rpms/dia/FC-4 dia-0.94-rh192699.patch,1.1,1.2 dia.spec,1.33,1.34
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue May 23 12:29:48 UTC 2006
Author: caolanm
Update of /cvs/dist/rpms/dia/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv4357
Modified Files:
dia-0.94-rh192699.patch dia.spec
Log Message:
CVE-2006-2453
dia-0.94-rh192699.patch:
app/.#filedlg.c |only
app/app_procs.c | 10 +++++-----
app/app_procs.c~ |only
app/display.c | 10 +++-------
app/display.c~ |only
app/filedlg.c | 18 +++++++-----------
app/filedlg.c~ |only
app/interface.c | 2 +-
app/interface.c~ |only
app/load_save.c | 2 +-
app/load_save.c~ |only
app/sheets.c | 2 +-
app/sheets.c~ |only
lib/dia_image.c | 2 +-
lib/dia_image.c~ |only
lib/message.c | 2 +-
log |only
plug-ins/python/diamodule.c | 6 +++---
plug-ins/python/diamodule.c~ |only
plug-ins/python/pydia-error.c | 2 +-
plug-ins/python/pydia-error.c~ |only
plug-ins/wmf/wmf.cpp | 2 +-
plug-ins/wmf/wmf.cpp~ |only
23 files changed, 25 insertions(+), 33 deletions(-)
Index: dia-0.94-rh192699.patch
===================================================================
RCS file: /cvs/dist/rpms/dia/FC-4/dia-0.94-rh192699.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- dia-0.94-rh192699.patch 23 May 2006 08:02:21 -0000 1.1
+++ dia-0.94-rh192699.patch 23 May 2006 12:29:45 -0000 1.2
@@ -1,5 +1,188 @@
---- lib/message.c
-+++ lib/message.c
+Only in dia-0.95/app: .#filedlg.c
+diff -ur dia-0.95.orig/app/app_procs.c dia-0.95/app/app_procs.c
+--- dia-0.95.orig/app/app_procs.c 2006-02-27 22:29:02.000000000 +0100
++++ dia-0.95/app/app_procs.c 2006-05-22 22:22:37.000000000 +0200
+@@ -1175,7 +1175,7 @@
+ # endif
+ if (!g_option_context_parse (context, &argc, &argv, &error)) {
+ if (error) { /* IMO !error here is a bug upstream, triggered with --gdk-debug=updates */
+- g_print (error->message);
++ g_print ("%s", error->message);
+ g_error_free (error);
+ } else {
+ g_print ("Invalid option?");
+@@ -1273,22 +1273,22 @@
+
+ g_print(_("The original author of Dia was:\n\n"));
+ for (i = 0; i < NUMBER_OF_ORIG_AUTHORS; i++) {
+- g_print(authors[i]); g_print("\n");
++ g_print("%s\n", authors[i]);
+ }
+
+ g_print(_("\nThe current maintainers of Dia are:\n\n"));
+ for (i = NUMBER_OF_ORIG_AUTHORS; i < NUMBER_OF_ORIG_AUTHORS + NUMBER_OF_MAINTAINERS; i++) {
+- g_print(authors[i]); g_print("\n");
++ g_print("%s\n", authors[i]);
+ }
+
+ g_print(_("\nOther authors are:\n\n"));
+ for (i = NUMBER_OF_ORIG_AUTHORS + NUMBER_OF_MAINTAINERS; i < nauthors; i++) {
+- g_print(authors[i]); g_print("\n");
++ g_print("%s\n", authors[i]);
+ }
+
+ g_print(_("\nDia is documented by:\n\n"));
