[qalculate-gtk] Fix format-security build error

Tue Feb 25 04:32:36 UTC 2014

commit 8f16ec39ada0c693d4783a9f85c656f27ddac378
Author: Deji Akingunola <dakingun at gmail.com>
Date:   Mon Feb 24 23:33:27 2014 -0500

    Fix format-security build error

 qalculate-gtk.spec               |   12 ++++----
 qalculate-wformat-security.patch |   48 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 6 deletions(-)
---

diff --git a/qalculate-gtk.spec b/qalculate-gtk.spec
index 262cf91..73e1ec9 100644
--- a/qalculate-gtk.spec
+++ b/qalculate-gtk.spec
@@ -1,13 +1,13 @@
 Summary:	A multi-purpose desktop calculator for GNU/Linux
 Name:		qalculate-gtk
 Version:	0.9.7
-Release:	8%{?dist}
+Release:	9%{?dist}
 License:	GPLv2+
 Group:		Applications/Engineering
 URL:		http://qalculate.sourceforge.net/
 Source0:	http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 Patch0:		qalculate-gtk-desktop.patch
-BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Patch1:		qalculate-wformat-security.patch
 BuildRequires:	libgnome-devel, libglade2-devel, libgnomeui-devel
 BuildRequires:	libqalculate-devel
 BuildRequires:	gettext, desktop-file-utils, scrollkeeper
@@ -23,13 +23,13 @@ This package provides a (GTK+) graphical interface for Qalculate!
 %prep
 %setup -q
 %patch0 -p0 -b .desktop
+%patch1 -p0 -b .fmt
 
 %build
 %configure 
 make %{?_smp_mflags}
 										
 %install
-rm -rf %{buildroot}
 make DESTDIR=%{buildroot} install
 
 desktop-file-install --delete-original			\
@@ -44,9 +44,6 @@ desktop-file-install --delete-original			\
 %find_lang qalculate-gtk
 rm -rf %{buildroot}/%{_bindir}/qalculate
 
-%clean
-rm -rf %{buildroot}
-
 %files -f qalculate-gtk.lang
 %defattr(-, root, root, -)
 %doc AUTHORS ChangeLog COPYING TODO
@@ -62,6 +59,9 @@ rm -rf %{buildroot}
 %{_datadir}/qalculate-gtk/
 
 %changelog
+* Mon Feb 24 2014 Deji Akingunola <dakingun at gmail.com> - 0.9.7-9
+- Apply the Debian patch to fix the format-security build error (Bug 1037265)
+
 * Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.7-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 
diff --git a/qalculate-wformat-security.patch b/qalculate-wformat-security.patch
new file mode 100644
index 0000000..6ba17ed
--- /dev/null
+++ b/qalculate-wformat-security.patch
@@ -0,0 +1,48 @@
+Description: Fix compiling with -Werror=format-security.
+ Prevents format string attacks.
+Author: Simon Ruderich <simon at ruderich.org>
+Last-Update: 2013-05-23
+
+--- qalculate-gtk-0.9.7.orig/src/callbacks.cc
++++ qalculate-gtk-0.9.7/src/callbacks.cc
+@@ -388,12 +388,12 @@ void wrap_expression_selection() {
+ }
+ 
+ void show_message(const gchar *text, GtkWidget *win) {
+-	GtkWidget *edialog = gtk_message_dialog_new(GTK_WINDOW(win), GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR, GTK_BUTTONS_CLOSE, text);
++	GtkWidget *edialog = gtk_message_dialog_new(GTK_WINDOW(win), GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR, GTK_BUTTONS_CLOSE, "%s", text);
+ 	gtk_dialog_run(GTK_DIALOG(edialog));
+ 	gtk_widget_destroy(edialog);
+ }
+ bool ask_question(const gchar *text, GtkWidget *win) {
+-	GtkWidget *edialog = gtk_message_dialog_new(GTK_WINDOW(win), GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR, GTK_BUTTONS_YES_NO, text);
++	GtkWidget *edialog = gtk_message_dialog_new(GTK_WINDOW(win), GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR, GTK_BUTTONS_YES_NO, "%s", text);
+ 	int question_answer = gtk_dialog_run(GTK_DIALOG(edialog));
+ 	gtk_widget_destroy(edialog);
+ 	return question_answer == GTK_RESPONSE_YES;
+@@ -654,7 +654,7 @@ void display_errors(GtkTextIter *iter =
+ 					GTK_DIALOG_DESTROY_WITH_PARENT,
+ 					GTK_MESSAGE_INFO,
+ 					GTK_BUTTONS_CLOSE,
+-					CALCULATOR->message()->message().c_str());
++					"%s", CALCULATOR->message()->message().c_str());
+ 			gtk_dialog_run(GTK_DIALOG(edialog));
+ 			gtk_widget_destroy(edialog);
+ 		}
+@@ -667,14 +667,14 @@ void display_errors(GtkTextIter *iter =
+ 					GTK_DIALOG_DESTROY_WITH_PARENT,
+ 					GTK_MESSAGE_ERROR,
+ 					GTK_BUTTONS_CLOSE,
+-					str.c_str());
++					"%s", str.c_str());
+ 		} else {
+ 			edialog = gtk_message_dialog_new(
+ 					GTK_WINDOW(win),
+ 					GTK_DIALOG_DESTROY_WITH_PARENT,
+ 					GTK_MESSAGE_WARNING,
+ 					GTK_BUTTONS_CLOSE,
+-					str.c_str());
++					"%s", str.c_str());
+ 		}
+ 
+ 		gtk_dialog_run(GTK_DIALOG(edialog));
