangelog | perl -ne '/^Version: (.*)-(.*?)$$/ and print "$$2\n" and last;')
 ME=$(PKG)-$(VERSION_UP)
 
-# handle DEB_BUILD_OPTIONS
-CFLAGS += -Wall -g
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
-  CFLAGS += -O0
-else
-  CFLAGS += -O2
-endif
-export CFLAGS
-export CPPFLAGS
-
-export LDFLAGS += -Wl,--as-needed
-
+DPKG_EXPORT_BUILDFLAGS = 1
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_CFLAGS_MAINT_APPEND = -Wall
+export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+include /usr/share/dpkg/buildflags.mk
 
 TOPDIR:=$(CURDIR)/
 BUILDDIR:=$(CURDIR)/build/

Reply via email to