[packages/libgda3] - fix format string errors
baggins
baggins at pld-linux.org
Sat Nov 30 22:31:19 CET 2013
commit 00eee7f273d4e9f1b6ad62481779458df3276448
Author: Jan Rękorajski <baggins at pld-linux.org>
Date: Sat Nov 30 22:30:32 2013 +0100
- fix format string errors
format-security.patch | 310 ++++++++++++++++++++++++++++++++++++++++++++++++++
libgda3.spec | 2 +
2 files changed, 312 insertions(+)
---
diff --git a/libgda3.spec b/libgda3.spec
index 5f86b0e..5943b27 100644
--- a/libgda3.spec
+++ b/libgda3.spec
@@ -35,6 +35,7 @@ Source0: http://ftp.gnome.org/pub/gnome/sources/libgda/3.1/libgda-%{version}.tar
Patch0: %{name}-configure.patch
Patch1: %{name}-am.patch
Patch2: glib232.patch
+Patch3: format-security.patch
URL: http://www.gnome-db.org/
%{?with_firebird:BuildRequires: Firebird-devel}
BuildRequires: autoconf >= 2.59
@@ -272,6 +273,7 @@ Pakiet dostarczający dane z xBase (dBase, Clippera, FoxPro) dla GDA.
%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
%if %{without gamin}
sed -i -e 's#PKG_CHECK_MODULES(GAMIN.*)#have_fam=no#g' configure.in
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..b0af7c0
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,310 @@
+--- /libgda-3.1.5/libgda/sqlite/virtual/gda-vconnection-data-model.c~ 2008-07-20 11:51:22.000000000 +0200
++++ /libgda-3.1.5/libgda/sqlite/virtual/gda-vconnection-data-model.c 2013-11-30 22:15:05.063893169 +0100
+@@ -242,7 +242,7 @@
+ rc = sqlite3_exec (scnc->connection, str, NULL, 0, &zErrMsg);
+ g_free (str);
+ if (rc != SQLITE_OK) {
+- g_set_error (error, 0, 0, g_strdup (zErrMsg));
++ g_set_error (error, 0, 0, "%s", g_strdup (zErrMsg));
+ sqlite3_free (zErrMsg);
+ gda_vconnection_data_model_table_data_free (td);
+ cnc->priv->table_data_list = g_slist_remove (cnc->priv->table_data_list, td);
+@@ -303,7 +303,7 @@
+ g_free (str);
+
+ if (rc != SQLITE_OK) {
+- g_set_error (error, 0, 0, g_strdup (zErrMsg));
++ g_set_error (error, 0, 0, "%s", g_strdup (zErrMsg));
+ sqlite3_free (zErrMsg);
+ return FALSE;
+ }
+--- /libgda-3.1.5/libgda/sqlite/gda-sqlite-provider.c~ 2013-11-30 22:13:45.023125651 +0100
++++ /libgda-3.1.5/libgda/sqlite/gda-sqlite-provider.c 2013-11-30 22:16:40.384890339 +0100
+@@ -1032,7 +1032,7 @@
+ g_free (filename);
+
+ if (errmsg != SQLITE_OK) {
+- g_set_error (error, 0, 0, sqlite3_errmsg (scnc->connection));
++ g_set_error (error, 0, 0, "%s", sqlite3_errmsg (scnc->connection));
+ retval = FALSE;
+ }
+ gda_sqlite_free_cnc (scnc);
+@@ -1058,7 +1058,7 @@
+ g_free (tmp);
+
+ if (g_unlink (filename)) {
+- g_set_error (error, 0, 0,
++ g_set_error (error, 0, 0, "%s",
+ sys_errlist [errno]);
+ retval = FALSE;
+ }
+--- /libgda-3.1.5/libgda/sql-delimiter/gda-sql-delimiter.c~ 2008-07-20 11:51:22.000000000 +0200
++++ /libgda-3.1.5/libgda/sql-delimiter/gda-sql-delimiter.c 2013-11-30 22:17:32.765454196 +0100
+@@ -60,7 +60,7 @@
+ g_set_error (gda_sql_error, 0, 0, _("Parse error near `%s'"), gda_delimitertext);
+ else if (!strcmp (string, "syntax error"))
+ g_set_error (gda_sql_error, 0, 0, _("Syntax error near `%s'"), gda_delimitertext);
+- else g_set_error (gda_sql_error, 0, 0, string);
++ else g_set_error (gda_sql_error, 0, 0, "%s", string);
+ }
