[packages/tidyp] - fix format string errors - rel 2
baggins
baggins at pld-linux.org
Mon Apr 6 12:27:56 CEST 2015
commit 62d5c6308d2d6194017731234030258a961c8c8b
Author: Jan Rękorajski <baggins at pld-linux.org>
Date: Mon Apr 6 10:27:42 2015 +0000
- fix format string errors
- rel 2
format-security.patch | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++
tidyp.spec | 4 +++-
2 files changed, 58 insertions(+), 1 deletion(-)
---
diff --git a/tidyp.spec b/tidyp.spec
index ef20448..847a0c5 100644
--- a/tidyp.spec
+++ b/tidyp.spec
@@ -6,11 +6,12 @@ Summary: Clean up and pretty-print HTML/XHTML/XML
Summary(pl.UTF-8): Czyszczenie i ładne wypisywanie HTML-a/XHTML-a/XML-a
Name: tidyp
Version: 1.04
-Release: 1
+Release: 2
License: W3C
Group: Applications/Text
Source0: http://github.com/downloads/petdance/tidyp/%{name}-%{version}.tar.gz
# Source0-md5: 00a6b804f6625221391d010ca37178e1
+Patch0: format-security.patch
URL: http://www.tidyp.com/
Requires: libtidyp = %{version}-%{release}
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
@@ -62,6 +63,7 @@ Statyczna biblioteka libtidyp.
%prep
%setup -q
+%patch0 -p1
# Fix permissions for debuginfo
chmod -x src/{mappedio.*,version.h}
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..f0a70b1
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,55 @@
+--- tidyp-1.04/src/localize.c~ 2010-09-17 02:36:44.000000000 +0000
++++ tidyp-1.04/src/localize.c 2015-04-06 10:26:27.467359594 +0000
+@@ -1351,14 +1351,14 @@
+ {
+ ctmbstr fmt = GetFormatFromCode(code);
+ doc->badAccess |= BA_WAI;
+- messageNode( doc, TidyAccess, node, fmt );
++ messageNode( doc, TidyAccess, node, "%s", fmt );
+ }
+
+ void TY_(ReportAccessError)( TidyDocImpl* doc, Node* node, uint code )
+ {
+ ctmbstr fmt = GetFormatFromCode(code);
+ doc->badAccess |= BA_WAI;
+- messageNode( doc, TidyAccess, node, fmt );
++ messageNode( doc, TidyAccess, node, "%s", fmt );
+ }
+
+ #endif /* SUPPORT_ACCESSIBILITY_CHECKS */
+@@ -1377,7 +1377,7 @@
+ switch (code)
+ {
+ case NESTED_QUOTATION:
+- messageNode(doc, TidyWarning, rpt, fmt);
++ messageNode(doc, TidyWarning, rpt, "%s", fmt);
+ break;
+
+ case OBSOLETE_ELEMENT:
+@@ -1458,7 +1458,7 @@
+ case INCONSISTENT_NAMESPACE:
+ case DOCTYPE_AFTER_TAGS:
+ case DTYPE_NOT_UPPER_CASE:
+- messageNode(doc, TidyWarning, rpt, fmt);
++ messageNode(doc, TidyWarning, rpt, "%s", fmt);
+ break;
+
+ case COERCE_TO_ENDTAG:
+@@ -1477,7 +1477,7 @@
+ case ENCODING_IO_CONFLICT:
+ case MISSING_DOCTYPE:
+ case SPACE_PRECEDING_XMLDECL:
+- messageNode(doc, TidyWarning, node, fmt);
++ messageNode(doc, TidyWarning, node, "%s", fmt);
+ break;
+
+ case TRIM_EMPTY_ELEMENT:
+@@ -1526,7 +1526,7 @@
+ {
+ case SUSPECTED_MISSING_QUOTE:
+ case DUPLICATE_FRAMESET:
+- messageNode(doc, TidyError, rpt, fmt);
++ messageNode(doc, TidyError, rpt, "%s", fmt);
+ break;
+
+ case UNKNOWN_ELEMENT:
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/tidyp.git/commitdiff/62d5c6308d2d6194017731234030258a961c8c8b
More information about the pld-cvs-commit
mailing list