Bug#643344: Patch for fixing format-security errors in 2.8.6

Thu, 27 Oct 2011 02:06:26 -0700 

Hi,

please find attached the patch for fixing those format-security errors.

it's applied to ubuntu already, and works just fine.

Just put it as the latest patch in the quilt series.

Regards,

\sh

Index: abiword-2.8.6/src/af/xap/gtk/xap_UnixDialogHelper.cpp
===================================================================
--- abiword-2.8.6.orig/src/af/xap/gtk/xap_UnixDialogHelper.cpp	2011-10-26 12:11:34.687254992 +0000
+++ abiword-2.8.6/src/af/xap/gtk/xap_UnixDialogHelper.cpp	2011-10-26 12:23:27.047261934 +0000
@@ -830,7 +830,7 @@
 						   GTK_DIALOG_MODAL,
 						   GTK_MESSAGE_INFO,
 						   GTK_BUTTONS_OK,
-						   message ) ;
+						   "%s",message ) ;
 
 	gtk_window_set_title(GTK_WINDOW(msg), "AbiWord");
 	gtk_window_set_role(GTK_WINDOW(msg), "message dialog");
Index: abiword-2.8.6/src/af/xap/gtk/xap_UnixDlg_Image.cpp
===================================================================
--- abiword-2.8.6.orig/src/af/xap/gtk/xap_UnixDlg_Image.cpp	2011-10-26 12:11:34.687254992 +0000
+++ abiword-2.8.6/src/af/xap/gtk/xap_UnixDlg_Image.cpp	2011-10-26 12:23:27.047261934 +0000
@@ -488,7 +488,7 @@
 	
     std::string s;
 	pSS->getValueUTF8(XAP_STRING_ID_DLG_Image_Title,s);
-	abiDialogSetTitle(mMainWindow, s.c_str());
+	abiDialogSetTitle(mMainWindow, "%s", s.c_str());
 
     localizeLabel(GTK_WIDGET(gtk_builder_get_object(builder, "lbDescTab")), pSS, XAP_STRING_ID_DLG_Image_DescTabLabel);
     localizeLabel(GTK_WIDGET(gtk_builder_get_object(builder, "lbWrapTab")), pSS, XAP_STRING_ID_DLG_Image_WrapTabLabel);
Index: abiword-2.8.6/src/af/xap/gtk/xap_UnixDlg_Zoom.cpp
===================================================================
--- abiword-2.8.6.orig/src/af/xap/gtk/xap_UnixDlg_Zoom.cpp	2011-10-26 12:11:34.697261936 +0000
+++ abiword-2.8.6/src/af/xap/gtk/xap_UnixDlg_Zoom.cpp	2011-10-26 12:23:27.057262054 +0000
@@ -225,7 +225,7 @@
 	// set the dialog title
 	UT_UTF8String s;
 	pSS->getValueUTF8(XAP_STRING_ID_DLG_Zoom_ZoomTitle,s);
-	abiDialogSetTitle(window, s.utf8_str());
+	abiDialogSetTitle(window, "%s",s.utf8_str());
 
