[packages/ruby-ncurses] fix format security errors

glen glen at pld-linux.org
Sat Sep 14 15:31:43 CEST 2013


commit 5c7c04b5fb70138169e2094919d88a55e168e127
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Sat Sep 14 16:30:30 2013 +0300

    fix format security errors

 format-security.patch | 11 +++++++++++
 ruby-ncurses.spec     |  7 ++++---
 2 files changed, 15 insertions(+), 3 deletions(-)
---
diff --git a/ruby-ncurses.spec b/ruby-ncurses.spec
index 4754531..e609ae5 100644
--- a/ruby-ncurses.spec
+++ b/ruby-ncurses.spec
@@ -9,11 +9,11 @@ Group:		Development/Languages
 Source0:	http://download.berlios.de/ncurses-ruby/%{pkgname}-ruby-%{version}.tar.bz2
 # Source0-md5:	63fd3d09a51cdd745e1ed37f85621ea2
 Patch0:		%{name}-utf8.patch
+Patch1:		format-security.patch
 URL:		http://ncurses-ruby.berlios.de/
 BuildRequires:	ncurses-devel
-BuildRequires:	rpmbuild(macros) >= 1.277
-BuildRequires:	ruby-devel >= 1:1.8.4-5
-%{?ruby_mod_ver_requires_eq}
+BuildRequires:	rpm-rubyprov
+BuildRequires:	rpmbuild(macros) >= 1.665
 Provides:	ruby-Ncurses
 Obsoletes:	ruby-Ncurses
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
@@ -65,6 +65,7 @@ Dokumentacji w formacie ri dla %{pkgname}.
 %prep
 %setup -q -n %{pkgname}-ruby-%{version}
 %patch0 -p1
+%patch1 -p1
 
 %build
 ruby extconf.rb \
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..238db2f
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,11 @@
+--- ncurses-ruby-1.3.1/form_wrap.c~	2011-05-31 02:41:46.000000000 +0300
++++ ncurses-ruby-1.3.1/form_wrap.c	2013-09-14 16:29:00.504646018 +0300
+@@ -1131,7 +1131,7 @@
+ 		  char msg[500];
+ 		  snprintf(msg, 500, "The validation functions for this field type need %d additional arguments.",(int)(NUM2INT(argc)-1));
+ 		  msg[499]=0;
+-		  rb_raise(rb_eArgError, msg);	
++		  rb_raise(rb_eArgError, "%s", msg);	
+ 		}
+ 	 } 
+   }
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/ruby-ncurses.git/commitdiff/5c7c04b5fb70138169e2094919d88a55e168e127



More information about the pld-cvs-commit mailing list