+ }
+ else
+--- /libgda-3.1.5/libgda/gda-connection.c~ 2008-07-20 11:51:23.000000000 +0200
++++ /libgda-3.1.5/libgda/gda-connection.c 2013-11-30 22:18:40.019508054 +0100
+@@ -540,7 +540,7 @@
+ event = GDA_CONNECTION_EVENT (l->data);
+ if (gda_connection_event_get_event_type (event) == GDA_CONNECTION_EVENT_ERROR) {
+ if (error && !(*error))
+- g_set_error (error, GDA_CONNECTION_ERROR, GDA_CONNECTION_OPEN_ERROR,
++ g_set_error (error, GDA_CONNECTION_ERROR, GDA_CONNECTION_OPEN_ERROR, "%s",
+ gda_connection_event_get_description (event));
+ gda_client_notify_error_event (cnc->priv->client, cnc,
+ GDA_CONNECTION_EVENT (l->data));
+@@ -1200,7 +1200,7 @@
+ while (events && !has_error) {
+ if (gda_connection_event_get_event_type (GDA_CONNECTION_EVENT (events->data)) ==
+ GDA_CONNECTION_EVENT_ERROR) {
+- g_set_error (error, GDA_CONNECTION_ERROR, GDA_CONNECTION_EXECUTE_COMMAND_ERROR,
++ g_set_error (error, GDA_CONNECTION_ERROR, GDA_CONNECTION_EXECUTE_COMMAND_ERROR, "%s",
+ gda_connection_event_get_description (GDA_CONNECTION_EVENT (events->data)));
+ has_error = TRUE;
+ }
+--- /libgda-3.1.5/libgda/gda-data-model-bdb.c~ 2008-07-20 11:51:23.000000000 +0200
++++ /libgda-3.1.5/libgda/gda-data-model-bdb.c 2013-11-30 22:19:02.359746578 +0100
+@@ -216,7 +216,7 @@
+ {
+ GError *error = NULL;
+
+- g_set_error (&error, 0, 0, err);
++ g_set_error (&error, 0, 0, "%s", err);
+ g_print ("ADD_ERROR (%s)\n", err);
+ model->priv->errors = g_slist_append (model->priv->errors, error);
+ }
+--- /libgda-3.1.5/libgda/gda-data-model-dir.c~ 2013-11-30 22:13:45.019792285 +0100
++++ /libgda-3.1.5/libgda/gda-data-model-dir.c 2013-11-30 22:21:11.304449215 +0100
+@@ -250,7 +250,7 @@
+ {
+ GError *error = NULL;
+
+- g_set_error (&error, 0, 0, err);
++ g_set_error (&error, 0, 0, "%s", err);
+ g_print ("ADD_ERROR (%s)\n", err);
+ model->priv->errors = g_slist_append (model->priv->errors, error);
+ }
+@@ -929,7 +929,7 @@
+ str = g_strdup_printf (_("Row %d out of range 0 - %d"), row,
+ imodel->priv->rows->len - 1);
+ add_error (imodel, str);
+- g_set_error (error, 0, 0, str);
++ g_set_error (error, 0, 0, "%s", str);
+ g_free (str);
+ return FALSE;
+ }
+@@ -1006,7 +1006,7 @@
+ str = g_strdup_printf (_("Could not rename file '%s' to '%s'"),
+ filename, new_filename);
+ add_error (imodel, str);
+- g_set_error (error, 0, 0, str);
++ g_set_error (error, 0, 0, "%s", str);
+ g_free (str);
+ g_free (new_filename);
+ g_free (filename);
+@@ -1029,7 +1029,7 @@
+ gchar *str;
+ str = g_strdup_printf (_("Could not create directory '%s'"), new_path);
+ add_error (imodel, str);
+- g_set_error (error, 0, 0, str);
++ g_set_error (error, 0, 0, "%s", str);
+ g_free (str);
+ g_free (old_path);
+ return FALSE;
+@@ -1049,7 +1049,7 @@
+ gchar *str;
+ str = g_strdup_printf (_("Could not rename file '%s' to '%s'"), filename, new_filename);
+ add_error (imodel, str);
+- g_set_error (error, 0, 0, str);
++ g_set_error (error, 0, 0, "%s", str);
+ g_free (str);
+ g_free (new_filename);
+ g_free (filename);
+@@ -1098,7 +1098,7 @@
+ gchar *str;
+ str = g_strdup_printf (_("Could not overwrite contents of file '%s'"), filename);
+ add_error (imodel, str);
+- g_set_error (error, 0, 0, str);