 	// localize the strings in our dialog, and set tags for some widgets
 	
Index: abiword-2.8.6/src/af/xap/xp/xap_Prefs.cpp
===================================================================
--- abiword-2.8.6.orig/src/af/xap/xp/xap_Prefs.cpp	2011-10-26 12:11:34.707261878 +0000
+++ abiword-2.8.6/src/af/xap/xp/xap_Prefs.cpp	2011-10-26 12:23:27.057262054 +0000
@@ -1286,37 +1286,37 @@
 	if (XAP_App::s_szBuild_ID && XAP_App::s_szBuild_ID[0])
 	{
 		fprintf(fp,"<!--         Build_ID          = ");
-		fprintf(fp,XAP_App::s_szBuild_ID);
+		fprintf(fp,"%s",XAP_App::s_szBuild_ID);
 		fprintf(fp," -->\n");
 	}
 	if (XAP_App::s_szBuild_Version && XAP_App::s_szBuild_Version[0])
 	{
 		fprintf(fp,"<!--         Build_Version     = ");
-		fprintf(fp,XAP_App::s_szBuild_Version);
+		fprintf(fp,"%s",XAP_App::s_szBuild_Version);
 		fprintf(fp," -->\n");
 	}
 	if (XAP_App::s_szBuild_Options && XAP_App::s_szBuild_Options[0])
 	{
 		fprintf(fp,"<!--         Build_Options     = ");
-		fprintf(fp,XAP_App::s_szBuild_Options);
+		fprintf(fp,"%s",XAP_App::s_szBuild_Options);
 		fprintf(fp," -->\n");
 	}
 	if (XAP_App::s_szBuild_Target && XAP_App::s_szBuild_Target[0])
 	{
 		fprintf(fp,"<!--         Build_Target      = ");
-		fprintf(fp,XAP_App::s_szBuild_Target);
+		fprintf(fp,"%s",XAP_App::s_szBuild_Target);
 		fprintf(fp," -->\n");
 	}
 	if (XAP_App::s_szBuild_CompileTime && XAP_App::s_szBuild_CompileTime[0])
 	{
 		fprintf(fp,"<!--         Build_CompileTime = ");
-		fprintf(fp,XAP_App::s_szBuild_CompileTime);
+		fprintf(fp,"%s",XAP_App::s_szBuild_CompileTime);
 		fprintf(fp," -->\n");
 	}
 	if (XAP_App::s_szBuild_CompileDate && XAP_App::s_szBuild_CompileDate[0])
 	{
 		fprintf(fp,"<!--         Build_CompileDate = ");
-		fprintf(fp,XAP_App::s_szBuild_CompileDate);
+		fprintf(fp,"%s",XAP_App::s_szBuild_CompileDate);
 		fprintf(fp," -->\n");
 	}
 #endif
Index: abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_Annotation.cpp
===================================================================
--- abiword-2.8.6.orig/src/wp/ap/gtk/ap_UnixDialog_Annotation.cpp	2011-10-26 12:11:34.717262003 +0000
+++ abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_Annotation.cpp	2011-10-26 12:23:27.057262054 +0000
@@ -165,7 +165,7 @@
 	// set the dialog title
 	std::string s;
 	pSS->getValueUTF8(AP_STRING_ID_DLG_Annotation_Title,s);
-	abiDialogSetTitle(window, s.c_str());	
+	abiDialogSetTitle(window, "%s", s.c_str());	
 	
 	// localize the strings in our dialog, and set some userdata for some widgets
 	localizeLabel(GTK_WIDGET(gtk_builder_get_object(builder, "lbTitle")), pSS, AP_STRING_ID_DLG_Annotation_Title_LBL);
Index: abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_Break.cpp
===================================================================
--- abiword-2.8.6.orig/src/wp/ap/gtk/ap_UnixDialog_Break.cpp	2011-10-26 12:11:34.727255413 +0000
+++ abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_Break.cpp	2011-10-26 12:23:27.057262054 +0000
@@ -109,7 +109,7 @@
 	// set the dialog title
 	UT_UTF8String s;
 	pSS->getValueUTF8(AP_STRING_ID_DLG_Break_BreakTitle_Capital,s);
-	abiDialogSetTitle(window, s.utf8_str());
+	abiDialogSetTitle(window, "%s", s.utf8_str());
 	
 	// localize the strings in our dialog, and set tags for some widgets
 	
Index: abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_Field.cpp
===================================================================
--- abiword-2.8.6.orig/src/wp/ap/gtk/ap_UnixDialog_Field.cpp	2011-10-26 12:23:45.167255495 +0000
+++ abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_Field.cpp	2011-10-26 12:23:56.947261727 +0000
@@ -297,7 +297,7 @@
 	// set the dialog title
 	UT_UTF8String s;
 	pSS->getValueUTF8(AP_STRING_ID_DLG_Field_FieldTitle_Capital,s);
-	abiDialogSetTitle(window, s.utf8_str());	
+	abiDialogSetTitle(window, "%s",s.utf8_str());	
 	
