From: "Andreas Sturmlechner" <asturm@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: media-libs/allegro/files/, media-libs/allegro/
Date: Tue, 21 Aug 2018 14:57:53 +0000 (UTC) [thread overview]
Message-ID: <1534863440.56bbd26eb8317298c6dd431d3ac9f6e1cff458ce.asturm@gentoo> (raw)
commit: 56bbd26eb8317298c6dd431d3ac9f6e1cff458ce
Author: Azamat H. Hackimov <azamat.hackimov <AT> gmail <DOT> com>
AuthorDate: Thu May 24 22:41:10 2018 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Tue Aug 21 14:57:20 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56bbd26e
media-libs/allegro: fix format-security error
Combined patch taken from Fedora Project
(https://src.fedoraproject.org/rpms/allegro/tree/master)
Fixes #540470
Closes: https://bugs.gentoo.org/540470
Package-Manager: Portage-2.3.24, Repoman-2.3.6
media-libs/allegro/allegro-4.4.2-r1.ebuild | 1 +
.../allegro-4.4.2-Werror-format-security.patch | 107 +++++++++++++++++++++
2 files changed, 108 insertions(+)
diff --git a/media-libs/allegro/allegro-4.4.2-r1.ebuild b/media-libs/allegro/allegro-4.4.2-r1.ebuild
index fff77ed7e25..06ed3de8d26 100644
--- a/media-libs/allegro/allegro-4.4.2-r1.ebuild
+++ b/media-libs/allegro/allegro-4.4.2-r1.ebuild
@@ -44,6 +44,7 @@ PATCHES=(
"${FILESDIR}"/${P}-underlink.patch
"${FILESDIR}"/${P}-gentoo.patch
"${FILESDIR}"/${P}-rpath.patch
+ "${FILESDIR}"/${P}-Werror-format-security.patch # bug 540470
)
src_prepare() {
diff --git a/media-libs/allegro/files/allegro-4.4.2-Werror-format-security.patch b/media-libs/allegro/files/allegro-4.4.2-Werror-format-security.patch
new file mode 100644
index 00000000000..b3b0bc30b34
--- /dev/null
+++ b/media-libs/allegro/files/allegro-4.4.2-Werror-format-security.patch
@@ -0,0 +1,107 @@
+diff -up allegro-4.4.2/src/unix/umodules.c~ allegro-4.4.2/src/unix/umodules.c
+--- allegro-4.4.2/src/unix/umodules.c~ 2011-05-13 10:11:33.000000000 +0200
++++ allegro-4.4.2/src/unix/umodules.c 2017-03-15 14:42:39.822612368 +0100
+@@ -126,11 +126,11 @@ void _unix_load_modules(int system_drive
+ continue;
+
+ if (!fullpath_slash) {
+- snprintf(fullpath, sizeof fullpath, filename);
++ snprintf(fullpath, sizeof fullpath, "%s", filename);
+ fullpath[(sizeof fullpath) - 1] = 0;
+ }
+ else {
+- snprintf(fullpath_slash+1, (sizeof fullpath) - (fullpath_slash - fullpath) - 1, filename);
++ snprintf(fullpath_slash+1, (sizeof fullpath) - (fullpath_slash - fullpath) - 1, "%s", filename);
+ fullpath[(sizeof fullpath) - 1] = 0;
+ }
+
+diff -up allegro-4.4.2/src/linux/ljoy.c~ allegro-4.4.2/src/linux/ljoy.c
+--- allegro-4.4.2/src/linux/ljoy.c~ 2010-02-20 06:18:16.000000000 +0100
++++ allegro-4.4.2/src/linux/ljoy.c 2017-03-15 14:52:28.474215615 +0100
+@@ -93,7 +93,7 @@ static int joy_init(void)
+
+ if (ioctl(joy_fd[i], JSIOCGVERSION, &raw_version) < 0) {
+ /* NOTE: IOCTL fails if the joystick API is version 0.x */
+- uszprintf(allegro_error, ALLEGRO_ERROR_SIZE, get_config_text("Your Linux joystick API is version 0.x which is unsupported."));
++ uszprintf(allegro_error, ALLEGRO_ERROR_SIZE, "%s", get_config_text("Your Linux joystick API is version 0.x which is unsupported."));
+ return -1;
+ }
+
+diff -up allegro-4.4.2/examples/extrans2.c~ allegro-4.4.2/examples/extrans2.c
+--- allegro-4.4.2/examples/extrans2.c~ 2008-01-30 11:56:50.000000000 +0100
++++ allegro-4.4.2/examples/extrans2.c 2017-03-15 15:43:03.494831521 +0100
+@@ -211,7 +211,7 @@ int main(int argc, char **argv)
+ } else {
+ msg = "no flipping";
+ }
+- textprintf_ex(buffer, font, 1, 1, makecol(255, 255, 255), -1, msg);
