[packages/dx] - fix format string errors - rel 15
baggins
baggins at pld-linux.org
Tue Jun 11 13:47:46 CEST 2013
commit 1798cd757234c546b4d4a797f7edeb5523638ea2
Author: Jan Rękorajski <baggins at pld-linux.org>
Date: Tue Jun 11 13:47:25 2013 +0200
- fix format string errors
- rel 15
dx.spec | 4 +-
format-security.patch | 237 ++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 240 insertions(+), 1 deletion(-)
---
diff --git a/dx.spec b/dx.spec
index 7fdd773..ed00fdd 100644
--- a/dx.spec
+++ b/dx.spec
@@ -2,7 +2,7 @@ Summary: Excellent tool for making visualization of data
Summary(pl.UTF-8): Doskonałe narzędzie do wizualizacji danych
Name: dx
Version: 4.4.4
-Release: 14
+Release: 15
License: IPL
Group: Applications
Source0: http://opendx.npaci.edu/source/%{name}-%{version}.tar.gz
@@ -19,6 +19,7 @@ Patch5: %{name}-ac.patch
Patch6: %{name}-ImageMagic.patch
Patch7: %{name}-open.patch
Patch8: %{name}-gcc43.patch
+Patch9: format-security.patch
URL: http://www.opendx.org/
BuildRequires: ImageMagick-devel >= 1:6.2.4.0
BuildRequires: OpenGL-devel
@@ -124,6 +125,7 @@ Przykłady dla OpenDX.
%patch6 -p1
%patch7 -p1
%patch8 -p1
+%patch9 -p1
%build
%{__libtoolize}
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..c578d7d
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,237 @@
+--- dx-4.4.4/src/exec/dxmods/colormap.c~ 2002-03-21 18:09:58.000000000 +0100
++++ dx-4.4.4/src/exec/dxmods/colormap.c 2013-06-11 13:12:13.350684052 +0200
+@@ -1167,7 +1167,7 @@
+ if (!ei.msgbuf)
+ return ERROR;
+ ei.mp = ei.msgbuf;
+- sprintf(ei.mp,name); while(*ei.mp) ei.mp++;
++ sprintf(ei.mp,"%s",name); while(*ei.mp) ei.mp++;
+ sprintf(ei.mp, "NULL");
+ DXUIMessage(id,ei.msgbuf);
+ DXFree(ei.msgbuf);
+@@ -1186,7 +1186,7 @@
+ ei.mp = ei.msgbuf;
+ shape[0]=2;
+ strcpy(ei.mp,"");
+- sprintf(ei.mp,name); while(*ei.mp) ei.mp++;
++ sprintf(ei.mp,"%s",name); while(*ei.mp) ei.mp++;
+ if (num==1){
+ sprintf(ei.mp,"{"); ei.mp++;
+ }
+--- dx-4.4.4/src/exec/dxmods/exp_gai.c~ 2000-08-24 22:04:29.000000000 +0200
++++ dx-4.4.4/src/exec/dxmods/exp_gai.c 2013-06-11 13:18:31.964648585 +0200
+@@ -422,7 +422,7 @@
+ if (first == ON)
+ first = OFF;
+ else
+- fprintf(h->dfp,del);
++ fprintf(h->dfp,"%s",del);
+ if (blank == ON)
+ pblank(arinfo,h);
+ else
+@@ -439,7 +439,7 @@
+ if (first == ON)
+ first = OFF;
+ else
+- fprintf(h->dfp,del);
++ fprintf(h->dfp,"%s",del);
+ if (blank == ON)
+ pblank(arinfo,h);
+ else
+@@ -456,7 +456,7 @@
+ if (first == ON)
+ first = OFF;
+ else
+- fprintf(h->dfp,del);
++ fprintf(h->dfp,"%s",del);
+ if (blank == ON)
+ pblank(arinfo,h);
+ else
+@@ -473,7 +473,7 @@
+ if (first == ON)
