From 00eee7f273d4e9f1b6ad62481779458df3276448 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Jan=20R=C4=99korajski?= <baggins@pld-linux.org>
Date: Sat, 30 Nov 2013 22:30:32 +0100
Subject: [PATCH] - fix format string errors

---
 format-security.patch | 310 ++++++++++++++++++++++++++++++++++++++++++
 libgda3.spec          |   2 +
 2 files changed, 312 insertions(+)
 create mode 100644 format-security.patch

diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..b0af7c0
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,310 @@
+--- /libgda-3.1.5/libgda/sqlite/virtual/gda-vconnection-data-model.c~	2008-07-20 11:51:22.000000000 +0200
++++ /libgda-3.1.5/libgda/sqlite/virtual/gda-vconnection-data-model.c	2013-11-30 22:15:05.063893169 +0100
+@@ -242,7 +242,7 @@
+ 	rc = sqlite3_exec (scnc->connection, str, NULL, 0, &zErrMsg);
+ 	g_free (str);
+ 	if (rc != SQLITE_OK) {
+-		g_set_error (error, 0, 0, g_strdup (zErrMsg));
++		g_set_error (error, 0, 0, "%s", g_strdup (zErrMsg));
+ 		sqlite3_free (zErrMsg);
+ 		gda_vconnection_data_model_table_data_free (td);
+ 		cnc->priv->table_data_list = g_slist_remove (cnc->priv->table_data_list, td);
+@@ -303,7 +303,7 @@
+ 	g_free (str);
+ 
+ 	if (rc != SQLITE_OK) {
+-		g_set_error (error, 0, 0, g_strdup (zErrMsg));
++		g_set_error (error, 0, 0, "%s", g_strdup (zErrMsg));
+ 		sqlite3_free (zErrMsg);
+ 		return FALSE;
+ 	}
+--- /libgda-3.1.5/libgda/sqlite/gda-sqlite-provider.c~	2013-11-30 22:13:45.023125651 +0100
++++ /libgda-3.1.5/libgda/sqlite/gda-sqlite-provider.c	2013-11-30 22:16:40.384890339 +0100
+@@ -1032,7 +1032,7 @@
+ 		g_free (filename);
+ 
+ 		if (errmsg != SQLITE_OK) {
+-			g_set_error (error, 0, 0, sqlite3_errmsg (scnc->connection)); 
++			g_set_error (error, 0, 0, "%s", sqlite3_errmsg (scnc->connection)); 
+ 			retval = FALSE;
+ 		}
+ 		gda_sqlite_free_cnc (scnc);
+@@ -1058,7 +1058,7 @@
+ 		g_free (tmp);
+ 
+ 		if (g_unlink (filename)) {
+-			g_set_error (error, 0, 0,
++			g_set_error (error, 0, 0, "%s",
+ 				     sys_errlist [errno]);
+ 			retval = FALSE;
+ 		}
+--- /libgda-3.1.5/libgda/sql-delimiter/gda-sql-delimiter.c~	2008-07-20 11:51:22.000000000 +0200
++++ /libgda-3.1.5/libgda/sql-delimiter/gda-sql-delimiter.c	2013-11-30 22:17:32.765454196 +0100
+@@ -60,7 +60,7 @@
+ 				g_set_error (gda_sql_error, 0, 0, _("Parse error near `%s'"), gda_delimitertext);
+ 			else if (!strcmp (string, "syntax error"))
+ 				g_set_error (gda_sql_error, 0, 0, _("Syntax error near `%s'"), gda_delimitertext);
+-			else g_set_error (gda_sql_error, 0, 0, string);
++			else g_set_error (gda_sql_error, 0, 0, "%s", string);
+ 		}
+ 	}
+ 	else
+--- /libgda-3.1.5/libgda/gda-connection.c~	2008-07-20 11:51:23.000000000 +0200
++++ /libgda-3.1.5/libgda/gda-connection.c	2013-11-30 22:18:40.019508054 +0100
+@@ -540,7 +540,7 @@
+ 				event = GDA_CONNECTION_EVENT (l->data);
+ 				if (gda_connection_event_get_event_type (event) == GDA_CONNECTION_EVENT_ERROR) {
+ 					if (error && !(*error))
+-						g_set_error (error, GDA_CONNECTION_ERROR, GDA_CONNECTION_OPEN_ERROR,
++						g_set_error (error, GDA_CONNECTION_ERROR, GDA_CONNECTION_OPEN_ERROR, "%s",
+ 							     gda_connection_event_get_description (event));
+ 					gda_client_notify_error_event (cnc->priv->client, cnc, 
+ 								       GDA_CONNECTION_EVENT (l->data));
+@@ -1200,7 +1200,7 @@
+ 	while (events && !has_error) {
