diff --git a/q-7.11-format-security.patch b/q-7.11-format-security.patch new file mode 100644 index 0000000..dc40209 --- /dev/null +++ b/q-7.11-format-security.patch @@ -0,0 +1,100 @@ +--- ./modules/clib/system.c.orig 2014-04-13 21:02:16.848951316 +0400 ++++ ./modules/clib/system.c 2014-04-13 21:02:46.161439951 +0400 +@@ -6097,7 +6097,7 @@ + i = 0; + while ((f = f_parse_mf())) { + if (!addbuf(strlen(f_str))) goto errexit2; +- if (sprintf(bufptr, f_str) < 0) goto errexit; ++ if (sprintf(bufptr, "%s", f_str) < 0) goto errexit; + bufptr += strlen(bufptr); + *s = 0; + switch (f) { +@@ -6112,7 +6112,7 @@ + bufptr += strlen(bufptr); + } + if (!addbuf(strlen(f_str))) goto errexit2; +- if (sprintf(bufptr, f_str) < 0) goto errexit; ++ if (sprintf(bufptr, "%s", f_str) < 0) goto errexit; + bufptr += strlen(bufptr); + f_init(NULL); + unlock_format(); +--- ./modules/clib/clib.c.orig 2014-04-13 20:59:23.649051758 +0400 ++++ ./modules/clib/clib.c 2014-04-13 21:01:42.258375147 +0400 +@@ -2843,7 +2843,7 @@ + f_init(format); + i = 0; + while ((f = f_parse_pf())) { +- if (fprintf(fp, f_str) < 0) goto errexit; ++ if (fprintf(fp, "%s", f_str) < 0) goto errexit; + if (f_var_wd) + coerce_int(xs[i++], &wdval); + if (f_var_prec) +@@ -2889,7 +2889,7 @@ + } + if (ret < 0) goto errexit; + } +- if (fprintf(fp, f_str) < 0) goto errexit; ++ if (fprintf(fp, "%s", f_str) < 0) goto errexit; + f_init(NULL); + unlock_format(); + free(format); +@@ -3115,7 +3115,7 @@ + i = 0; + while ((f = f_parse_pf())) { + if (!addbuf(strlen(f_str))) goto errexit2; +- if (sprintf(bufptr, f_str) < 0) goto errexit; ++ if (sprintf(bufptr, "%s", f_str) < 0) goto errexit; + bufptr += strlen(bufptr); + if (f_var_wd) + coerce_int(xs[i++], &wdval); +@@ -3166,7 +3166,7 @@ + bufptr += strlen(bufptr); + } + if (!addbuf(strlen(f_str))) goto errexit2; +- if (sprintf(bufptr, f_str) < 0) goto errexit; ++ if (sprintf(bufptr, "%s", f_str) < 0) goto errexit; + bufptr += strlen(bufptr); + f_init(NULL); + unlock_format(); +--- ./src/qc.y.orig 2014-04-13 21:13:21.720093215 +0400 ++++ ./src/qc.y 2014-04-13 21:13:35.938332366 +0400 +@@ -2116,7 +2116,7 @@ + + if (Vflag) { + printf(signon, version, sysinfo, year); +- printf(copying); ++ printf("%s", copying); + printf(helpmsg, self); + exit(0); + } +--- ./src/qmparse.y.orig 2014-04-13 21:04:50.440515229 +0400 ++++ ./src/qmparse.y 2014-04-13 21:05:12.791889007 +0400 +@@ -2346,7 +2346,7 @@ + if (!checkbrk) { + printf("\n"); + printf(signon, version, sysinfo, year); +- printf(copying); ++ printf("%s", copying); + } + savepos(); + return clean(); +--- ./src/q.c.orig 2014-04-13 21:03:27.297126251 +0400 ++++ ./src/q.c 2014-04-13 21:04:10.645850139 +0400 +@@ -2228,7 +2228,7 @@ + + if (Vflag) { + printf(signon, version, sysinfo, year); +- printf(copying); ++ printf("%s", copying); + printf(helpmsg, self); + exit(0); + } +@@ -2341,7 +2341,7 @@ + /* sign-on: */ + printf(signon, version, sysinfo, year); + printf("\n"); +- printf(terms); ++ printf("%s", terms); + } + + /* install signal handlers: */ diff --git a/q.spec b/q.spec index 116ba09..1addd6a 100644 --- a/q.spec +++ b/q.spec @@ -1,6 +1,6 @@ Name: q Version: 7.11 -Release: 17%{?dist} +Release: 18%{?dist} Summary: Equational programming language Group: Development/Languages License: GPLv2+ @@ -14,7 +14,8 @@ BuildRequires: which, zlib-devel, libtool-ltdl-devel, automake BuildRequires: autoconf, libtool, gettext-devel Requires(post): /sbin/ldconfig /sbin/install-info Requires(postun): /sbin/ldconfig /sbin/install-info - +# bz#1037264. Upstream support discontinued according to offsite, so nothing send - just add patch in Fedora. +Patch0: q-7.11-format-security.patch %description Q is a powerful and extensible functional programming language based @@ -76,7 +77,7 @@ Requires: libtool %prep %setup -q -#patch0 -p1 -b .AcquireOnePixel +%patch0 -p0 -b .format-security sed -i 's|@libtool@|libtool|' src/Makefile.in rm -fr libltdl* libtool @@ -167,6 +168,10 @@ fi %changelog +* Sun Apr 13 2014 Pavel Alexeev - 7.11-18 +- ImageMagick 6.8.8.10-3 rebuild. +- Add Patch0: q-7.11-format-security.patch to fix FBFS due to -Wformat-security (bz#1037264). + * Fri Aug 2 2013 Ville Skyttä - 7.11-17 - Use special %%doc to install docs.