+ first = OFF;
+ else
+- fprintf(h->dfp,del);
++ fprintf(h->dfp,"%s",del);
+ if (blank == ON)
+ pblank(arinfo,h);
+ else
+@@ -490,7 +490,7 @@
+ if (first == ON)
+ first = OFF;
+ else
+- fprintf(h->dfp,del);
++ fprintf(h->dfp,"%s",del);
+ if (blank == ON)
+ pblank(arinfo,h);
+ else
+@@ -507,7 +507,7 @@
+ if (first == ON)
+ first = OFF;
+ else
+- fprintf(h->dfp,del);
++ fprintf(h->dfp,"%s",del);
+ if (blank == ON)
+ pblank(arinfo,h);
+ else
+@@ -524,7 +524,7 @@
+ if (first == ON)
+ first = OFF;
+ else
+- fprintf(h->dfp,del);
++ fprintf(h->dfp,"%s",del);
+ if (blank == ON)
+ pblank(arinfo,h);
+ else
+@@ -541,7 +541,7 @@
+ if (first == ON)
+ first = OFF;
+ else
+- fprintf(h->dfp,del);
++ fprintf(h->dfp,"%s",del);
+ if (blank == ON)
+ pblank(arinfo,h);
+ else
+@@ -554,7 +554,7 @@
+ arinfo->last,scratch);
+ arinfo->last = (Pointer)nextstr;
+ if (first == OFF)
+- fprintf(h->dfp,del);
++ fprintf(h->dfp,"%s",del);
+ if (blank == ON)
+ pblank(arinfo,h);
+ else {
+@@ -830,7 +830,7 @@
+ if (rank > 0) {
+ for (i=0; i<shape[0]; i++){
+ if (i > 0)
+- fprintf(h->dfp,del);
++ fprintf(h->dfp,"%s",del);
+ fprintf(h->dfp,"positions_cmp%d",i);
+ }
+ }
+@@ -845,13 +845,13 @@
+ !strcmp("positions",depon) && strcmp("invalid positions",name)
+ && strcmp("positions",name) ) {
+ if (first == OFF)
+- fprintf(h->dfp,del);
++ fprintf(h->dfp,"%s",del);
+ DXGetArrayInfo((Array)a,NULL,&type,NULL,&rank,shape);
+ /* dim = (rank < 1) ? 1 : shape[0]; */
+ if (type != TYPE_STRING && rank > 0 && shape[0] > 1) {
+ cmp = (char *)DXAllocate(strlen(name)+6);
+ for (j=0; j<shape[0]; j++) {
+- if (j > 0) fprintf(h->dfp, del);
++ if (j > 0) fprintf(h->dfp,"%s", del);
+ sprintf(cmp,"%s_cmp%d",name,j);
+ pstring(h->dfp,0,0,0,cmp);
+ }
+--- dx-4.4.4/src/exec/dpexec/dxmain.c~ 2006-05-08 18:20:03.000000000 +0200
++++ dx-4.4.4/src/exec/dpexec/dxmain.c 2013-06-11 13:23:52.217999584 +0200
+@@ -2129,7 +2129,7 @@
+ if ((SFILEisatty(yyin) || (_dxd_exRshInput && yyin == _dxd_exBaseFD)) &&
+ !prompted && _dxf_ExGQAllDone() && !SFILECharReady(yyin)) {
+ prompt = _dxf_ExPromptGet(PROMPT_ID_PROMPT);
+- printf (prompt? prompt: EX_PROMPT);
++ printf ("%s",prompt? prompt: EX_PROMPT);
+ fflush (stdout);
+ prompted = TRUE;
+ }
+@@ -2305,7 +2305,7 @@
+ _dxf_ExGQAllDone ())\
+ {\
+ prompt = _dxf_ExPromptGet (PROMPT_ID_PROMPT);\
+- printf (prompt ? prompt : EX_PROMPT);\
++ printf ("%s",prompt ? prompt : EX_PROMPT);\
+ fflush (stdout);\
+ prompted = TRUE;\
+ }\
+--- dx-4.4.4/src/exec/dpexec/lex.c~ 2006-01-09 23:57:34.000000000 +0100
++++ dx-4.4.4/src/exec/dpexec/lex.c 2013-06-11 13:24:53.625308550 +0200
+@@ -648,7 +648,7 @@
