[packages/bastet] - fix unsafe format string usage, rel 3

Sun Jan 23 17:05:08 CET 2022

commit 1c060949c63cbfc534c473dd1b68ec02979d476a
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Sun Jan 23 17:04:28 2022 +0100

    - fix unsafe format string usage, rel 3

 bastet.spec           |  4 +++-
 format-security.patch | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+), 1 deletion(-)
---

diff --git a/bastet.spec b/bastet.spec
index 718a3be..5a304ea 100644
--- a/bastet.spec
+++ b/bastet.spec
@@ -3,13 +3,14 @@ Summary(hu.UTF-8):	Egy Tetris-klón
 Summary(pl.UTF-8):	Gra typu tetris
 Name:		bastet
 Version:	0.43.2
-Release:	2
+Release:	3
 License:	GPL v3+
 Group:		X11/Applications/Games
 #Source0Download: https://github.com/fph/bastet/releases
 Source0:	https://github.com/fph/bastet/archive/%{version}/%{name}-%{version}.tar.gz
 # Source0-md5:	aee009b77b8cf9516d686bd24673800e
 Patch0:		%{name}-boost.patch
+Patch1:		format-security.patch
 URL:		http://fph.altervista.org/prog/bastet.html
 BuildRequires:	boost-devel
 BuildRequires:	ncurses-devel >= 6
@@ -42,6 +43,7 @@ bardzo frustrującym przeżyciem.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 %build
 NCURSES_LIBS=$(ncurses6-config --libs)
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..e1e8f33
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,47 @@
+--- bastet-0.43.2/Ui.cpp~	2015-08-30 09:04:24.000000000 +0200
++++ bastet-0.43.2/Ui.cpp	2022-01-23 17:03:25.191431152 +0100
+@@ -183,7 +183,7 @@
+ 
+     BorderedWindow w(d.y,d.x);
+     wattrset((WINDOW *)w,COLOR_PAIR(20));
+-    mvwprintw(w,0,0,message.c_str());
++    mvwprintw(w,0,0,"%s",message.c_str());
+     w.RedrawBorder();
+     wrefresh(w);
+     PrepareUiGetch();
+@@ -200,7 +200,7 @@
+     d.y+=3;
+     BorderedWindow w(d.y,d.x);
+     wattrset((WINDOW *)w,COLOR_PAIR(20));
+-    mvwprintw(w,0,0,message.c_str());
++    mvwprintw(w,0,0,"%s",message.c_str());
+     w.RedrawBorder();
+     wrefresh(w);
+     PrepareUiGetch();
+@@ -221,7 +221,7 @@
+ 
+     BorderedWindow w(d.y,d.x);
+     wattrset((WINDOW *)w,COLOR_PAIR(20));
+-    mvwprintw(w,0,0,message.c_str());
++    mvwprintw(w,0,0,"%s",message.c_str());
+     w.RedrawBorder();
+     wrefresh(w);
+     PrepareUiGetch();
+@@ -239,7 +239,7 @@
+     BorderedWindow w(d.y,d.x);
+     wattrset((WINDOW *)w,COLOR_PAIR(20));
+     for(size_t i=0;i<choices.size();++i){
+-      mvwprintw(w,i,4,choices[i].c_str());
++      mvwprintw(w,i,4,"%s",choices[i].c_str());
+     }
+     w.RedrawBorder();
+     wrefresh(w);
+@@ -290,7 +290,7 @@
+       Dot d=BoundingRect(msg );
+       BorderedWindow w(d.y,d.x);
+       wattrset((WINDOW *)w,COLOR_PAIR(20));
+-      mvwprintw(w,0,0,msg.c_str());
++      mvwprintw(w,0,0,"%s",msg.c_str());
+       w.RedrawBorder();
+       ch=getch();
+       switch(ch){
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/bastet.git/commitdiff/1c060949c63cbfc534c473dd1b68ec02979d476a