+ 		if (gda_connection_event_get_event_type (GDA_CONNECTION_EVENT (events->data)) == 
+ 		    GDA_CONNECTION_EVENT_ERROR) {
+-			g_set_error (error, GDA_CONNECTION_ERROR, GDA_CONNECTION_EXECUTE_COMMAND_ERROR,
++			g_set_error (error, GDA_CONNECTION_ERROR, GDA_CONNECTION_EXECUTE_COMMAND_ERROR, "%s",
+ 				     gda_connection_event_get_description (GDA_CONNECTION_EVENT (events->data)));
+ 			has_error = TRUE;
+ 		}
+--- /libgda-3.1.5/libgda/gda-data-model-bdb.c~	2008-07-20 11:51:23.000000000 +0200
++++ /libgda-3.1.5/libgda/gda-data-model-bdb.c	2013-11-30 22:19:02.359746578 +0100
+@@ -216,7 +216,7 @@
+ {
+ 	GError *error = NULL;
+ 
+-        g_set_error (&error, 0, 0, err);
++        g_set_error (&error, 0, 0, "%s", err);
+ 	g_print ("ADD_ERROR (%s)\n", err);
+         model->priv->errors = g_slist_append (model->priv->errors, error);
+ }
+--- /libgda-3.1.5/libgda/gda-data-model-dir.c~	2013-11-30 22:13:45.019792285 +0100
++++ /libgda-3.1.5/libgda/gda-data-model-dir.c	2013-11-30 22:21:11.304449215 +0100
+@@ -250,7 +250,7 @@
+ {
+ 	GError *error = NULL;
+ 
+-        g_set_error (&error, 0, 0, err);
++        g_set_error (&error, 0, 0, "%s", err);
+ 	g_print ("ADD_ERROR (%s)\n", err);
+         model->priv->errors = g_slist_append (model->priv->errors, error);
+ }
+@@ -929,7 +929,7 @@
+                 str = g_strdup_printf (_("Row %d out of range 0 - %d"), row,
+ 				       imodel->priv->rows->len - 1);
+ 		add_error (imodel, str);
+-		g_set_error (error, 0, 0, str);
++		g_set_error (error, 0, 0, "%s", str);
+ 		g_free (str);
+                 return FALSE;
+         }
+@@ -1006,7 +1006,7 @@
+ 					str = g_strdup_printf (_("Could not rename file '%s' to '%s'"), 
+ 							       filename, new_filename);
+ 					add_error (imodel, str);
+-					g_set_error (error, 0, 0, str);
++					g_set_error (error, 0, 0, "%s", str);
+ 					g_free (str);
+ 					g_free (new_filename);
+ 					g_free (filename);
+@@ -1029,7 +1029,7 @@
+ 				gchar *str;
+ 				str = g_strdup_printf (_("Could not create directory '%s'"), new_path);
+ 				add_error (imodel, str);
+-				g_set_error (error, 0, 0, str);
++				g_set_error (error, 0, 0, "%s", str);
+ 				g_free (str);
+ 				g_free (old_path);
+ 				return FALSE;
+@@ -1049,7 +1049,7 @@
+ 				gchar *str;
+ 				str = g_strdup_printf (_("Could not rename file '%s' to '%s'"), filename, new_filename);
+ 				add_error (imodel, str);
+-				g_set_error (error, 0, 0, str);
++				g_set_error (error, 0, 0, "%s", str);
+ 				g_free (str);
+ 				g_free (new_filename);
+ 				g_free (filename);
+@@ -1098,7 +1098,7 @@
+ 					gchar *str;
+ 					str = g_strdup_printf (_("Could not overwrite contents of file '%s'"), filename);
+ 					add_error (imodel, str);
+-					g_set_error (error, 0, 0, str);
++					g_set_error (error, 0, 0, "%s", str);
+ 					g_free (str);
+ 					g_object_unref (op);
+ 					g_free (filename);
+@@ -1230,7 +1230,7 @@
+ 				gchar *str;
+ 				str = g_strdup_printf (_("Cannot set contents of filename '%s'"), complete_filename);
+ 				add_error (imodel, str);
+-				g_set_error (error, 0, 0, str);
++				g_set_error (error, 0, 0, "%s", str);
+ 				g_free (str);
+ 				if (bin_to_free)
+ 					g_free (bin_data);
+@@ -1241,7 +1241,7 @@
+ 			gchar *str;
+ 			str = g_strdup_printf (_("Cannot create directory '%s'"), dirname);
+ 			add_error (imodel, str);
+-			g_set_error (error, 0, 0, str);
++			g_set_error (error, 0, 0, "%s", str);
+ 			g_free (str);
