From a633ba34a41f2c5d243744ca7c506ebdabe597d9 Mon Sep 17 00:00:00 2001
From: Christopher Meng <i@cicku.me>
Date: Fri, 24 Jan 2014 16:17:57 +0800
Subject: Fix GCC format security check issue(Thanks to Dhiru Kholia).

---
 bwm-ng-0.6-format-security.patch | 22 ++++++++++++++++++++++
 bwm-ng.spec                      | 11 ++++++++---
 2 files changed, 30 insertions(+), 3 deletions(-)
 create mode 100644 bwm-ng-0.6-format-security.patch

diff --git a/bwm-ng-0.6-format-security.patch b/bwm-ng-0.6-format-security.patch
new file mode 100644
index 0000000..89a67bb
--- /dev/null
+++ b/bwm-ng-0.6-format-security.patch
@@ -0,0 +1,22 @@
+--- a/src/output.c	
++++ a/src/output.c	
+@@ -223,8 +223,8 @@ int print_header(int option) {
+ 		        fprintf(tmp_out_file,"<title>bwm-ng stats</title>\n</head>\n<body>\n");
+ 			}
+ 	        fprintf(tmp_out_file,"<div class=\"bwm-ng-header\">bwm-ng bwm-ng v" VERSION " (refresh %is); input: ",html_refresh);
+-            fprintf(tmp_out_file,input2str());
+-            fprintf(tmp_out_file,show_all_if2str());
++            fprintf(tmp_out_file,"%s",input2str());
++            fprintf(tmp_out_file,"%s",show_all_if2str());
+ 	        fprintf(tmp_out_file,"</div><table class=\"bwm-ng-output\">");
+ 			fprintf(tmp_out_file,"<tr class=\"bwm-ng-head\"><td class=\"bwm-ng-name\">Interface</td><td>Rx</td><td>Tx</td><td>Total</td></tr>");
+ 			break;
+@@ -234,7 +234,7 @@ int print_header(int option) {
+ 			if (output_method==PLAIN_OUT && ansi_output) printf("\033[1;2H");
+ 	        printf("bwm-ng v" VERSION " (delay %2.3fs); ",(float)delay/1000);
+ 			if (output_method==PLAIN_OUT) printf("press 'ctrl-c' to end this%s",(ansi_output ? "\033[2;2H" : "")); else printf("input: ");
+-            printf(input2str());
++            printf("%s", input2str());
+             printf("%s\n",show_all_if2str());
+ 			if (output_method==PLAIN_OUT) {
+ 				if (ansi_output)
diff --git a/bwm-ng.spec b/bwm-ng.spec
index 01134da..751c756 100644
--- a/bwm-ng.spec
+++ b/bwm-ng.spec
@@ -1,15 +1,16 @@
 Name:           bwm-ng
 Version:        0.6
-Release:        13%{?dist}
+Release:        14%{?dist}
 Summary:        Bandwidth Monitor NG
 License:        GPLv2+
 URL:            http://www.volker-gropp.de/?id=projects&sub=bwm-ng
 Source0:        http://www.volker-gropp.de/bwm-ng/%{name}-%{version}.tar.gz
 Source1:        bwm-ng.conf
-Requires:       hostname
-Requires:       procps
+Patch0:         bwm-ng-0.6-format-security.patch
 BuildRequires:  libstatgrab-devel
 BuildRequires:  ncurses-devel
+Requires:       hostname
+Requires:       procps
 
 %description
 A small and simple console-based live network and disk io bandwidth monitor.
@@ -26,6 +27,7 @@ Features:
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 %configure --enable-64bit \
@@ -54,6 +56,9 @@ install -pDm644 bwm-ng.1 %{buildroot}%{_mandir}/man1/bwm-ng.1
 %{_mandir}/man1/bwm-ng.1*
 
 %changelog
+* Fri Jan 03 2014 Christopher Meng <rpm@cicku.me> - 0.6-14
+- Fix gcc dumb security check issue.
+
 * Sun Oct 13 2013 Ralf Corsépius <corsepiu@fedoraproject.org> - 0.6-13
 - Fix spec-file corruption caused by previous patch.
 - Rebuild for libstatgrab.
-- 
cgit