[packages/tidy] - fix format string errors

[baggins]

commit 790f35dc7bf44e141aa8651b9c04ce9fdf398809
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Sat Jan 3 22:29:29 2015 +0100

    - fix format string errors

 format-security.patch | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++
 tidy.spec             |  2 ++
 2 files changed, 57 insertions(+)
---
diff --git a/tidy.spec b/tidy.spec
index 54e106e..e7fcead 100644
--- a/tidy.spec
+++ b/tidy.spec
@@ -12,6 +12,7 @@ Group:		Applications/Text
 # tar -cf tidy-20091119.tar tidy;xz -9 -e tidy-20091119.tar
 Source0:	tidy-%{_snap}.tar.xz
 # Source0-md5:	0ca49cf79b4f3d25a080234a0bbf8eee
+Patch0:		format-security.patch
 URL:		http://tidy.sourceforge.net/
 BuildRequires:	autoconf
 BuildRequires:	automake
@@ -57,6 +58,7 @@ Statyczna biblioteka Tidy.
 
 %prep
 %setup -q -n %{name}
+%patch0 -p1
 
 %build
 sh build/gnuauto/setup.sh
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..5fad477
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,55 @@
+--- a/src/localize.c
++++ b/src/localize.c
+@@ -1373,14 +1373,14 @@ void TY_(ReportAccessWarning)( TidyDocImpl* doc, Node* node, uint code )
+ {
+     ctmbstr fmt = GetFormatFromCode(code);
+     doc->badAccess |= BA_WAI;
+-    messageNode( doc, TidyAccess, node, fmt );
++    messageNode( doc, TidyAccess, node, "%s", fmt );
+ }
+ 
+ void TY_(ReportAccessError)( TidyDocImpl* doc, Node* node, uint code )
+ {
+     ctmbstr fmt = GetFormatFromCode(code);
+     doc->badAccess |= BA_WAI;
+-    messageNode( doc, TidyAccess, node, fmt );
++    messageNode( doc, TidyAccess, node, "%s", fmt );
+ }
+ 
+ #endif /* SUPPORT_ACCESSIBILITY_CHECKS */
+@@ -1399,7 +1399,7 @@ void TY_(ReportWarning)(TidyDocImpl* doc, Node *element, Node *node, uint code)
+     switch (code)
+     {
+     case NESTED_QUOTATION:
+-        messageNode(doc, TidyWarning, rpt, fmt);
++        messageNode(doc, TidyWarning, rpt, "%s", fmt);
+         break;
+ 
+     case OBSOLETE_ELEMENT:
+@@ -1480,7 +1480,7 @@ void TY_(ReportError)(TidyDocImpl* doc, Node *element, Node *node, uint code)
+     case INCONSISTENT_NAMESPACE:
+     case DOCTYPE_AFTER_TAGS:
+     case DTYPE_NOT_UPPER_CASE:
+-        messageNode(doc, TidyWarning, rpt, fmt);
++        messageNode(doc, TidyWarning, rpt, "%s", fmt);
+         break;
+ 
+     case COERCE_TO_ENDTAG:
+@@ -1499,7 +1499,7 @@ void TY_(ReportError)(TidyDocImpl* doc, Node *element, Node *node, uint code)
+     case ENCODING_IO_CONFLICT:
+     case MISSING_DOCTYPE:
+     case SPACE_PRECEDING_XMLDECL:
+-        messageNode(doc, TidyWarning, node, fmt);
++        messageNode(doc, TidyWarning, node, "%s", fmt);
+         break;
+ 
+     case TRIM_EMPTY_ELEMENT:
+@@ -1548,7 +1548,7 @@ void TY_(ReportFatal)( TidyDocImpl* doc, Node *element, Node *node, uint code)
+     {
+     case SUSPECTED_MISSING_QUOTE:
+     case DUPLICATE_FRAMESET:
+-        messageNode(doc, TidyError, rpt, fmt);
++        messageNode(doc, TidyError, rpt, "%s", fmt);
+         break;
+ 
+     case UNKNOWN_ELEMENT:
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/tidy.git/commitdiff/790f35dc7bf44e141aa8651b9c04ce9fdf398809