commit cc573531927931bb88d14e73d24bb03cb3121171
Author: Jan Rękorajski <[email protected]>
Date: Sat Dec 7 14:58:01 2013 +0100
- fix format string errors
- rel 9
cvsnt.spec | 4 +++-
format-security.patch | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 56 insertions(+), 1 deletion(-)
---
diff --git a/cvsnt.spec b/cvsnt.spec
index af3decc..a9ca5ba 100644
--- a/cvsnt.spec
+++ b/cvsnt.spec
@@ -23,7 +23,7 @@ Summary(pl.UTF-8): Concurrent Versioning System
Name: cvsnt
# http://www.cvsnt.org/archive/2.5_stable tell which version is stable
Version: 2.5.05.3744
-Release: 8
+Release: 9
License: GPL v2+/LGPL v2+
Group: Development/Version Control
Source0: http://www.cvsnt.org/archive/%{name}-%{version}.tar.gz
@@ -37,6 +37,7 @@ Patch2: %{name}-build.patch
Patch3: %{name}-nospam.patch
Patch4: %{name}-fixes.patch
Patch5: %{name}-gcc4.patch
+Patch6: format-security.patch
URL: http://www.cvsnt.org/
BuildRequires: autoconf >= 2.58
BuildRequires: automake >= 1:1.7.9
@@ -209,6 +210,7 @@ CVSNT version of RCS tools.
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
rm -r protocols/ntlm
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..84f13ba
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,53 @@
+--- cvs-nserver-1.11.1.52/diff/diff3.c~ 2001-05-19 14:05:15.000000000
+0200
++++ cvs-nserver-1.11.1.52/diff/diff3.c 2013-12-07 14:42:15.691191794 +0100
+@@ -1502,7 +1502,7 @@
+ line = 0;
+ do
+ {
+- printf_output (line_prefix);
++ printf_output ("%s", line_prefix);
+ cp = D_RELNUM (ptr, realfile, line);
+ length = D_RELLEN (ptr, realfile, line);
+ write_output (cp, length);
+--- cvsnt-2.5.05.3744/src/client.cpp~ 2010-03-23 22:53:46.000000000 +0100
++++ cvsnt-2.5.05.3744/src/client.cpp 2013-12-07 14:49:05.851188825 +0100
+@@ -3731,7 +3731,7 @@
+ /* Overflow here?? possible, but we're only on
the client and about to die anyway */
+ if(!strcmp(read_buf,"bad auth protocol start"))
+ sprintf(read_buf,":%s: protocol not
supported by server",client_protocol->name);
+- error(1, 0, read_buf);
++ error(1, 0, "%s", read_buf);
+ }
+ else
+ {
+--- cvsnt-2.5.05.3744/src/root.cpp~ 2009-08-04 18:32:43.000000000 +0200
++++ cvsnt-2.5.05.3744/src/root.cpp 2013-12-07 14:54:19.931186551 +0100
+@@ -1054,7 +1054,7 @@
+
+ /* get the appropriate port string */
+ if(!root->port)
+- sprintf (port_s, get_default_client_port(client_protocol));
++ sprintf (port_s, "%s",
get_default_client_port(client_protocol));
+ else
+ strcpy(port_s,root->port);
+
+--- cvsnt-2.5.05.3744/src/subr.cpp~ 2013-12-07 14:48:03.000000000 +0100
++++ cvsnt-2.5.05.3744/src/subr.cpp 2013-12-07 14:54:53.351186310 +0100
+@@ -85,7 +85,7 @@
+ char buf[80];
+ sprintf (buf, "out of memory; can not allocate %lu bytes",
+ (unsigned long) bytes);
+- error (1, 0, buf);
++ error (1, 0, "%s", buf);
+ }
+ MALLOC_CHECK();
+
+@@ -123,7 +123,7 @@
+ char buf[80];
+ sprintf (buf, "out of memory; can not reallocate %lu bytes",
+ (unsigned long) bytes);
+- error (1, 0, buf);
++ error (1, 0, "%s", buf);
+ }
+ MALLOC_CHECK();
+ return (cp);
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/cvsnt.git/commitdiff/cc573531927931bb88d14e73d24bb03cb3121171
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