+ if ((_dxd_exIsatty || _dxd_exRshInput) && !SFILECharReady(yyin))
+ {
+ prompt = _dxf_ExPromptGet(PROMPT_ID_CPROMPT);
+- printf (prompt? prompt: EX_CPROMPT);
++ printf ("%s",prompt? prompt: EX_CPROMPT);
+ fflush (stdout);
+ }
+ break;
+--- dx-4.4.4/src/uipp/dxuilib/DXApplication.C~ 2013-06-11 13:08:39.031771731 +0200
++++ dx-4.4.4/src/uipp/dxuilib/DXApplication.C 2013-06-11 13:27:50.373831329 +0200
+@@ -2553,7 +2553,7 @@
+ const char* errmsg =
+ GraphLayout::SetHeightPerLevel (DXApplication::resource.autoLayoutHeight);
+ if (errmsg) {
+- fprintf (stderr, errmsg);
++ fprintf (stderr, "%s", errmsg);
+ return FALSE;
+ }
+ }
+@@ -2561,7 +2561,7 @@
+ const char* errmsg =
+ GraphLayout::SetGroupSpacing (DXApplication::resource.autoLayoutGroupSpacing);
+ if (errmsg) {
+- fprintf (stderr, errmsg);
++ fprintf (stderr, "%s", errmsg);
+ return FALSE;
+ }
+ }
+@@ -2569,7 +2569,7 @@
+ const char* errmsg =
+ GraphLayout::SetNodeSpacing (DXApplication::resource.autoLayoutNodeSpacing);
+ if (errmsg) {
+- fprintf (stderr, errmsg);
++ fprintf (stderr, "%s", errmsg);
+ return FALSE;
+ }
+ }
+@@ -3787,7 +3787,7 @@
+ if (this->anchor)
+ InfoMessage(msg);
+ else
+- fprintf(stderr,msg);
++ fprintf(stderr,"%s",msg);
+
+ return NULL;
+ }
+@@ -5019,7 +5019,7 @@
+ fprintf (stderr, "Attempting to save any modified files.\n"
+ "Please check saved files for integrity by reloading them.\n");
+ theDXApplication->emergencySave (msg);
+- fprintf (stderr, msg);
++ fprintf (stderr, "%s", msg);
+ }
+
+ fprintf(stderr,"The application will now abort.\n");
+@@ -5035,7 +5035,7 @@
+ if (theDXApplication) {
+ char msg[4096];
+ this->emergencySave(msg);
+- fprintf(stderr, msg);
++ fprintf(stderr, "%s", msg);
+ }
+
+ this->IBMApplication::abortApplication();
+--- dx-4.4.4/src/uipp/dxl/conn.c~ 2006-05-08 18:20:08.000000000 +0200
++++ dx-4.4.4/src/uipp/dxl/conn.c 2013-06-11 13:30:02.578553195 +0200
+@@ -389,7 +389,7 @@
+ char buf[2048];
+ int n = read(err,buf,2048);
+ buf[n] = '\0';
+- fprintf(stderr,buf);
++ fprintf(stderr,"%s",buf);
+ }
+ #if defined(intelnt) || defined(WIN32)
+ TerminateProcess(child, -1);
+--- dx-4.4.4/src/uipp/dxui/SelectionNode.C~ 2002-03-25 17:42:08.000000000 +0100
++++ dx-4.4.4/src/uipp/dxui/SelectionNode.C 2013-06-11 13:31:19.139357071 +0200
+@@ -960,7 +960,7 @@
+ ListIterator it(selection_stmts);
+ char* cp;
+ while ( (cp = (char*)it.getNext()) ) {
+- fprintf (jf, cp);
++ fprintf (jf, "%s", cp);
+ delete cp;
+ }
+ }
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/dx.git/commitdiff/1798cd757234c546b4d4a797f7edeb5523638ea2
More information about the pld-cvs-commit
mailing list