+ 			return -1;
+ 		}
+@@ -1272,7 +1272,7 @@
+                 str = g_strdup_printf (_("Row %d out of range 0 - %d"), row,
+ 				       imodel->priv->rows->len - 1);
+ 		add_error (imodel, str);
+-		g_set_error (error, 0, 0, str);
++		g_set_error (error, 0, 0, "%s", str);
+ 		g_free (str);
+                 return FALSE;
+         }
+@@ -1288,7 +1288,7 @@
+ 		gchar *str;
+ 		str = g_strdup_printf (_("Cannot remove file '%s'"), filename);
+ 		add_error (imodel, str);
+-		g_set_error (error, 0, 0, str);
++		g_set_error (error, 0, 0, "%s", str);
+ 		g_free (str);
+ 		g_free (filename);
+ 		return FALSE;
+--- /libgda-3.1.5/libgda/gda-data-model-import.c~	2008-07-20 11:51:23.000000000 +0200
++++ /libgda-3.1.5/libgda/gda-data-model-import.c	2013-11-30 22:21:33.504683758 +0100
+@@ -1734,7 +1734,7 @@
+ {
+ 	GError *error = NULL;
+ 
+-	g_set_error (&error, 0, 0, err);
++	g_set_error (&error, 0, 0, "%s", err);
+ 	model->priv->errors = g_slist_append (model->priv->errors, error);
+ }
+ 
+--- /libgda-3.1.5/libgda/gda-parameter-list.c~	2008-07-20 11:51:23.000000000 +0200
++++ /libgda-3.1.5/libgda/gda-parameter-list.c	2013-11-30 22:22:53.398858452 +0100
+@@ -579,7 +579,7 @@
+ 				errors = gda_data_model_import_get_errors (GDA_DATA_MODEL_IMPORT (model));
+ 				if (errors) {
+ 					GError *err = (GError *) errors->data;
+-					g_set_error (error, 0, 0, err->message);
++					g_set_error (error, 0, 0, "%s", err->message);
+ 					g_object_unref (model);
+ 					model = NULL;
+ 					allok = FALSE;
+@@ -803,7 +803,7 @@
+ 	/* parameters' values, sources, constraints: TODO */
+ 
+ 	xmlDocDumpFormatMemory(doc, &xmlbuff, &buffersize, 1);
+-	g_print ((gchar *) xmlbuff);
++	g_print ("%s", (gchar *) xmlbuff);
+ 	
+ 	xmlFreeDoc(doc);
+ 	return (gchar *) xmlbuff;
+--- /libgda-3.1.5/libgda/gda-query.c~	2008-07-20 11:51:23.000000000 +0200
++++ /libgda-3.1.5/libgda/gda-query.c	2013-11-30 22:23:47.282756947 +0100
+@@ -2826,7 +2826,7 @@
+ 				if ((gda_connection_event_get_event_type (GDA_CONNECTION_EVENT (list->data)) == 
+ 				     GDA_CONNECTION_EVENT_ERROR) &&
+ 				    !g_list_find (errors_before, list->data)) 
+-					g_set_error (error, GDA_QUERY_ERROR, GDA_QUERY_EXEC_ERROR,
++					g_set_error (error, GDA_QUERY_ERROR, GDA_QUERY_EXEC_ERROR, "%s",
+ 						     gda_connection_event_get_description (GDA_CONNECTION_EVENT (list->data)));
+ 			}
+ 			if (errors_before)
+@@ -4359,7 +4359,7 @@
+ 						errors = gda_data_model_import_get_errors (GDA_DATA_MODEL_IMPORT (model));
+ 						if (errors) {
+ 							GError *err = (GError *) errors->data;
+-							g_set_error (error, 0, 0, err->message);
++							g_set_error (error, 0, 0, "%s", err->message);
+ 							g_object_unref (model);
+ 							model = NULL;
+ 							return FALSE;
+--- /libgda-3.1.5/libgda/gda-query-field-value.c~	2008-07-20 11:51:23.000000000 +0200
++++ /libgda-3.1.5/libgda/gda-query-field-value.c	2013-11-30 22:24:26.649835416 +0100
+@@ -1474,7 +1474,7 @@
+ 				g_set_error (error,
+ 					     GDA_QUERY_FIELD_VALUE_ERROR,
+ 					     GDA_QUERY_FIELD_VALUE_RENDER_ERROR,
+-					     str);
++					     "%s", str);
+ 				g_free (str);
+ 				
+ 				/*g_print ("Param %p (%s) is invalid!\n", param_source, 
+--- /libgda-3.1.5/providers/mysql/gda-mysql-provider.c~	2008-07-20 11:51:16.000000000 +0200
++++ /libgda-3.1.5/providers/mysql/gda-mysql-provider.c	2013-11-30 22:26:15.987641260 +0100
+@@ -282,7 +282,7 @@