++ g_set_error (error, 0, 0, "%s", str);
+ g_free (str);
+ g_object_unref (op);
+ g_free (filename);
+@@ -1230,7 +1230,7 @@
+ gchar *str;
+ str = g_strdup_printf (_("Cannot set contents of filename '%s'"), complete_filename);
+ add_error (imodel, str);
+- g_set_error (error, 0, 0, str);
++ g_set_error (error, 0, 0, "%s", str);
+ g_free (str);
+ if (bin_to_free)
+ g_free (bin_data);
+@@ -1241,7 +1241,7 @@
+ gchar *str;
+ str = g_strdup_printf (_("Cannot create directory '%s'"), dirname);
+ add_error (imodel, str);
+- g_set_error (error, 0, 0, str);
++ g_set_error (error, 0, 0, "%s", str);
+ g_free (str);
+ return -1;
+ }
+@@ -1272,7 +1272,7 @@
+ str = g_strdup_printf (_("Row %d out of range 0 - %d"), row,
+ imodel->priv->rows->len - 1);
+ add_error (imodel, str);
+- g_set_error (error, 0, 0, str);
++ g_set_error (error, 0, 0, "%s", str);
+ g_free (str);
+ return FALSE;
+ }
+@@ -1288,7 +1288,7 @@
+ gchar *str;
+ str = g_strdup_printf (_("Cannot remove file '%s'"), filename);
+ add_error (imodel, str);
+- g_set_error (error, 0, 0, str);
++ g_set_error (error, 0, 0, "%s", str);
+ g_free (str);
+ g_free (filename);
+ return FALSE;
+--- /libgda-3.1.5/libgda/gda-data-model-import.c~ 2008-07-20 11:51:23.000000000 +0200
++++ /libgda-3.1.5/libgda/gda-data-model-import.c 2013-11-30 22:21:33.504683758 +0100
+@@ -1734,7 +1734,7 @@
+ {
+ GError *error = NULL;
+
+- g_set_error (&error, 0, 0, err);
++ g_set_error (&error, 0, 0, "%s", err);
+ model->priv->errors = g_slist_append (model->priv->errors, error);
+ }
+
+--- /libgda-3.1.5/libgda/gda-parameter-list.c~ 2008-07-20 11:51:23.000000000 +0200
++++ /libgda-3.1.5/libgda/gda-parameter-list.c 2013-11-30 22:22:53.398858452 +0100
+@@ -579,7 +579,7 @@
+ errors = gda_data_model_import_get_errors (GDA_DATA_MODEL_IMPORT (model));
+ if (errors) {
+ GError *err = (GError *) errors->data;
+- g_set_error (error, 0, 0, err->message);
++ g_set_error (error, 0, 0, "%s", err->message);
+ g_object_unref (model);
+ model = NULL;
+ allok = FALSE;
+@@ -803,7 +803,7 @@
+ /* parameters' values, sources, constraints: TODO */
+
+ xmlDocDumpFormatMemory(doc, &xmlbuff, &buffersize, 1);
+- g_print ((gchar *) xmlbuff);
++ g_print ("%s", (gchar *) xmlbuff);
+
+ xmlFreeDoc(doc);
+ return (gchar *) xmlbuff;
+--- /libgda-3.1.5/libgda/gda-query.c~ 2008-07-20 11:51:23.000000000 +0200
++++ /libgda-3.1.5/libgda/gda-query.c 2013-11-30 22:23:47.282756947 +0100
+@@ -2826,7 +2826,7 @@
+ if ((gda_connection_event_get_event_type (GDA_CONNECTION_EVENT (list->data)) ==
+ GDA_CONNECTION_EVENT_ERROR) &&
+ !g_list_find (errors_before, list->data))
+- g_set_error (error, GDA_QUERY_ERROR, GDA_QUERY_EXEC_ERROR,
++ g_set_error (error, GDA_QUERY_ERROR, GDA_QUERY_EXEC_ERROR, "%s",
+ gda_connection_event_get_description (GDA_CONNECTION_EVENT (list->data)));
+ }
+ if (errors_before)
+@@ -4359,7 +4359,7 @@
+ errors = gda_data_model_import_get_errors (GDA_DATA_MODEL_IMPORT (model));
+ if (errors) {
+ GError *err = (GError *) errors->data;
+- g_set_error (error, 0, 0, err->message);
++ g_set_error (error, 0, 0, "%s", err->message);
+ g_object_unref (model);
+ model = NULL;
+ return FALSE;
+--- /libgda-3.1.5/libgda/gda-query-field-value.c~ 2008-07-20 11:51:23.000000000 +0200
