tags 664513 patch
thanks
The attached 04_fix_format_security.patch fixes unsafe uses of fprintf
and printf and allows freesci to build with hardening flags. The
attached diff to debian/rules enables the hardening flags.
Description: fix format security
This patch fixes unsafe uses of fprintf and printf.
Bug-Debian: http://bugs.debian.org/664513
Author: Graham Inggs <[email protected]>
Forwarded: No
Last-Update: 2013-11-08
--- freesci-0.6.4/src/engine/kfile.c
+++ freesci-0.6.4/src/engine/kfile.c
@@ -919,7 +919,7 @@
if ((idfile = sci_fopen(game_id_file_name, "w"))) {
- fprintf(idfile, game_description);
+ fprintf(idfile, "%s", game_description);
fclose(idfile);
} else {
--- freesci-0.6.4/src/tools/sciunpack.c
+++ freesci-0.6.4/src/tools/sciunpack.c
@@ -223,7 +223,7 @@
#endif /* DRAW_GRAPHICS */
;
- printf(gcc_3_0_can_kiss_my_ass);
+ printf("%s", gcc_3_0_can_kiss_my_ass);
exit(0);
}
--- freesci-0.6.4/src/tools/bdf.c
+++ freesci-0.6.4/src/tools/bdf.c
@@ -3042,14 +3042,14 @@
bpr = ((c->bbx.width * font->bpp) + 7) >> 3;
for (j = 0; bpr != 0 && j < c->bytes; j++) {
if (j && j % bpr == 0)
- fprintf(out, eol);
+ fprintf(out, "%s", eol);
fprintf(out, "%02X", c->bitmap[j]);
}
/*
* Handle empty bitmaps like this.
*/
if (c->bbx.height > 0)
- fprintf(out, eol);
+ fprintf(out, "%s", eol);
fprintf(out, "ENDCHAR%s", eol);
/*
@@ -3116,14 +3116,14 @@
bpr = ((c->bbx.width * font->bpp) + 7) >> 3;
for (j = 0; bpr != 0 && j < c->bytes; j++) {
if (j && j % bpr == 0)
- fprintf(out, eol);
+ fprintf(out, "%s", eol);
fprintf(out, "%02X", c->bitmap[j]);
}
/*
* Handle empty bitmaps like this.
*/
if (c->bbx.height > 0)
- fprintf(out, eol);
+ fprintf(out, "%s", eol);
fprintf(out, "ENDCHAR%s", eol);
/*
--- freesci-0.6.4/src/main.c
+++ freesci-0.6.4/src/main.c
@@ -301,7 +301,7 @@
if (i != 0)
printf(", ");
- printf(gfx_get_driver_name(i));
+ printf("%s", gfx_get_driver_name(i));
i++;
}
--- a/rules
+++ b/rules
@@ -27,18 +27,11 @@
VERSION_DEB:=$(shell dpkg-parsechangelog | perl -ne '/^Version: (.*)-(.*?)$$/ and print "$$2\n" and last;')
ME=$(PKG)-$(VERSION_UP)
-# handle DEB_BUILD_OPTIONS
-CFLAGS += -Wall -g
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
- CFLAGS += -O0
-else
- CFLAGS += -O2
-endif
-export CFLAGS
-export CPPFLAGS
-
-export LDFLAGS += -Wl,--as-needed
-
+DPKG_EXPORT_BUILDFLAGS = 1
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_CFLAGS_MAINT_APPEND = -Wall
+export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+include /usr/share/dpkg/buildflags.mk
TOPDIR:=$(CURDIR)/
BUILDDIR:=$(CURDIR)/build/