 	// localize the strings in our dialog, and set some userdata for some widg
 
Index: abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_FormatFootnotes.cpp
===================================================================
--- abiword-2.8.6.orig/src/wp/ap/gtk/ap_UnixDialog_FormatFootnotes.cpp	2011-10-26 12:25:15.907255254 +0000
+++ abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_FormatFootnotes.cpp	2011-10-26 12:25:35.807266084 +0000
@@ -372,7 +372,7 @@
 	// set the dialog title
     std::string s;
 	pSS->getValueUTF8(AP_STRING_ID_DLG_FormatFootnotes_Title,s);
-	abiDialogSetTitle(window, s.c_str());
+	abiDialogSetTitle(window, "%s",s.c_str());
 	
 	// localize the strings in our dialog, and set tags for some widgets
 	
Index: abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_MailMerge.cpp
===================================================================
--- abiword-2.8.6.orig/src/wp/ap/gtk/ap_UnixDialog_MailMerge.cpp	2011-10-26 12:25:54.217261832 +0000
+++ abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_MailMerge.cpp	2011-10-26 12:26:09.867261678 +0000
@@ -173,7 +173,7 @@
 	// set the dialog title
 	UT_UTF8String s;
 	pSS->getValueUTF8(AP_STRING_ID_DLG_MailMerge_MailMergeTitle,s);
-	abiDialogSetTitle(m_windowMain, s.utf8_str());
+	abiDialogSetTitle(m_windowMain, "%s",s.utf8_str());
 	
 	// localize the strings in our dialog, and set tags for some widgets
 	
Index: abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_HdrFtr.cpp
===================================================================
--- abiword-2.8.6.orig/src/wp/ap/gtk/ap_UnixDialog_HdrFtr.cpp	2011-10-26 12:26:29.497255541 +0000
+++ abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_HdrFtr.cpp	2011-10-26 12:26:44.727257773 +0000
@@ -203,7 +203,7 @@
 	// set the dialog title
 	UT_UTF8String s;
 	pSS->getValueUTF8(AP_STRING_ID_DLG_HdrFtr_Title,s);
-	abiDialogSetTitle(window, s.utf8_str());
+	abiDialogSetTitle(window, "%s",s.utf8_str());
 
 	// localize the strings in our dialog
 	
Index: abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_FormatTable.cpp
===================================================================
--- abiword-2.8.6.orig/src/wp/ap/gtk/ap_UnixDialog_FormatTable.cpp	2011-10-26 12:27:31.257255343 +0000
+++ abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_FormatTable.cpp	2011-10-26 12:27:44.447261973 +0000
@@ -437,7 +437,7 @@
 	
 	// set the dialog title
 	ConstructWindowName();
-	abiDialogSetTitle(window, m_WindowName);
+	abiDialogSetTitle(window, "%s",m_WindowName);
 	
 	// disable double buffering on our preview
 	gtk_widget_set_double_buffered(m_wPreviewArea, FALSE); 	
Index: abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_Stylist.cpp
===================================================================
--- abiword-2.8.6.orig/src/wp/ap/gtk/ap_UnixDialog_Stylist.cpp	2011-10-26 12:28:16.797255352 +0000
+++ abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_Stylist.cpp	2011-10-26 12:28:29.537262733 +0000
@@ -274,7 +274,7 @@
 	// set the dialog title
 	UT_UTF8String s;
 	pSS->getValueUTF8(AP_STRING_ID_DLG_Stylist_Title,s);
-	abiDialogSetTitle(m_windowMain, s.utf8_str());
+	abiDialogSetTitle(m_windowMain, "%s", s.utf8_str());
 
 	g_object_unref(G_OBJECT(builder));
 	
