[packages/ruby-sary] fix format security errors

glen glen at pld-linux.org
Sat Sep 14 18:27:39 CEST 2013 

commit 59f8d261940143a66ae68897bfe6888f246f1ae6
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Sat Sep 14 19:27:27 2013 +0300

    fix format security errors

 format-security.patch | 31 +++++++++++++++++++++++++++++++
 ruby-sary.spec        |  2 ++
 2 files changed, 33 insertions(+)
---
diff --git a/ruby-sary.spec b/ruby-sary.spec
index 0568092..3c12491 100644
--- a/ruby-sary.spec
+++ b/ruby-sary.spec
@@ -10,6 +10,7 @@ Source0:	http://sary.sourceforge.net/%{pkgname}-ruby-%{version}.tar.gz
 # Source0-md5:	c885abffea72f25cb0f6286770a78ac1
 Patch0:		%{name}-no-version.patch
 Patch1:		%{name}-ruby19.patch
+Patch2:		format-security.patch
 URL:		http://sary.sourceforge.net/
 BuildRequires:	glib2-devel >= 2.0
 BuildRequires:	pkgconfig
@@ -29,6 +30,7 @@ Wiązanie języka Ruby do biblioteki Sary.
 %setup -q -n %{pkgname}-ruby-%{version}
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 %{__ruby} extconf.rb \
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..8cc8750
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,31 @@
+--- sary-ruby-1.2.0/searcher.c~	2013-09-14 19:25:50.000000000 +0300
++++ sary-ruby-1.2.0/searcher.c	2013-09-14 19:26:30.662671141 +0300
+@@ -91,7 +91,7 @@
+         searcher = sary_searcher_new2(file_name_ptr, array_name_ptr);
+     }
+     if (searcher == NULL)
+-	rb_raise(rb_eIOError, g_strerror(errno));
++	rb_raise(rb_eIOError, "%s", g_strerror(errno));
+ 
+     Check_Type(klass, T_DATA);
+     RDATA(klass)->dfree = (RUBY_DATA_FUNC)rsearcher_destroy;
+--- sary-ruby-1.2.0/builder.c~	2013-09-14 19:26:41.000000000 +0300
++++ sary-ruby-1.2.0/builder.c	2013-09-14 19:26:43.133250393 +0300
+@@ -72,7 +72,7 @@
+         builder = sary_builder_new2(file_name_ptr, array_name_ptr);
+     }
+     if (builder == NULL)
+-	rb_raise(rb_eIOError, g_strerror(errno));
++	rb_raise(rb_eIOError, "%s", g_strerror(errno));
+ 
+     Check_Type(klass, T_DATA);
+     RDATA(klass)->dfree = (RUBY_DATA_FUNC)rsbuilder_destroy;
+@@ -104,7 +104,7 @@
+     }
+ 
+     if (func(builder) == FALSE) {
+-	rb_raise(rb_eRuntimeError, g_strerror(errno));
++	rb_raise(rb_eRuntimeError, "%s", g_strerror(errno));
+     }
+ 
+     return klass;
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/ruby-sary.git/commitdiff/59f8d261940143a66ae68897bfe6888f246f1ae6

More information about the pld-cvs-commit mailing list