From 8b0ff8b96c676802abe2efee4466919229a28a6a Mon Sep 17 00:00:00 2001
From: Jakub Dorňák <jdornak@redhat.com>
Date: Dec 12 2013 13:12:34 +0000
Subject: format-security

Resolves: #1037209
---

diff --git a/mysql-connector-odbc-format-security.patch b/mysql-connector-odbc-format-security.patch
new file mode 100644
index 0000000..247ef1d
--- /dev/null
+++ b/mysql-connector-odbc-format-security.patch
@@ -0,0 +1,24 @@
+diff --recursive -up mysql-connector-odbc-5.2.5-src.orig/dltest/dltest.c mysql-connector-odbc-5.2.5-src/dltest/dltest.c
+--- mysql-connector-odbc-5.2.5-src.orig/dltest/dltest.c	2013-04-04 15:53:56.000000000 +0200
++++ mysql-connector-odbc-5.2.5-src/dltest/dltest.c	2013-12-12 13:26:29.809956222 +0100
+@@ -84,7 +84,7 @@ int main( int argc, char *argv[] )
+ 
+   if ( argc < 2 )
+   {
+-      printf( szSyntax );
++      printf( "%s", szSyntax );
+       exit( 1 );
+   }
+ 
+diff --recursive -up mysql-connector-odbc-5.2.5-src.orig/installer/myodbc3i.c mysql-connector-odbc-5.2.5-src/installer/myodbc3i.c
+--- mysql-connector-odbc-5.2.5-src.orig/installer/myodbc3i.c	2013-04-04 15:53:56.000000000 +0200
++++ mysql-connector-odbc-5.2.5-src/installer/myodbc3i.c	2013-12-12 13:53:13.351374480 +0100
+@@ -148,7 +148,7 @@ void action_usage()
+ 
+ void main_usage()
+ {
+-  fprintf(stderr, usage);
++  fprintf(stderr, "%s", usage);
+ }
+ 
+ 
diff --git a/mysql-connector-odbc.spec b/mysql-connector-odbc.spec
index 1ed282a..6d15fac 100644
--- a/mysql-connector-odbc.spec
+++ b/mysql-connector-odbc.spec
@@ -1,7 +1,7 @@
 Summary: ODBC driver for MySQL
 Name: mysql-connector-odbc
 Version: 5.2.5
-Release: 3%{?dist}
+Release: 4%{?dist}
 Group: System Environment/Libraries
 URL: http://dev.mysql.com/downloads/connector/odbc/
 # exceptions allow library to be linked with most open source SW,
@@ -32,6 +32,7 @@ Patch7: myodbc-libdir.patch
 Patch8: mysql-connector-odbc-buffsize.patch
 Patch9: mysql-connector-odbc-cleartext.patch
 Patch10: mysql-connector-odbc-cond.patch
+Patch11: mysql-connector-odbc-format-security.patch
 
 BuildRequires: mysql-devel unixODBC-devel
 BuildRequires: cmake
@@ -55,6 +56,7 @@ tar xfz %{SOURCE1}
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 
 %build
 # mysql 5.5.10 has stopped #define'ing THREAD in its exports, and has
@@ -101,6 +103,10 @@ rm -rf $RPM_BUILD_ROOT/usr/test
 %{_libdir}/lib*so
 
 %changelog
+* Thu Dec 12 2013 Jakub Dorňák <jdornak@redhat.com> - 5.2.5-4
+- format-security
+  Resolves: #1037209
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.2.5-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild