diff --git a/a2ps-format-security.patch b/a2ps-format-security.patch index d846589..3fbd034 100644 --- a/a2ps-format-security.patch +++ b/a2ps-format-security.patch @@ -1,6 +1,6 @@ diff -up a2ps-4.14/lib/output.c.format-security a2ps-4.14/lib/output.c ---- a2ps-4.14/lib/output.c.format-security 2013-12-03 15:49:51.675971847 +0000 -+++ a2ps-4.14/lib/output.c 2013-12-03 15:49:59.862013165 +0000 +--- a2ps-4.14/lib/output.c.format-security 2007-12-29 01:58:21.000000000 +0000 ++++ a2ps-4.14/lib/output.c 2014-04-03 18:24:35.259901356 +0100 @@ -525,7 +525,7 @@ output_file (struct output * out, a2ps_j expand_user_string (job, FIRST_FILE (job), (const uchar *) "Expand: requirement", @@ -10,3 +10,39 @@ diff -up a2ps-4.14/lib/output.c.format-security a2ps-4.14/lib/output.c continue; } +diff -up a2ps-4.14/lib/parseppd.y.format-security a2ps-4.14/lib/parseppd.y +--- a2ps-4.14/lib/parseppd.y.format-security 2007-12-29 01:58:21.000000000 +0000 ++++ a2ps-4.14/lib/parseppd.y 2014-04-03 18:24:35.259901356 +0100 +@@ -154,7 +154,7 @@ font_clause : + void + yyerror (const char *msg) + { +- error_at_line (1, 0, ppdfilename, ppdlineno, msg); ++ error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg); + } + + /* +diff -up a2ps-4.14/lib/psgen.c.format-security a2ps-4.14/lib/psgen.c +--- a2ps-4.14/lib/psgen.c.format-security 2014-04-03 18:24:35.241901276 +0100 ++++ a2ps-4.14/lib/psgen.c 2014-04-03 18:24:35.259901356 +0100 +@@ -232,7 +232,7 @@ output_marker (a2ps_job * job, const cha + default: + *buf = '\0'; + ps_escape_char (job, cp[i], buf); +- output (jdiv, (char *) buf); ++ output (jdiv, "%s", (char *) buf); + break; + } + } +diff -up a2ps-4.14/src/parsessh.y.format-security a2ps-4.14/src/parsessh.y +--- a2ps-4.14/src/parsessh.y.format-security 2014-04-03 18:25:56.011259069 +0100 ++++ a2ps-4.14/src/parsessh.y 2014-04-03 18:26:04.725297585 +0100 +@@ -740,7 +740,7 @@ exception_def_opt: + void + yyerror (const char *msg) + { +- error_at_line (1, 0, sshfilename, sshlineno, msg); ++ error_at_line (1, 0, sshfilename, sshlineno, "%s", msg); + } + + /* diff --git a/a2ps.spec b/a2ps.spec index 3b982f8..3b74977 100644 --- a/a2ps.spec +++ b/a2ps.spec @@ -1,7 +1,7 @@ Summary: Converts text and other types of files to PostScript Name: a2ps Version: 4.14 -Release: 23%{?dist} +Release: 24%{?dist} License: GPLv3+ Group: Applications/Publishing Source0: http://ftp.gnu.org/gnu/a2ps/%{name}-%{version}.tar.gz @@ -317,6 +317,9 @@ exit 0 %{_emacs_sitelispdir}/%{name}/*.el %changelog +* Thu Apr 3 2014 Tim Waugh - 4.14-24 +- Prevent another build failure with -Werror=format-security. + * Tue Apr 1 2014 Tim Waugh - 4.14-23 - Invoke gs with the -dSAFER option in fixps (CVE-2014-0466, bug #1082411).