++++ /libgda-3.1.5/libgda/gda-query-field-value.c 2013-11-30 22:24:26.649835416 +0100
+@@ -1474,7 +1474,7 @@
+ g_set_error (error,
+ GDA_QUERY_FIELD_VALUE_ERROR,
+ GDA_QUERY_FIELD_VALUE_RENDER_ERROR,
+- str);
++ "%s", str);
+ g_free (str);
+
+ /*g_print ("Param %p (%s) is invalid!\n", param_source,
+--- /libgda-3.1.5/providers/mysql/gda-mysql-provider.c~ 2008-07-20 11:51:16.000000000 +0200
++++ /libgda-3.1.5/providers/mysql/gda-mysql-provider.c 2013-11-30 22:26:15.987641260 +0100
+@@ -282,7 +282,7 @@
+
+
+ if (!mysql_ret) {
+- g_set_error (error, 0, 0, mysql_error (mysql));
++ g_set_error (error, 0, 0, "%s", mysql_error (mysql));
+ g_free (mysql);
+ return NULL;
+ }
+@@ -767,7 +767,7 @@
+ g_free (sql);
+
+ if (res) {
+- g_set_error (error, 0, 0, mysql_error (mysql));
++ g_set_error (error, 0, 0, "%s", mysql_error (mysql));
+ mysql_close (mysql);
+ return FALSE;
+ }
+--- /libgda-3.1.5/providers/mysql/gda-mysql-recordset.c~ 2008-07-20 11:51:16.000000000 +0200
++++ /libgda-3.1.5/providers/mysql/gda-mysql-recordset.c 2013-11-30 22:27:20.854980814 +0100
+@@ -314,7 +314,7 @@
+ str = g_strdup_printf (_("Row number out of range 0 - %d"),
+ priv_data->mysql_res_rows - 1);
+ gda_connection_add_event_string (priv_data->cnc, str);
+- g_set_error (error, 0, 0, str);
++ g_set_error (error, 0, 0, "%s", str);
+ g_free (str);
+
+ return NULL;
+@@ -829,7 +829,7 @@
+ if (rc != 0) {
+ GdaConnectionEvent *event = gda_mysql_make_error (mysql);
+ gda_connection_add_event (priv_data->cnc, event);
+- g_set_error (error, 0, 0,
++ g_set_error (error, 0, 0, "%s",
+ gda_connection_event_get_description (event));
+ return FALSE;
+ }
+--- /libgda-3.1.5/providers/postgres/gda-postgres-provider.c~ 2008-07-20 11:51:16.000000000 +0200
++++ /libgda-3.1.5/providers/postgres/gda-postgres-provider.c 2013-11-30 22:28:06.188783192 +0100
+@@ -1063,7 +1063,7 @@
+ g_string_free (string, TRUE);
+
+ if (PQstatus (pconn) != CONNECTION_OK) {
+- g_set_error (error, 0, 0, PQerrorMessage (pconn));
++ g_set_error (error, 0, 0, "%s", PQerrorMessage (pconn));
+ PQfinish(pconn);
+
+ return FALSE;
+@@ -1077,7 +1077,7 @@
+ pg_res = gda_postgres_PQexec_wrap (cnc, pconn, sql);
+ g_free (sql);
+ if (!pg_res || PQresultStatus (pg_res) != PGRES_COMMAND_OK) {
+- g_set_error (error, 0, 0, PQresultErrorMessage (pg_res));
++ g_set_error (error, 0, 0, "%s", PQresultErrorMessage (pg_res));
+ PQfinish (pconn);
+ return FALSE;
+ }
+--- /libgda-3.1.5/tools/gda-config-tool.c~ 2008-07-20 11:51:14.000000000 +0200
++++ /libgda-3.1.5/tools/gda-config-tool.c 2013-11-30 22:29:03.256038954 +0100
+@@ -1402,9 +1402,9 @@
+ const char *paramInDsn = "DSN parameters:";
+
+ g_print ("Provider name: %s\n", info->id);
+- g_print (desc);
++ g_print ("%s", desc);
+ pretty_print (info->description, strlen (desc));
+- g_print (paramInDsn);
++ g_print ("%s", paramInDsn);
+ str = g_string_new (NULL);
+ if (info->gda_params)
+ g_slist_foreach (info->gda_params->parameters, add_param_name_to_string, str);
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/libgda3.git/commitdiff/1ec2b37e29934f8cd08b401b8a42fe5d1eceddb8
More information about the pld-cvs-commit
mailing list