[packages/bastet] - fix unsafe format string usage, rel 3

Sun, 23 Jan 2022 08:05:23 -0800 

commit 1c060949c63cbfc534c473dd1b68ec02979d476a
Author: Jan Rękorajski <[email protected]>
Date:   Sun Jan 23 17:04:28 2022 +0100

    - fix unsafe format string usage, rel 3

 bastet.spec           |  4 +++-
 format-security.patch | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+), 1 deletion(-)
---
diff --git a/bastet.spec b/bastet.spec
index 718a3be..5a304ea 100644
--- a/bastet.spec
+++ b/bastet.spec
@@ -3,13 +3,14 @@ Summary(hu.UTF-8):    Egy Tetris-klón
 Summary(pl.UTF-8):     Gra typu tetris
 Name:          bastet
 Version:       0.43.2
-Release:       2
+Release:       3
 License:       GPL v3+
 Group:         X11/Applications/Games
 #Source0Download: https://github.com/fph/bastet/releases
 Source0:       
https://github.com/fph/bastet/archive/%{version}/%{name}-%{version}.tar.gz
 # Source0-md5: aee009b77b8cf9516d686bd24673800e
 Patch0:                %{name}-boost.patch
+Patch1:                format-security.patch
 URL:           http://fph.altervista.org/prog/bastet.html
 BuildRequires: boost-devel
 BuildRequires: ncurses-devel >= 6
@@ -42,6 +43,7 @@ bardzo frustrującym przeżyciem.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 %build
 NCURSES_LIBS=$(ncurses6-config --libs)
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..e1e8f33
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,47 @@
+--- bastet-0.43.2/Ui.cpp~      2015-08-30 09:04:24.000000000 +0200
++++ bastet-0.43.2/Ui.cpp       2022-01-23 17:03:25.191431152 +0100
+@@ -183,7 +183,7 @@
+ 
+     BorderedWindow w(d.y,d.x);
+     wattrset((WINDOW *)w,COLOR_PAIR(20));
+-    mvwprintw(w,0,0,message.c_str());
++    mvwprintw(w,0,0,"%s",message.c_str());
+     w.RedrawBorder();
+     wrefresh(w);
+     PrepareUiGetch();
+@@ -200,7 +200,7 @@
+     d.y+=3;
+     BorderedWindow w(d.y,d.x);
+     wattrset((WINDOW *)w,COLOR_PAIR(20));
+-    mvwprintw(w,0,0,message.c_str());
++    mvwprintw(w,0,0,"%s",message.c_str());
+     w.RedrawBorder();
+     wrefresh(w);
+     PrepareUiGetch();
+@@ -221,7 +221,7 @@
+ 
+     BorderedWindow w(d.y,d.x);
+     wattrset((WINDOW *)w,COLOR_PAIR(20));
+-    mvwprintw(w,0,0,message.c_str());
++    mvwprintw(w,0,0,"%s",message.c_str());
+     w.RedrawBorder();
+     wrefresh(w);
+     PrepareUiGetch();
+@@ -239,7 +239,7 @@
+     BorderedWindow w(d.y,d.x);
+     wattrset((WINDOW *)w,COLOR_PAIR(20));
+     for(size_t i=0;i<choices.size();++i){
+-      mvwprintw(w,i,4,choices[i].c_str());
++      mvwprintw(w,i,4,"%s",choices[i].c_str());
+     }
+     w.RedrawBorder();
+     wrefresh(w);
+@@ -290,7 +290,7 @@
+       Dot d=BoundingRect(msg );
+       BorderedWindow w(d.y,d.x);
+       wattrset((WINDOW *)w,COLOR_PAIR(20));
+-      mvwprintw(w,0,0,msg.c_str());
++      mvwprintw(w,0,0,"%s",msg.c_str());
+       w.RedrawBorder();
+       ch=getch();
+       switch(ch){
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/bastet.git/commitdiff/1c060949c63cbfc534c473dd1b68ec02979d476a

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to