+ for (i = 0; i < ndocumentors; i++) {
+- g_print(documentors[i]); g_print("\n");
++ g_print("%s\n", documentors[i]);
+ }
+
+ exit(0);
+Only in dia-0.95/app: app_procs.c~
+diff -ur dia-0.95.orig/app/display.c dia-0.95/app/display.c
+--- dia-0.95.orig/app/display.c 2006-03-20 22:24:26.000000000 +0100
++++ dia-0.95/app/display.c 2006-05-23 09:39:40.000000000 +0200
+@@ -1119,7 +1119,6 @@
+ Diagram *dia;
+ GtkWidget *dialog, *button;
+ gchar *fname;
+- gchar *msg;
+
+ g_return_if_fail(ddisp != NULL);
+
+@@ -1134,10 +1133,6 @@
+ fname = dia->filename;
+ if (!fname)
+ fname = _("<unnamed>");
+- msg = g_strdup_printf (
+- _("The diagram '%s'\n"
+- "has not been saved. Save changes now?"),
+- fname);
+
+ dialog = gtk_message_dialog_new(GTK_WINDOW (ddisp->shell),
+ GTK_DIALOG_MODAL,
+@@ -1145,8 +1140,9 @@
+ GTK_BUTTONS_NONE, /* no standard buttons */
+ _("Closing diagram without saving"),
+ NULL);
+- gtk_message_dialog_format_secondary_text(GTK_MESSAGE_DIALOG(dialog), msg);
+- g_free (msg);
++ gtk_message_dialog_format_secondary_text(GTK_MESSAGE_DIALOG(dialog),
++ _("The diagram '%s'\n"
++ "has not been saved. Save changes now?"), fname);
+ gtk_window_set_title (GTK_WINDOW(dialog), _("Close Diagram"));
+
+ button = gtk_button_new_from_stock (GTK_STOCK_CANCEL);
+Only in dia-0.95/app: display.c~
+diff -ur dia-0.95.orig/app/filedlg.c dia-0.95/app/filedlg.c
+--- dia-0.95.orig/app/filedlg.c 2006-02-05 14:42:09.000000000 +0100
++++ dia-0.95/app/filedlg.c 2006-05-23 09:41:29.000000000 +0200
+@@ -299,7 +299,6 @@
+
+ if (stat(filename, &stat_struct) == 0) {
+ GtkWidget *dialog = NULL;
+- char buffer[300];
+ char *utf8filename = NULL;
+ if (!g_utf8_validate(filename, -1, NULL)) {
+ utf8filename = g_filename_to_utf8(filename, -1, NULL, NULL, NULL);
+@@ -310,16 +309,15 @@
+ }
+ if (utf8filename == NULL) utf8filename = g_strdup(filename);
+
+- g_snprintf(buffer, 300,
+- _("The file '%s' already exists.\n"
+- "Do you want to overwrite it?"), utf8filename);
+- g_free(utf8filename);
+
+ dialog = gtk_message_dialog_new (GTK_WINDOW(fs),
+ GTK_DIALOG_MODAL, GTK_MESSAGE_QUESTION,
+ GTK_BUTTONS_YES_NO,
+ _("File already exists"));
+- gtk_message_dialog_format_secondary_text(GTK_MESSAGE_DIALOG(dialog), buffer);
++ gtk_message_dialog_format_secondary_text(GTK_MESSAGE_DIALOG(dialog),
++ _("The file '%s' already exists.\n"
++ "Do you want to overwrite it?"), utf8filename);
++ g_free(utf8filename);
+ gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_YES);
+
+ if (gtk_dialog_run (GTK_DIALOG (dialog)) != GTK_RESPONSE_YES) {
+@@ -552,17 +550,15 @@
+
+ if (stat(filename, &statbuf) == 0) {
