aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/swish-e-format-security.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/swish-e-format-security.patch')
-rw-r--r--gnu/packages/patches/swish-e-format-security.patch33
1 files changed, 33 insertions, 0 deletions
diff --git a/gnu/packages/patches/swish-e-format-security.patch b/gnu/packages/patches/swish-e-format-security.patch
new file mode 100644
index 0000000000..be9d7cb8a9
--- /dev/null
+++ b/gnu/packages/patches/swish-e-format-security.patch
@@ -0,0 +1,33 @@
+Borrowed from Debian.
+
+--- swish-e-2.4.7/src/parser.c 2009-04-05 03:58:32.000000000 +0200
++++ swish-e-2.4.7/src/parser.c 2013-06-11 13:53:08.196559035 +0200
+@@ -1760,7 +1760,7 @@
+ va_start(args, msg);
+ vsnprintf(str, 1000, msg, args );
+ va_end(args);
+- xmlParserError(parse_data->ctxt, str);
++ xmlParserError(parse_data->ctxt, "%s", str);
+ }
+
+ static void warning(void *data, const char *msg, ...)
+@@ -1772,7 +1772,7 @@
+ va_start(args, msg);
+ vsnprintf(str, 1000, msg, args );
+ va_end(args);
+- xmlParserWarning(parse_data->ctxt, str);
++ xmlParserWarning(parse_data->ctxt, "%s", str);
+ }
+
+
+--- swish-e-2.4.7/src/result_output.c 2009-04-05 03:58:32.000000000 +0200
++++ swish-e-2.4.7/src/result_output.c 2013-06-11 13:53:38.593550825 +0200
+@@ -752,7 +752,7 @@
+ s = (char *) emalloc(MAXWORDLEN + 1);
+ n = strftime(s, (size_t) MAXWORDLEN, fmt, localtime(&(pv->value.v_date)));
+ if (n && f)
+- fprintf(f, s);
++ fprintf(f, "%s", s);
+ efree(s);
+ }
+ break;