Dear maintainer,
I've prepared an NMU for tidy (versioned as 20091223cvs-1.1). The diff
is attached to this message.
Regards.
diff -u tidy-20091223cvs/debian/changelog tidy-20091223cvs/debian/changelog
--- tidy-20091223cvs/debian/changelog
+++ tidy-20091223cvs/debian/changelog
@@ -1,3 +1,21 @@
+tidy (20091223cvs-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Apply patch by Loïc Minier:
+ * New patch, 10format-warnings, fixes FTBFS with -Werror=format-security;
+ essentially calls to messageNode() declared printf-alike with a variable
+ fmt string, but no subsequent argument; the patch passes "%s" as format
+ and fmt as the only argument; this merely protects this class of calls,
+ but not the ones with e.g. always one argument or always two arguments.
+ Tested by running tidy on some text and HTML files; warnings still seem to
+ be output correctly; (Closes: #645300).
+ * Use CURDIR instead of CURDUR in rules.
+ * rules: only append to LD_LIBRARY_PATH, don't reset it, as fakeroot relies
+ on it.
+ * Set urgenceny to medium due to rc bug fix
+
+ -- Alexander Reichle-Schmehl <toli...@debian.org> Sat, 03 Dec 2011 10:57:47 +0100
+
tidy (20091223cvs-1) unstable; urgency=low
* New cvs snapshot
diff -u tidy-20091223cvs/debian/rules tidy-20091223cvs/debian/rules
--- tidy-20091223cvs/debian/rules
+++ tidy-20091223cvs/debian/rules
@@ -12,9 +12,9 @@
build/tidy::
## Generate manpage from tidy output
- LD_LIBRARY_PATH=$(CURDUR)/src/.libs/ \
+ LD_LIBRARY_PATH=$${LD_LIBRARY_PATH:+$$LD_LIBRARY_PATH:}$(CURDIR)/src/.libs/ \
$(CURDIR)/console/tidy -xml-help > $(HELPXML)
- LD_LIBRARY_PATH=$(CURDUR)/src/.libs/ \
+ LD_LIBRARY_PATH=$${LD_LIBRARY_PATH:+$$LD_LIBRARY_PATH:}$(CURDIR)/src/.libs/ \
$(CURDIR)/console/tidy -xml-config > $(CONFIGXML)
/usr/bin/xsltproc -o $(MANPAGE) $(MANXSL) $(HELPXML)
only in patch2:
unchanged:
--- tidy-20091223cvs.orig/debian/patches/10format-warnings.patch
+++ tidy-20091223cvs/debian/patches/10format-warnings.patch
@@ -0,0 +1,57 @@
+diff --git a/src/localize.c b/src/localize.c
+index b832c23..e8c8027 100644
+--- a/src/localize.c
++++ b/src/localize.c
+@@ -1373,14 +1373,14 @@ void TY_(ReportAccessWarning)( TidyDocImpl* doc, Node* node, uint code )
+ {
+ ctmbstr fmt = GetFormatFromCode(code);
+ doc->badAccess |= BA_WAI;
+- messageNode( doc, TidyAccess, node, fmt );
++ messageNode( doc, TidyAccess, node, "%s", fmt );
+ }
+
+ void TY_(ReportAccessError)( TidyDocImpl* doc, Node* node, uint code )
+ {
+ ctmbstr fmt = GetFormatFromCode(code);
+ doc->badAccess |= BA_WAI;
+- messageNode( doc, TidyAccess, node, fmt );
++ messageNode( doc, TidyAccess, node, "%s", fmt );
+ }
+
+ #endif /* SUPPORT_ACCESSIBILITY_CHECKS */
+@@ -1399,7 +1399,7 @@ void TY_(ReportWarning)(TidyDocImpl* doc, Node *element, Node *node, uint code)
+ switch (code)
+ {
+ case NESTED_QUOTATION:
+- messageNode(doc, TidyWarning, rpt, fmt);
++ messageNode(doc, TidyWarning, rpt, "%s", fmt);
+ break;
+
+ case OBSOLETE_ELEMENT:
+@@ -1480,7 +1480,7 @@ void TY_(ReportError)(TidyDocImpl* doc, Node *element, Node *node, uint code)
+ case INCONSISTENT_NAMESPACE:
+ case DOCTYPE_AFTER_TAGS:
+ case DTYPE_NOT_UPPER_CASE:
+- messageNode(doc, TidyWarning, rpt, fmt);
++ messageNode(doc, TidyWarning, rpt, "%s", fmt);
+ break;
+
+ case COERCE_TO_ENDTAG:
+@@ -1499,7 +1499,7 @@ void TY_(ReportError)(TidyDocImpl* doc, Node *element, Node *node, uint code)
+ case ENCODING_IO_CONFLICT:
+ case MISSING_DOCTYPE:
+ case SPACE_PRECEDING_XMLDECL:
+- messageNode(doc, TidyWarning, node, fmt);
++ messageNode(doc, TidyWarning, node, "%s", fmt);
+ break;
+
+ case TRIM_EMPTY_ELEMENT:
+@@ -1548,7 +1548,7 @@ void TY_(ReportFatal)( TidyDocImpl* doc, Node *element, Node *node, uint code)
+ {
+ case SUSPECTED_MISSING_QUOTE:
+ case DUPLICATE_FRAMESET:
+- messageNode(doc, TidyError, rpt, fmt);
++ messageNode(doc, TidyError, rpt, "%s", fmt);
+ break;
+
+ case UNKNOWN_ELEMENT:
