[packages/libmpeg3] - fix format string errors - rel 3

baggins baggins at pld-linux.org
Mon Mar 9 17:42:17 CET 2015


commit 43aec21c2c87119291e4b46d5cea012592e2de85
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Mon Mar 9 17:42:04 2015 +0100

    - fix format string errors
    - rel 3

 format-security.patch | 20 ++++++++++++++++++++
 libmpeg3.spec         |  4 +++-
 2 files changed, 23 insertions(+), 1 deletion(-)
---
diff --git a/libmpeg3.spec b/libmpeg3.spec
index 891eac3..8abc4ba 100644
--- a/libmpeg3.spec
+++ b/libmpeg3.spec
@@ -2,12 +2,13 @@ Summary:	LibMPEG3 - decoding of many many derivatives of MPEG standards
 Summary(pl.UTF-8):	LibMPEG3 - dekodowanie wielu alternatywnych standardów MPEG
 Name:		libmpeg3
 Version:	1.8
-Release:	2
+Release:	3
 License:	GPL v2+
 Group:		Libraries
 Source0:	http://downloads.sourceforge.net/heroines/%{name}-%{version}-src.tar.bz2
 # Source0-md5:	a9d0d34e8941a4437eb8e7dfe559eca1
 Patch0:		%{name}-acam.patch
+Patch1:		format-security.patch
 URL:		http://heroinewarrior.com/libmpeg3.php
 BuildRequires:	a52dec-libs-devel >= 0.7.3
 BuildRequires:	autoconf >= 2.50
@@ -88,6 +89,7 @@ MPEG.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 %build
 %{__libtoolize}
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..4004e7e
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,20 @@
+--- libmpeg3-1.8/mpeg3tocutil.c.orig	2015-03-09 17:39:36.022530554 +0100
++++ libmpeg3-1.8/mpeg3tocutil.c	2015-03-09 17:40:15.672530268 +0100
+@@ -1278,7 +1278,7 @@
+ 
+ // Store file information
+ 	PUT_INT32(FILE_INFO);
+-	fprintf(file->toc_fd, file->fs->path);
++	fprintf(file->toc_fd, "%s", file->fs->path);
+ 	for(j = strlen(file->fs->path); j < MPEG3_STRLEN; j++)
+ 			fputc(0, file->toc_fd);
+ 	PUT_INT64(file->source_date);
+@@ -1309,7 +1309,7 @@
+ // Path
+ 		PUT_INT32(TITLE_PATH);
+ 
+-		fprintf(file->toc_fd, title->fs->path);
++		fprintf(file->toc_fd, "%s", title->fs->path);
+ 
+ // Pad path with 0
+ 		for(j = strlen(title->fs->path); j < MPEG3_STRLEN; j++)
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/libmpeg3.git/commitdiff/43aec21c2c87119291e4b46d5cea012592e2de85



More information about the pld-cvs-commit mailing list