[packages/ruby-ncurses] fix format security errors
glen
glen at pld-linux.org
Sat Sep 14 15:31:43 CEST 2013
commit 5c7c04b5fb70138169e2094919d88a55e168e127
Author: Elan Ruusamäe <glen at delfi.ee>
Date: Sat Sep 14 16:30:30 2013 +0300
fix format security errors
format-security.patch | 11 +++++++++++
ruby-ncurses.spec | 7 ++++---
2 files changed, 15 insertions(+), 3 deletions(-)
---
diff --git a/ruby-ncurses.spec b/ruby-ncurses.spec
index 4754531..e609ae5 100644
--- a/ruby-ncurses.spec
+++ b/ruby-ncurses.spec
@@ -9,11 +9,11 @@ Group: Development/Languages
Source0: http://download.berlios.de/ncurses-ruby/%{pkgname}-ruby-%{version}.tar.bz2
# Source0-md5: 63fd3d09a51cdd745e1ed37f85621ea2
Patch0: %{name}-utf8.patch
+Patch1: format-security.patch
URL: http://ncurses-ruby.berlios.de/
BuildRequires: ncurses-devel
-BuildRequires: rpmbuild(macros) >= 1.277
-BuildRequires: ruby-devel >= 1:1.8.4-5
-%{?ruby_mod_ver_requires_eq}
+BuildRequires: rpm-rubyprov
+BuildRequires: rpmbuild(macros) >= 1.665
Provides: ruby-Ncurses
Obsoletes: ruby-Ncurses
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
@@ -65,6 +65,7 @@ Dokumentacji w formacie ri dla %{pkgname}.
%prep
%setup -q -n %{pkgname}-ruby-%{version}
%patch0 -p1
+%patch1 -p1
%build
ruby extconf.rb \
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..238db2f
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,11 @@
+--- ncurses-ruby-1.3.1/form_wrap.c~ 2011-05-31 02:41:46.000000000 +0300
++++ ncurses-ruby-1.3.1/form_wrap.c 2013-09-14 16:29:00.504646018 +0300
+@@ -1131,7 +1131,7 @@
+ char msg[500];
+ snprintf(msg, 500, "The validation functions for this field type need %d additional arguments.",(int)(NUM2INT(argc)-1));
+ msg[499]=0;
+- rb_raise(rb_eArgError, msg);
++ rb_raise(rb_eArgError, "%s", msg);
+ }
+ }
+ }
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/ruby-ncurses.git/commitdiff/5c7c04b5fb70138169e2094919d88a55e168e127
More information about the pld-cvs-commit
mailing list