Index: abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_InsertTable.cpp
===================================================================
--- abiword-2.8.6.orig/src/wp/ap/gtk/ap_UnixDialog_InsertTable.cpp	2011-10-26 12:28:49.757267449 +0000
+++ abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_InsertTable.cpp	2011-10-26 12:28:59.987261718 +0000
@@ -127,7 +127,7 @@
 	// set the dialog title
     std::string s;
 	pSS->getValueUTF8(AP_STRING_ID_DLG_InsertTable_TableTitle,s);
-	abiDialogSetTitle(window, s.c_str());
+	abiDialogSetTitle(window, "%s",s.c_str());
 	// Units
 	gtk_label_set_text (GTK_LABEL (GTK_WIDGET(gtk_builder_get_object(builder, "lbInch"))), UT_dimensionName(m_dim));
 	double spinstep = getSpinIncr ();
Index: abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_PageNumbers.cpp
===================================================================
--- abiword-2.8.6.orig/src/wp/ap/gtk/ap_UnixDialog_PageNumbers.cpp	2011-10-26 12:29:17.667255252 +0000
+++ abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_PageNumbers.cpp	2011-10-26 12:29:31.587261859 +0000
@@ -172,7 +172,7 @@
 	// set the dialog title
 	UT_UTF8String s;
 	pSS->getValueUTF8(AP_STRING_ID_DLG_PageNumbers_Title,s);
-	abiDialogSetTitle(window, s.utf8_str());
+	abiDialogSetTitle(window, "%s", s.utf8_str());
 
 	// disable double buffering on our preview
 	gtk_widget_set_double_buffered(m_previewArea, FALSE);  
Index: abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_MetaData.cpp
===================================================================
--- abiword-2.8.6.orig/src/wp/ap/gtk/ap_UnixDialog_MetaData.cpp	2011-10-26 12:29:55.327261924 +0000
+++ abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_MetaData.cpp	2011-10-26 12:30:06.507262130 +0000
@@ -155,7 +155,7 @@
 	// set the dialog title
 	UT_UTF8String s;
 	pSS->getValueUTF8(AP_STRING_ID_DLG_MetaData_Title,s);
-	abiDialogSetTitle(window, s.utf8_str());	
+	abiDialogSetTitle(window, "%s",s.utf8_str());	
 	
 	// localize the strings in our dialog, and set some userdata for some widgets
 	localizeLabel(GTK_WIDGET(gtk_builder_get_object(builder, "lbTitle")), pSS, AP_STRING_ID_DLG_MetaData_Title_LBL);
Index: abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_Insert_DateTime.cpp
===================================================================
--- abiword-2.8.6.orig/src/wp/ap/gtk/ap_UnixDialog_Insert_DateTime.cpp	2011-10-26 12:30:25.377261966 +0000
+++ abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_Insert_DateTime.cpp	2011-10-26 12:30:36.357266262 +0000
@@ -145,7 +145,7 @@
 	// set the dialog title
 	UT_UTF8String s;
 	pSS->getValueUTF8(AP_STRING_ID_DLG_DateTime_DateTimeTitle,s);
-	abiDialogSetTitle(window, s.utf8_str());
+	abiDialogSetTitle(window, "%s", s.utf8_str());
 	
 	// localize the strings in our dialog
 	
Index: abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_Options.cpp
===================================================================
--- abiword-2.8.6.orig/src/wp/ap/gtk/ap_UnixDialog_Options.cpp	2011-10-26 12:30:52.057261818 +0000
+++ abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_Options.cpp	2011-10-26 12:32:41.667261693 +0000
@@ -208,7 +208,7 @@
 
     dlg = WID ( "ap_UnixDialog_Options_ColorSel" );
     pSS->getValueUTF8 ( AP_STRING_ID_DLG_Options_Label_ChooseForTransparent, s );
-    abiDialogSetTitle ( dlg, s.utf8_str() );
+    abiDialogSetTitle ( dlg, "%s", s.utf8_str() );
 
     colorsel = WID ( "csColorSel" );
 
