[packages/swish-e] - up to 2.4.7 - fix format string errors

Tue Jun 11 13:57:42 CEST 2013

commit 45fe6c1712a813748372a09ef299979d3956e4e3
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Tue Jun 11 13:57:20 2013 +0200

    - up to 2.4.7
    - fix format string errors

 format-security.patch | 31 +++++++++++++++++++++++++++++++
 swish-e.spec          |  8 +++++---
 2 files changed, 36 insertions(+), 3 deletions(-)
---

diff --git a/swish-e.spec b/swish-e.spec
index 00d3d62..01370bf 100644
--- a/swish-e.spec
+++ b/swish-e.spec
@@ -2,12 +2,13 @@
 Summary:	Simple Web Indexing System for Humans - Enhanced
 Summary(pl.UTF-8):	Prosty system indeksowania stron WWW - wersja rozszerzona
 Name:		swish-e
-Version:	2.4.6
-Release:	4
+Version:	2.4.7
+Release:	1
 License:	GPL/LGPL
 Group:		Applications/Text
 Source0:	http://swish-e.org/distribution/%{name}-%{version}.tar.gz
-# Source0-md5:	eb762cba20ea0908141d44b1a31cdd39
+# Source0-md5:	736db7a65aed48bb3e2587c52833642d
+Patch0:		format-security.patch
 URL:		http://swish-e.org/
 #Icon:		swish-e.xpm
 BuildRequires:	libxml2-devel
@@ -139,6 +140,7 @@ Biblioteka statyczna dla swish-e.
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 %configure \
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..01d8cab
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,31 @@
+--- swish-e-2.4.7/src/parser.c~	2009-04-05 03:58:32.000000000 +0200
++++ swish-e-2.4.7/src/parser.c	2013-06-11 13:53:08.196559035 +0200
+@@ -1760,7 +1760,7 @@
+     va_start(args, msg);
+     vsnprintf(str, 1000, msg, args );
+     va_end(args);
+-    xmlParserError(parse_data->ctxt, str);
++    xmlParserError(parse_data->ctxt, "%s", str);
+ }
+ 
+ static void warning(void *data, const char *msg, ...)
+@@ -1772,7 +1772,7 @@
+     va_start(args, msg);
+     vsnprintf(str, 1000, msg, args );
+     va_end(args);
+-    xmlParserWarning(parse_data->ctxt, str);
++    xmlParserWarning(parse_data->ctxt, "%s", str);
+ }
+ 
+ 
+--- swish-e-2.4.7/src/result_output.c~	2009-04-05 03:58:32.000000000 +0200
++++ swish-e-2.4.7/src/result_output.c	2013-06-11 13:53:38.593550825 +0200
+@@ -752,7 +752,7 @@
+             s = (char *) emalloc(MAXWORDLEN + 1);
+             n = strftime(s, (size_t) MAXWORDLEN, fmt, localtime(&(pv->value.v_date)));
+             if (n && f)
+-                fprintf(f, s);
++                fprintf(f, "%s", s);
+             efree(s);
+         }
+         break;
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/swish-e.git/commitdiff/45fe6c1712a813748372a09ef299979d3956e4e3