+ GtkWidget *dialog = NULL;
+- char buffer[300];
+
+- g_snprintf(buffer, 300,
+- _("The file '%s' already exists.\n"
+- "Do you want to overwrite it?"), dia_message_filename(filename));
+ dialog = gtk_message_dialog_new (GTK_WINDOW(fs),
+ GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT,
+ GTK_MESSAGE_QUESTION,
+ GTK_BUTTONS_YES_NO,
+ _("File already exists"));
+- gtk_message_dialog_format_secondary_text(GTK_MESSAGE_DIALOG(dialog), buffer);
++ gtk_message_dialog_format_secondary_text(GTK_MESSAGE_DIALOG(dialog),
++ _("The file '%s' already exists.\n"
++ "Do you want to overwrite it?"), dia_message_filename(filename));
+ gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_YES);
+
+ if (gtk_dialog_run (GTK_DIALOG (dialog)) != GTK_RESPONSE_YES) {
+Only in dia-0.95/app: filedlg.c~
+diff -ur dia-0.95.orig/app/interface.c dia-0.95/app/interface.c
+--- dia-0.95.orig/app/interface.c 2006-05-22 22:23:52.000000000 +0200
++++ dia-0.95/app/interface.c 2006-05-22 21:59:00.000000000 +0200
+@@ -914,7 +914,7 @@
+ {
+ Sheet *sheet = get_sheet_by_name(string);
+ if (sheet == NULL) {
+- message_warning(g_strdup_printf(_("No sheet named %s"), string));
++ message_warning(_("No sheet named %s"), string);
+ } else {
+ persistence_set_string("last-sheet-selected", string);
+ fill_sheet_wbox(sheet);
+Only in dia-0.95/app: interface.c~
+diff -ur dia-0.95.orig/app/load_save.c dia-0.95/app/load_save.c
+--- dia-0.95.orig/app/load_save.c 2006-02-11 23:48:06.000000000 +0100
++++ dia-0.95/app/load_save.c 2006-05-22 21:57:39.000000000 +0200
+@@ -200,7 +200,7 @@
+ g_hash_table_foreach(unknown_hash,
+ GHFuncUnknownObjects,
+ unknown_str);
+- message_error(unknown_str->str);
++ message_error("%s", unknown_str->str);
+ }
+ g_hash_table_destroy(unknown_hash);
+ g_string_free(unknown_str, TRUE);
+Only in dia-0.95/app: load_save.c~
+diff -ur dia-0.95.orig/app/sheets.c dia-0.95/app/sheets.c
+--- dia-0.95.orig/app/sheets.c 2006-02-26 10:52:32.000000000 +0100
++++ dia-0.95/app/sheets.c 2006-05-22 21:56:44.000000000 +0200
+@@ -340,7 +340,7 @@
+ gdk_pixbuf_render_pixmap_and_mask(pixbuf, pixmap, mask, 1.0);
+ gdk_pixbuf_unref(pixbuf);
+ } else {
+- message_warning (error->message);
++ message_warning ("%s", error->message);
+ g_error_free (error);
+ *pixmap = gdk_pixmap_colormap_create_from_xpm_d
+ (NULL,
+Only in dia-0.95/app: sheets.c~
+diff -ur dia-0.95.orig/lib/dia_image.c dia-0.95/lib/dia_image.c
+--- dia-0.95.orig/lib/dia_image.c 2005-11-03 23:22:03.000000000 +0100
++++ dia-0.95/lib/dia_image.c 2006-05-22 22:06:26.000000000 +0200
+@@ -92,7 +92,7 @@
+ * only if there is something else wrong while loading it.