@@ -529,7 +529,7 @@
     // set the dialog title
     std::string s;
     pSS->getValueUTF8(AP_STRING_ID_DLG_Options_OptionsTitle, s);
-    abiDialogSetTitle(mainWindow, s.c_str());
+    abiDialogSetTitle(mainWindow, "%s", s.c_str());
 
     // the control buttons
     g_signal_connect ( G_OBJECT ( m_buttonDefaults ),
Index: abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_FormatTOC.cpp
===================================================================
--- abiword-2.8.6.orig/src/wp/ap/gtk/ap_UnixDialog_FormatTOC.cpp	2011-10-26 12:31:17.927254936 +0000
+++ abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_FormatTOC.cpp	2011-10-26 12:31:29.827261701 +0000
@@ -361,7 +361,7 @@
 	// set the dialog title
 	UT_UTF8String s;
 	pSS->getValueUTF8(AP_STRING_ID_DLG_FormatTOC_Title,s);
-	abiDialogSetTitle(m_windowMain, s.utf8_str());
+	abiDialogSetTitle(m_windowMain, "%s", s.utf8_str());
 
 // localize notebook tabs
 	localizeLabel(_getWidget( "lbGeneral"), pSS, AP_STRING_ID_DLG_FormatTOC_General);
Index: abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_FormatFrame.cpp
===================================================================
--- abiword-2.8.6.orig/src/wp/ap/gtk/ap_UnixDialog_FormatFrame.cpp	2011-10-26 12:31:43.617261981 +0000
+++ abiword-2.8.6/src/wp/ap/gtk/ap_UnixDialog_FormatFrame.cpp	2011-10-26 12:31:55.367261656 +0000
@@ -476,7 +476,7 @@
 	
 	// set the dialog title
 	ConstructWindowName();
-	abiDialogSetTitle(window, m_WindowName);
+	abiDialogSetTitle(window, "%s", m_WindowName);
 	
 	// disable double buffering on our preview
 	gtk_widget_set_double_buffered(m_wPreviewArea, FALSE); 	
Index: abiword-2.8.6/plugins/collab/backends/service/unix/ap_UnixDialog_GenericProgress.cpp
===================================================================
--- abiword-2.8.6.orig/plugins/collab/backends/service/unix/ap_UnixDialog_GenericProgress.cpp	2011-10-26 12:33:03.667261918 +0000
+++ abiword-2.8.6/plugins/collab/backends/service/unix/ap_UnixDialog_GenericProgress.cpp	2011-10-26 12:33:15.807265398 +0000
@@ -99,7 +99,7 @@
 	m_wProgress = GTK_WIDGET(gtk_builder_get_object(builder, "pbProgress"));
 
 	// set the dialog title
-	abiDialogSetTitle(window, getTitle().utf8_str());
+	abiDialogSetTitle(window, "%s", getTitle().utf8_str());
 	
 	// set the informative label
 	gtk_label_set_text(GTK_LABEL(GTK_WIDGET(gtk_builder_get_object(builder, "lbInformation"))), getInformation().utf8_str());
Index: abiword-2.8.6/plugins/collab/backends/service/unix/ap_UnixDialog_GenericInput.cpp
===================================================================
--- abiword-2.8.6.orig/plugins/collab/backends/service/unix/ap_UnixDialog_GenericInput.cpp	2011-10-26 12:33:26.107263327 +0000
+++ abiword-2.8.6/plugins/collab/backends/service/unix/ap_UnixDialog_GenericInput.cpp	2011-10-26 12:33:35.087261933 +0000
@@ -93,7 +93,7 @@
 	m_wInput = GTK_WIDGET(gtk_builder_get_object(builder, "edInput"));
 
 	// set the dialog title
-	abiDialogSetTitle(window, getTitle().utf8_str());
+	abiDialogSetTitle(window, "%s", getTitle().utf8_str());
 	
 	// set the question
 	gtk_label_set_text(GTK_LABEL(GTK_WIDGET(gtk_builder_get_object(builder, "lbQuestion"))), getQuestion().utf8_str());

Reply via email to