[gnomeradio] Fixed FTBFS bug #1037094

Tue May 6 12:27:49 UTC 2014

commit 23e37688a91ab7ea514b3f0731c6848fe6508dd2
Author: Paulo Roma Cavalcanti <promac at gmail.com>
Date:   Tue May 6 09:27:15 2014 -0300

    Fixed FTBFS bug #1037094

 gnomeradio.spec                |   32 +++++++++++++++++++-------------
 hardening-format-security.diff |   33 +++++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+), 13 deletions(-)
---

diff --git a/gnomeradio.spec b/gnomeradio.spec
index 22cbe87..a4194a2 100644
--- a/gnomeradio.spec
+++ b/gnomeradio.spec
@@ -1,7 +1,7 @@
 Summary: Graphical FM-Tuner program for GNOME
 Name: gnomeradio
 Version: 1.8
-Release: 22%{?dist}
+Release: 23%{?dist}
 License: GPLv2+
 Group: Applications/Multimedia
 URL: http://projects.gnome.org/gnomeradio/
@@ -9,17 +9,18 @@ Source0: http://www.wh-hms.uni-ulm.de/~mfcn/gnomeradio/packages/%{name}-%{versio
 Source1: gnomeradio.sh
 Patch0: %{name}-v4l2.patch
 Patch1: %{name}-ld.patch
+Patch2: hardening-format-security.diff
 # http://git.gnome.org/browse/gnomeradio/commit/?id=7694c70f99731724dad64444484d070ff760db89
-Patch2: %{name}-crash.patch
-Patch3: %{name}-gnome-3.0.patch
-Patch4: %{name}-gtk.patch
+Patch3: %{name}-crash.patch
+Patch4: %{name}-gnome-3.0.patch
+Patch5: %{name}-gtk.patch
 # This removes the libgnomeui and uses only gtk functionality.
 # With this patch, we can build this code against gtk3. It launches
 # but I do not have a radio card, so I couldn't get very far with it.
 # ~spot 2011-04-25
-Patch5: %{name}-1.8-nogtk2.patch
-Patch6: %{name}-1.8-gui.patch
-Patch7: %{name}-1.8-expose-event.patch
+Patch6: %{name}-1.8-nogtk2.patch
+Patch7: %{name}-1.8-gui.patch
+Patch8: %{name}-1.8-expose-event.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: desktop-file-utils
 BuildRequires: dbus-glib-devel
@@ -49,12 +50,13 @@ Ogg files.
 %setup -q
 %patch0 -p1 -b .v4l2
 %patch1 -p1 -b .ld
-%patch2 -p1 -b .crash
-%patch3 -p1 -b .gnome-3.0
-%patch4 -p1 -b .gtk
-%patch5 -p1 -b .nogtk2
-%patch6 -p1 -b .gui.patch
-%patch7 -p1 -b .expose-event
+%patch2 -p1 -b .format-security
+%patch3 -p1 -b .crash
+%patch4 -p1 -b .gnome-3.0
+%patch5 -p1 -b .gtk
+%patch6 -p1 -b .nogtk2
+%patch7 -p1 -b .gui.patch
+%patch8 -p1 -b .expose-event
 %{__install} -m 755 %{SOURCE1} .
 
 %build
@@ -129,6 +131,10 @@ scrollkeeper-update -q || :
 %{_datadir}/icons/hicolor/scalable/apps/%{name}.svg
 
 %changelog
+* Tue May 06 2014 Paulo Roma <roma at lcg.ufrj.br> - 1.8-23
+- Applied hardening-format-security patch: bug #1037094
+- http://ftp.de.debian.org/debian/pool/main/g/gnomeradio/gnomeradio_1.8-2.debian.tar.gz
+
 * Thu Sep 12 2013 Paulo Roma <roma at lcg.ufrj.br> - 1.8-22
 - Applied gnomeradio-1.8-expose-event.patch and
   gnomeradio-1.8-gui.patch
diff --git a/hardening-format-security.diff b/hardening-format-security.diff
new file mode 100644
index 0000000..1a31fa6
--- /dev/null
+++ b/hardening-format-security.diff
@@ -0,0 +1,33 @@
+diff -ruN -x '*.png' -x '*.jpg' -x '*.ogg' -x '*_image_archive' ../orig/gnomeradio-1.8/src/gui.c ./src/gui.c
+--- ../orig/gnomeradio-1.8/src/gui.c	2008-09-13 17:49:07.000000000 +0200
++++ ./src/gui.c	2011-09-30 08:28:03.000000000 +0200
+@@ -171,7 +171,7 @@
+ 					g_list_length(data.stations));
+ 			
+ 			dialog = gtk_message_dialog_new(GTK_WINDOW(app), DIALOG_FLAGS, GTK_MESSAGE_QUESTION,
+-					GTK_BUTTONS_YES_NO, text);
++					GTK_BUTTONS_YES_NO, "%s", text);
+ 			g_free(text);
+ 			
+ 			int response = gtk_dialog_run(GTK_DIALOG(dialog));
+@@ -784,7 +784,7 @@
+ 	{
+ 		GtkWidget *dialog;
+ 		dialog = gtk_message_dialog_new(NULL, DIALOG_FLAGS, GTK_MESSAGE_ERROR, GTK_BUTTONS_OK,
+-				error->message);
++				"%s", error->message);
+ 		gtk_dialog_run (GTK_DIALOG (dialog));
+ 		gtk_widget_destroy (dialog);
+ 		g_error_free (error);
+@@ -1209,9 +1209,9 @@
+ 	g_assert(text);
+ 	
+ 	dialog = gtk_message_dialog_new(NULL, DIALOG_FLAGS, type, GTK_BUTTONS_CLOSE,
+-			text);
++			"%s", text);
+ 	if (details) {
+-		gtk_message_dialog_format_secondary_text(GTK_MESSAGE_DIALOG(dialog), details);
++		gtk_message_dialog_format_secondary_text(GTK_MESSAGE_DIALOG(dialog), "%s", details);
+ 	}
+ 	gtk_dialog_run(GTK_DIALOG (dialog));
+ 	gtk_widget_destroy(dialog);