++ textprintf_ex(buffer, font, 1, 1, makecol(255, 255, 255), -1, "%s", msg);
+
+ /* finally blit the back buffer on the screen */
+ blit(buffer, screen, 0, 0, 0, 0, buffer->w, buffer->h);
+diff -up allegro-4.4.2/setup/setup.c~ allegro-4.4.2/setup/setup.c
+--- allegro-4.4.2/setup/setup.c~ 2010-05-23 18:05:33.000000000 +0200
++++ allegro-4.4.2/setup/setup.c 2017-03-15 16:13:42.243136380 +0100
+@@ -1163,7 +1163,7 @@ static void plot_joystick_state(BITMAP *
+ textprintf_ex(bmp, font, SCREEN_W/2-96, SCREEN_H/2-60+c*20, -1, -1, uconvert_ascii("%s (%d/%d)", tmp),
+ joystick_driver->name, i+1, num_joysticks);
+ else
+- textprintf_ex(bmp, font, SCREEN_W/2-96, SCREEN_H/2-60+c*20, -1, -1, joystick_driver->name);
++ textprintf_ex(bmp, font, SCREEN_W/2-96, SCREEN_H/2-60+c*20, -1, -1, "%s", joystick_driver->name);
+ c++;
+ }
+
+@@ -2879,7 +2879,7 @@ int main(void)
+ alert(uconvert_ascii("Error loading " SETUP_DATA_FILE, tmp1), NULL, NULL, uconvert_ascii("OK", tmp2), NULL, 13, 0);
+ #else
+ set_gfx_mode(GFX_TEXT, 0, 0, 0, 0);
+- allegro_message(uconvert_ascii("Error loading " SETUP_DATA_FILE "\n", tmp1));
++ allegro_message("%s", uconvert_ascii("Error loading " SETUP_DATA_FILE "\n", tmp1));
+ #endif
+ return 1;
+ }
+diff -up allegro-4.4.2/examples/exkeys.c~ allegro-4.4.2/examples/exkeys.c
+--- allegro-4.4.2/examples/exkeys.c~ 2008-01-10 20:46:00.000000000 +0100
++++ allegro-4.4.2/examples/exkeys.c 2017-03-15 16:17:30.268545467 +0100
+@@ -193,7 +193,7 @@ int main(void)
+ if (key_shifts & KB_NUMLOCK_FLAG) strcat(buf, " num");
+ if (key_shifts & KB_SCROLOCK_FLAG) strcat(buf, " scrl");
+ scroll();
+- textprintf_ex(screen, font, 8, SCREEN_H-16, makecol(0, 0, 0), makecol(255, 255, 255), buf);
++ textprintf_ex(screen, font, 8, SCREEN_H-16, makecol(0, 0, 0), makecol(255, 255, 255), "%s", buf);
+ } while (k != 27);
+
+ /* various scan codes are defined in allegro.h as KEY_* constants */
+@@ -234,7 +234,7 @@ int main(void)
+ if (key[KEY_8]) buf[8] = '8'; else buf[8] = ' ';
+ if (key[KEY_9]) buf[9] = '9'; else buf[9] = ' ';
+ buf[10] = 0;
+- textprintf_ex(screen, font, 8, SCREEN_H-16, makecol(0, 0, 0), makecol(255, 255, 255), buf);
++ textprintf_ex(screen, font, 8, SCREEN_H-16, makecol(0, 0, 0), makecol(255, 255, 255), "%s", buf);
+ rest(1);
+ } while (!keypressed() || (readkey() >> 8) != KEY_ESC);
+
+diff -up allegro-4.4.2/tests/play.c~ allegro-4.4.2/tests/play.c
+--- allegro-4.4.2/tests/play.c~ 2005-03-19 12:15:07.000000000 +0100
++++ allegro-4.4.2/tests/play.c 2017-03-15 16:35:18.628156496 +0100
+@@ -74,7 +74,7 @@ void usage(void)
+
+ strcat(msg, "\nIf you don't specify the card, Allegro will auto-detect (ie. guess :-)\n");
+
+- allegro_message(msg);
++ allegro_message("%s", msg);
+ free(msg);
+ }
+
+diff -up allegro-4.2.3/tools/pack.c~ allegro-4.2.3/tools/pack.c
+--- allegro-4.2.3/tools/pack.c~ 2006-05-20 16:49:58.000000000 +0200
++++ allegro-4.2.3/tools/pack.c 2010-12-30 11:20:42.425231307 +0100
+@@ -42,7 +42,7 @@ static void err(char *s1, char *s2)
+ printf(": %s", s1);
+
+ if (s2)
+- printf(s2);
++ printf("%s", s2);
+
+ printf("\n");
+
next reply other threads:[~2018-08-21 14:58 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-21 14:57 Andreas Sturmlechner [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-07-16 22:26 [gentoo-commits] repo/gentoo:master commit in: media-libs/allegro/files/, media-libs/allegro/ Andreas Sturmlechner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1534863440.56bbd26eb8317298c6dd431d3ac9f6e1cff458ce.asturm@gentoo \
--to=asturm@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox