tag #645300 + patch confirmed upstream user ubuntu-de...@lists.ubuntu.com usertag #645300 + ubuntu-patch precise stop
Hi Attached debdiff fixes the issue for me and a couple of typos in rules that I noticed while building tidy; please consider it for Debian and upstream. (I can't upload it to Ubuntu today, but will likely do so tomorrow to fix the FTBFS.) Thanks, -- Loïc Minier
--- tidy-20091223cvs/debian/rules +++ tidy-20091223cvs/debian/rules @@ -12,9 +12,9 @@ build/tidy:: ## Generate manpage from tidy output - LD_LIBRARY_PATH=$(CURDUR)/src/.libs/ \ + LD_LIBRARY_PATH=$${LD_LIBRARY_PATH:+$$LD_LIBRARY_PATH:}$(CURDIR)/src/.libs/ \ $(CURDIR)/console/tidy -xml-help > $(HELPXML) - LD_LIBRARY_PATH=$(CURDUR)/src/.libs/ \ + LD_LIBRARY_PATH=$${LD_LIBRARY_PATH:+$$LD_LIBRARY_PATH:}$(CURDIR)/src/.libs/ \ $(CURDIR)/console/tidy -xml-config > $(CONFIGXML) /usr/bin/xsltproc -o $(MANPAGE) $(MANXSL) $(HELPXML) --- tidy-20091223cvs/debian/changelog +++ tidy-20091223cvs/debian/changelog @@ -1,3 +1,18 @@ +tidy (20091223cvs-1ubuntu1) precise; urgency=low + + * New patch, 10format-warnings, fixes FTBFS with -Werror=format-security; + essentially calls to messageNode() declared printf-alike with a variable + fmt string, but no subsequent argument; the patch passes "%s" as format + and fmt as the only argument; this merely protects this class of calls, + but not the ones with e.g. always one argument or always two arguments. + Tested by running tidy on some text and HTML files; warnings still seem to + be output correctly; Debian #645300. + * Use CURDIR instead of CURDUR in rules. + * rules: only append to LD_LIBRARY_PATH, don't reset it, as fakeroot relies + on it. + + -- Loïc Minier <loic.min...@ubuntu.com> Wed, 30 Nov 2011 23:26:02 +0100 + tidy (20091223cvs-1) unstable; urgency=low * New cvs snapshot only in patch2: unchanged: --- tidy-20091223cvs.orig/debian/patches/10format-warnings.patch +++ tidy-20091223cvs/debian/patches/10format-warnings.patch @@ -0,0 +1,57 @@ +diff --git a/src/localize.c b/src/localize.c +index b832c23..e8c8027 100644 +--- a/src/localize.c ++++ b/src/localize.c +@@ -1373,14 +1373,14 @@ void TY_(ReportAccessWarning)( TidyDocImpl* doc, Node* node, uint code ) + { + ctmbstr fmt = GetFormatFromCode(code); + doc->badAccess |= BA_WAI; +- messageNode( doc, TidyAccess, node, fmt ); ++ messageNode( doc, TidyAccess, node, "%s", fmt ); + } + + void TY_(ReportAccessError)( TidyDocImpl* doc, Node* node, uint code ) + { + ctmbstr fmt = GetFormatFromCode(code); + doc->badAccess |= BA_WAI; +- messageNode( doc, TidyAccess, node, fmt ); ++ messageNode( doc, TidyAccess, node, "%s", fmt ); + } + + #endif /* SUPPORT_ACCESSIBILITY_CHECKS */ +@@ -1399,7 +1399,7 @@ void TY_(ReportWarning)(TidyDocImpl* doc, Node *element, Node *node, uint code) + switch (code) + { + case NESTED_QUOTATION: +- messageNode(doc, TidyWarning, rpt, fmt); ++ messageNode(doc, TidyWarning, rpt, "%s", fmt); + break; + + case OBSOLETE_ELEMENT: +@@ -1480,7 +1480,7 @@ void TY_(ReportError)(TidyDocImpl* doc, Node *element, Node *node, uint code) + case INCONSISTENT_NAMESPACE: + case DOCTYPE_AFTER_TAGS: + case DTYPE_NOT_UPPER_CASE: +- messageNode(doc, TidyWarning, rpt, fmt); ++ messageNode(doc, TidyWarning, rpt, "%s", fmt); + break; + + case COERCE_TO_ENDTAG: +@@ -1499,7 +1499,7 @@ void TY_(ReportError)(TidyDocImpl* doc, Node *element, Node *node, uint code) + case ENCODING_IO_CONFLICT: + case MISSING_DOCTYPE: + case SPACE_PRECEDING_XMLDECL: +- messageNode(doc, TidyWarning, node, fmt); ++ messageNode(doc, TidyWarning, node, "%s", fmt); + break; + + case TRIM_EMPTY_ELEMENT: +@@ -1548,7 +1548,7 @@ void TY_(ReportFatal)( TidyDocImpl* doc, Node *element, Node *node, uint code) + { + case SUSPECTED_MISSING_QUOTE: + case DUPLICATE_FRAMESET: +- messageNode(doc, TidyError, rpt, fmt); ++ messageNode(doc, TidyError, rpt, "%s", fmt); + break; + + case UNKNOWN_ELEMENT: