[packages/cvsnt] - fix format string errors - rel 9

Sat Dec 7 14:58:11 CET 2013

commit cc573531927931bb88d14e73d24bb03cb3121171
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Sat Dec 7 14:58:01 2013 +0100

    - fix format string errors
    - rel 9

 cvsnt.spec            |  4 +++-
 format-security.patch | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+), 1 deletion(-)
---

diff --git a/cvsnt.spec b/cvsnt.spec
index af3decc..a9ca5ba 100644
--- a/cvsnt.spec
+++ b/cvsnt.spec
@@ -23,7 +23,7 @@ Summary(pl.UTF-8):	Concurrent Versioning System
 Name:		cvsnt
 # http://www.cvsnt.org/archive/2.5_stable tell which version is stable
 Version:	2.5.05.3744
-Release:	8
+Release:	9
 License:	GPL v2+/LGPL v2+
 Group:		Development/Version Control
 Source0:	http://www.cvsnt.org/archive/%{name}-%{version}.tar.gz
@@ -37,6 +37,7 @@ Patch2:		%{name}-build.patch
 Patch3:		%{name}-nospam.patch
 Patch4:		%{name}-fixes.patch
 Patch5:		%{name}-gcc4.patch
+Patch6:		format-security.patch
 URL:		http://www.cvsnt.org/
 BuildRequires:	autoconf >= 2.58
 BuildRequires:	automake >= 1:1.7.9
@@ -209,6 +210,7 @@ CVSNT version of RCS tools.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 rm -r protocols/ntlm
 
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..84f13ba
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,53 @@
+--- cvs-nserver-1.11.1.52/diff/diff3.c~	2001-05-19 14:05:15.000000000 +0200
++++ cvs-nserver-1.11.1.52/diff/diff3.c	2013-12-07 14:42:15.691191794 +0100
+@@ -1502,7 +1502,7 @@
+ 	      line = 0;
+ 	      do
+ 		{
+-		  printf_output (line_prefix);
++		  printf_output ("%s", line_prefix);
+ 		  cp = D_RELNUM (ptr, realfile, line);
+ 		  length = D_RELLEN (ptr, realfile, line);
+ 		  write_output (cp, length);
+--- cvsnt-2.5.05.3744/src/client.cpp~	2010-03-23 22:53:46.000000000 +0100
++++ cvsnt-2.5.05.3744/src/client.cpp	2013-12-07 14:49:05.851188825 +0100
+@@ -3731,7 +3731,7 @@
+ 				/* Overflow here??  possible, but we're only on the client and about to die anyway */
+ 				if(!strcmp(read_buf,"bad auth protocol start"))
+ 					sprintf(read_buf,":%s: protocol not supported by server",client_protocol->name);
+-				error(1, 0, read_buf);
++				error(1, 0, "%s", read_buf);
+ 			}
+ 			else
+ 			{
+--- cvsnt-2.5.05.3744/src/root.cpp~	2009-08-04 18:32:43.000000000 +0200
++++ cvsnt-2.5.05.3744/src/root.cpp	2013-12-07 14:54:19.931186551 +0100
+@@ -1054,7 +1054,7 @@
+ 
+     /* get the appropriate port string */
+ 	if(!root->port)
+-		sprintf (port_s, get_default_client_port(client_protocol));
++		sprintf (port_s, "%s", get_default_client_port(client_protocol));
+ 	else
+ 		strcpy(port_s,root->port);
+ 
+--- cvsnt-2.5.05.3744/src/subr.cpp~	2013-12-07 14:48:03.000000000 +0100
++++ cvsnt-2.5.05.3744/src/subr.cpp	2013-12-07 14:54:53.351186310 +0100
+@@ -85,7 +85,7 @@
+ 		char buf[80];
+ 		sprintf (buf, "out of memory; can not allocate %lu bytes",
+ 			(unsigned long) bytes);
+-		error (1, 0, buf);
++		error (1, 0, "%s", buf);
+     }
+ 	MALLOC_CHECK();
+ 
+@@ -123,7 +123,7 @@
+ 		char buf[80];
+ 		sprintf (buf, "out of memory; can not reallocate %lu bytes",
+ 			(unsigned long) bytes);
+-		error (1, 0, buf);
++		error (1, 0, "%s", buf);
+     }
+ 	MALLOC_CHECK();
+     return (cp);
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/cvsnt.git/commitdiff/cc573531927931bb88d14e73d24bb03cb3121171

