[packages/tidyp] - fix format string errors - rel 2

Mon Apr 6 12:27:56 CEST 2015

commit 62d5c6308d2d6194017731234030258a961c8c8b
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Mon Apr 6 10:27:42 2015 +0000

    - fix format string errors
    - rel 2

 format-security.patch | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++
 tidyp.spec            |  4 +++-
 2 files changed, 58 insertions(+), 1 deletion(-)
---

diff --git a/tidyp.spec b/tidyp.spec
index ef20448..847a0c5 100644
--- a/tidyp.spec
+++ b/tidyp.spec
@@ -6,11 +6,12 @@ Summary:	Clean up and pretty-print HTML/XHTML/XML
 Summary(pl.UTF-8):	Czyszczenie i ładne wypisywanie HTML-a/XHTML-a/XML-a
 Name:		tidyp
 Version:	1.04
-Release:	1
+Release:	2
 License:	W3C
 Group:		Applications/Text
 Source0:	http://github.com/downloads/petdance/tidyp/%{name}-%{version}.tar.gz
 # Source0-md5:	00a6b804f6625221391d010ca37178e1
+Patch0:		format-security.patch
 URL:		http://www.tidyp.com/
 Requires:	libtidyp = %{version}-%{release}
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
@@ -62,6 +63,7 @@ Statyczna biblioteka libtidyp.
 
 %prep
 %setup -q
+%patch0 -p1
 
 # Fix permissions for debuginfo
 chmod -x src/{mappedio.*,version.h}
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..f0a70b1
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,55 @@
+--- tidyp-1.04/src/localize.c~	2010-09-17 02:36:44.000000000 +0000
++++ tidyp-1.04/src/localize.c	2015-04-06 10:26:27.467359594 +0000
+@@ -1351,14 +1351,14 @@
+ {
+     ctmbstr fmt = GetFormatFromCode(code);
+     doc->badAccess |= BA_WAI;
+-    messageNode( doc, TidyAccess, node, fmt );
++    messageNode( doc, TidyAccess, node, "%s", fmt );
+ }
+ 
+ void TY_(ReportAccessError)( TidyDocImpl* doc, Node* node, uint code )
+ {
+     ctmbstr fmt = GetFormatFromCode(code);
+     doc->badAccess |= BA_WAI;
+-    messageNode( doc, TidyAccess, node, fmt );
++    messageNode( doc, TidyAccess, node, "%s", fmt );
+ }
+ 
+ #endif /* SUPPORT_ACCESSIBILITY_CHECKS */
+@@ -1377,7 +1377,7 @@
+     switch (code)
+     {
+     case NESTED_QUOTATION:
+-        messageNode(doc, TidyWarning, rpt, fmt);
++        messageNode(doc, TidyWarning, rpt, "%s", fmt);
+         break;
+ 
+     case OBSOLETE_ELEMENT:
+@@ -1458,7 +1458,7 @@
+     case INCONSISTENT_NAMESPACE:
+     case DOCTYPE_AFTER_TAGS:
+     case DTYPE_NOT_UPPER_CASE:
+-        messageNode(doc, TidyWarning, rpt, fmt);
++        messageNode(doc, TidyWarning, rpt, "%s", fmt);
+         break;
+ 
+     case COERCE_TO_ENDTAG:
+@@ -1477,7 +1477,7 @@
+     case ENCODING_IO_CONFLICT:
+     case MISSING_DOCTYPE:
+     case SPACE_PRECEDING_XMLDECL:
+-        messageNode(doc, TidyWarning, node, fmt);
++        messageNode(doc, TidyWarning, node, "%s", fmt);
+         break;
+ 
+     case TRIM_EMPTY_ELEMENT:
+@@ -1526,7 +1526,7 @@
+     {
+     case SUSPECTED_MISSING_QUOTE:
+     case DUPLICATE_FRAMESET:
+-        messageNode(doc, TidyError, rpt, fmt);
++        messageNode(doc, TidyError, rpt, "%s", fmt);
+         break;
+ 
+     case UNKNOWN_ELEMENT:
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/tidyp.git/commitdiff/62d5c6308d2d6194017731234030258a961c8c8b