+ 	
+ 	
+ 	if (!mysql_ret) {
+-		g_set_error (error, 0, 0, mysql_error (mysql));
++		g_set_error (error, 0, 0, "%s", mysql_error (mysql));
+ 		g_free (mysql);
+ 		return NULL;
+ 	}
+@@ -767,7 +767,7 @@
+ 			g_free (sql);
+ 			
+ 			if (res) {
+-				g_set_error (error, 0, 0, mysql_error (mysql));
++				g_set_error (error, 0, 0, "%s", mysql_error (mysql));
+ 				mysql_close (mysql);
+ 				return FALSE;
+ 			}
+--- /libgda-3.1.5/providers/mysql/gda-mysql-recordset.c~	2008-07-20 11:51:16.000000000 +0200
++++ /libgda-3.1.5/providers/mysql/gda-mysql-recordset.c	2013-11-30 22:27:20.854980814 +0100
+@@ -314,7 +314,7 @@
+ 		str = g_strdup_printf (_("Row number out of range 0 - %d"),
+ 				       priv_data->mysql_res_rows - 1);
+ 		gda_connection_add_event_string (priv_data->cnc, str);
+-		g_set_error (error, 0, 0, str);
++		g_set_error (error, 0, 0, "%s", str);
+ 		g_free (str);
+ 						 
+ 		return NULL;
+@@ -829,7 +829,7 @@
+ 	if (rc != 0) {
+ 		GdaConnectionEvent *event = gda_mysql_make_error (mysql);
+ 		gda_connection_add_event (priv_data->cnc, event);
+-		g_set_error (error, 0, 0,
++		g_set_error (error, 0, 0, "%s",
+ 			     gda_connection_event_get_description (event));
+ 		return FALSE;
+ 	}
+--- /libgda-3.1.5/providers/postgres/gda-postgres-provider.c~	2008-07-20 11:51:16.000000000 +0200
++++ /libgda-3.1.5/providers/postgres/gda-postgres-provider.c	2013-11-30 22:28:06.188783192 +0100
+@@ -1063,7 +1063,7 @@
+                 g_string_free (string, TRUE);
+ 
+ 		if (PQstatus (pconn) != CONNECTION_OK) {
+-                        g_set_error (error, 0, 0, PQerrorMessage (pconn));
++                        g_set_error (error, 0, 0, "%s", PQerrorMessage (pconn));
+                         PQfinish(pconn);
+ 
+                         return FALSE;
+@@ -1077,7 +1077,7 @@
+ 			pg_res = gda_postgres_PQexec_wrap (cnc, pconn, sql);
+ 			g_free (sql);
+ 			if (!pg_res || PQresultStatus (pg_res) != PGRES_COMMAND_OK) {
+-				g_set_error (error, 0, 0, PQresultErrorMessage (pg_res));
++				g_set_error (error, 0, 0, "%s", PQresultErrorMessage (pg_res));
+ 				PQfinish (pconn);
+ 				return FALSE;
+ 			}
+--- /libgda-3.1.5/tools/gda-config-tool.c~	2008-07-20 11:51:14.000000000 +0200
++++ /libgda-3.1.5/tools/gda-config-tool.c	2013-11-30 22:29:03.256038954 +0100
+@@ -1402,9 +1402,9 @@
+ 	const char *paramInDsn = "DSN parameters:";
+ 
+ 	g_print ("Provider name: %s\n", info->id);
+-	g_print (desc);
++	g_print ("%s", desc);
+ 	pretty_print (info->description, strlen (desc));
+-	g_print (paramInDsn);
++	g_print ("%s", paramInDsn);
+ 	str = g_string_new (NULL);
+ 	if (info->gda_params) 
+ 		g_slist_foreach (info->gda_params->parameters, add_param_name_to_string, str);
diff --git a/libgda3.spec b/libgda3.spec
index 5f86b0e..5943b27 100644
--- a/libgda3.spec
+++ b/libgda3.spec
@@ -35,6 +35,7 @@ Source0:	http://ftp.gnome.org/pub/gnome/sources/libgda/3.1/libgda-%{version}.tar
 Patch0:		%{name}-configure.patch
 Patch1:		%{name}-am.patch
 Patch2:		glib232.patch
+Patch3:		format-security.patch
 URL:		http://www.gnome-db.org/
 %{?with_firebird:BuildRequires:	Firebird-devel}
 BuildRequires:	autoconf >= 2.59
@@ -272,6 +273,7 @@ Pakiet dostarczajÄcy dane z xBase (dBase, Clippera, FoxPro) dla GDA.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 %if %{without gamin}
 sed -i -e 's#PKG_CHECK_MODULES(GAMIN.*)#have_fam=no#g' configure.in
-- 
2.44.0