[glade2] use string literals as format strings (#1037088)
Nils Philippsen
nphilipp at fedoraproject.org
Tue Dec 3 10:06:18 UTC 2013
commit db5b48aea1a597a28039e5a3221088e19a54d42a
Author: Nils Philippsen <nils at redhat.com>
Date: Tue Dec 3 11:05:53 2013 +0100
use string literals as format strings (#1037088)
glade-2.12.2-format-security.patch | 33 +++++++++++++++++++++++++++++++++
glade2.spec | 8 +++++++-
2 files changed, 40 insertions(+), 1 deletions(-)
---
diff --git a/glade-2.12.2-format-security.patch b/glade-2.12.2-format-security.patch
new file mode 100644
index 0000000..a7242bb
--- /dev/null
+++ b/glade-2.12.2-format-security.patch
@@ -0,0 +1,33 @@
+diff -up glade-2.12.2/glade/main.c.format-security glade-2.12.2/glade/main.c
+--- glade-2.12.2/glade/main.c.format-security 2007-12-08 23:56:06.000000000 +0100
++++ glade-2.12.2/glade/main.c 2013-12-03 10:44:16.101618735 +0100
+@@ -514,7 +514,7 @@ glade_write_session_files (GnomeClient *
+ error = glade_util_ensure_directory_exists (session_dir_utf8);
+ if (error)
+ {
+- fprintf (stderr, error->message);
++ fprintf (stderr, "%s", error->message);
+ glade_error_free (error);
+ goto out;
+ }
+@@ -525,7 +525,7 @@ glade_write_session_files (GnomeClient *
+ GladeSessionFile = NULL;
+ if (error)
+ {
+- fprintf (stderr, error->message);
++ fprintf (stderr, "%s", error->message);
+ glade_error_free (error);
+ }
+
+diff -up glade-2.12.2/glade/source.c.format-security glade-2.12.2/glade/source.c
+--- glade-2.12.2/glade/source.c.format-security 2007-12-08 23:56:06.000000000 +0100
++++ glade-2.12.2/glade/source.c 2013-12-03 10:46:40.583077353 +0100
+@@ -2454,7 +2454,7 @@ source_ensure_decl (GbWidgetWriteSourceD
+ const gchar *decl)
+ {
+ if (!glade_util_strstr (data->source_buffers[GLADE_DECLARATIONS]->str, decl))
+- source_add_decl (data, decl);
++ source_add_decl (data, "%s", decl);
+ }
+
+
diff --git a/glade2.spec b/glade2.spec
index 7e49c97..434190e 100644
--- a/glade2.spec
+++ b/glade2.spec
@@ -3,13 +3,15 @@
Summary: User Interface Designer for GTK+ 2, legacy version
Name: glade2
Version: 2.12.2
-Release: 16%{?dist}
+Release: 17%{?dist}
License: GPLv2+ and GFDL
URL: http://glade.gnome.org/
Source: http://download.gnome.org/sources/glade/2.12/glade-%{version}.tar.bz2
# Fedora specific patches
Patch0: gnome-i18n.patch
Patch1: gtk-includes.patch
+# https://fedoraproject.org/wiki/Format-Security-FAQ
+Patch2: glade-2.12.2-format-security.patch
Group: Development/Tools
BuildRequires: glib2-devel
@@ -40,6 +42,7 @@ the XML interface description files output by GLADE.
%setup -q -n glade-%{version}
%patch0 -p1 -b .gnome-i18n
%patch1 -p1 -b .gtk-includes
+%patch2 -p1 -b .format-security
# Fix the warnings from desktop-file-install
sed -i 's|Icon=glade-2.png|Icon=glade-2|g' glade-2.desktop.in
@@ -70,6 +73,9 @@ rm -rf $RPM_BUILD_ROOT/var/scrollkeeper
%{_bindir}/*
%changelog
+* Tue Dec 03 2013 Nils Philippsen <nils at redhat.com> - 2.12.2-17
+- use string literals as format strings (#1037088)
+
* Thu Aug 15 2013 Nils Philippsen <nils at redhat.com> - 2.12.2-16
- don't require bonobo-activation-devel for building (#992382)
More information about the scm-commits
mailing list