+ */
+ if (g_file_test(filename, G_FILE_TEST_EXISTS))
+- g_warning (error->message);
++ g_warning ("%s", error->message);
+ g_error_free (error);
+ return NULL;
+ }
+Only in dia-0.95/lib: dia_image.c~
+diff -ur dia-0.95.orig/lib/message.c dia-0.95/lib/message.c
+--- dia-0.95.orig/lib/message.c 2006-05-22 22:24:18.000000000 +0200
++++ dia-0.95/lib/message.c 2006-05-22 21:55:02.000000000 +0200
@@ -86,7 +86,7 @@
0, /* GtkDialogFlags */
type,
@@ -9,3 +192,49 @@
if (title) {
gchar *real_title;
+Only in dia-0.95: log
+diff -ur dia-0.95.orig/plug-ins/python/diamodule.c dia-0.95/plug-ins/python/diamodule.c
+--- dia-0.95.orig/plug-ins/python/diamodule.c 2005-08-29 07:17:51.000000000 +0200
++++ dia-0.95/plug-ins/python/diamodule.c 2006-05-22 22:04:37.000000000 +0200
+@@ -393,11 +393,11 @@
+ return NULL;
+
+ if (0 == type)
+- message_notice (text);
++ message_notice ("%s", text);
+ else if (1 == type)
+- message_warning (text);
++ message_warning ("%s", text);
+ else
+- message_error (text);
++ message_error ("%s", text);
+
+ Py_INCREF(Py_None);
+ return Py_None;
+Only in dia-0.95/plug-ins/python: diamodule.c~
+diff -ur dia-0.95.orig/plug-ins/python/pydia-error.c dia-0.95/plug-ins/python/pydia-error.c
+--- dia-0.95.orig/plug-ins/python/pydia-error.c 2005-09-13 22:19:27.000000000 +0200
++++ dia-0.95/plug-ins/python/pydia-error.c 2006-05-22 22:04:02.000000000 +0200
+@@ -46,7 +46,7 @@
+ PyFile_WriteObject (v, ef, 0);
+ PyTraceBack_Print(tb, ef);
+ if (((PyDiaError*)ef)->str && popup)
+- message_error (((PyDiaError*)ef)->str->str);
++ message_error ("%s", ((PyDiaError*)ef)->str->str);
+ g_free (sLoc);
+ Py_DECREF (ef);
+ Py_XDECREF(exc);
+Only in dia-0.95/plug-ins/python: pydia-error.c~
+diff -ur dia-0.95.orig/plug-ins/wmf/wmf.cpp dia-0.95/plug-ins/wmf/wmf.cpp
+--- dia-0.95.orig/plug-ins/wmf/wmf.cpp 2006-02-20 22:12:02.000000000 +0100
++++ dia-0.95/plug-ins/wmf/wmf.cpp 2006-05-22 22:23:00.000000000 +0200
+@@ -223,7 +223,7 @@
+ va_end (args);
+
+ //fprintf(renderer->file, string);
+- g_print(string);
++ g_print("%s", string);
+
+ g_free(string);
+ }
+Only in dia-0.95/plug-ins/wmf: wmf.cpp~
Index: dia.spec
===================================================================
RCS file: /cvs/dist/rpms/dia/FC-4/dia.spec,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- dia.spec 23 May 2006 08:02:40 -0000 1.33
+++ dia.spec 23 May 2006 12:29:45 -0000 1.34
@@ -5,7 +5,7 @@
Name: dia
Summary: A diagram drawing program.
Version: 0.94
-Release: 14.fc4
+Release: 15.fc4
Epoch: 1
Source: ftp://ftp.gnome.org/pub/GNOME/stable/sources/dia/%{name}-%{version}.tar.bz2
Group: Applications/Multimedia
@@ -55,7 +55,7 @@
%patch5 -p1 -b .rh165337
%patch6 -p1 -b .gnomeflags
%patch7 -p1 -b .rh187402
-%patch8 -p0 -b .rh192699
+%patch8 -p1 -b .rh192699
%build
aclocal-1.7
@@ -125,6 +125,9 @@
%changelog
* Tue May 23 2006 Caolan McNamara <caolanm at redhat.com>
+- CVE-2006-2453 Dia format string issue
+
+* Tue May 23 2006 Caolan McNamara <caolanm at redhat.com>
- CVE-2006-2480 Dia format string issue
* Fri Mar 31 2006 Caolan McNamara <caolanm at redhat.com>
More information about the fedora-cvs-commits
mailing list