Bug#700313: sharutils: Enable -Wformat-security

[Simon Ruderich]

Package: sharutils
Severity: normal
Tags: patch

Dear Maintainer,

The attached patch fixes the build with -Wformat-security. It
should be forwarded to upstream if possible.

diff -Nru sharutils-4.11.1/debian/rules sharutils-4.11.1/debian/rules
--- sharutils-4.11.1/debian/rules       2012-06-02 19:22:17.000000000 +0200
+++ sharutils-4.11.1/debian/rules       2013-02-11 15:34:10.000000000 +0100
@@ -2,8 +2,6 @@
 
 package = sharutils
 
-export DEB_BUILD_MAINT_OPTIONS=hardening=-format
-
 %:
        dh $@
 

Regards,
Simon
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9

Description: Fix compilation with -Werror=format-security.
Author: Simon Ruderich <si...@ruderich.org>
Last-Update: 2012-06-12

Index: sharutils-4.11.1/src/shar.c
===================================================================
--- sharutils-4.11.1.orig/src/shar.c	2011-01-15 02:38:38.000000000 +0100
+++ sharutils-4.11.1/src/shar.c	2013-02-11 15:33:42.000000000 +0100
@@ -513,7 +513,7 @@
 
   if (stat (local_name, &struct_stat))
     {
-      error (0, errno, local_name);
+      error (0, errno, "%s", local_name);
       return 1;
     }
 
@@ -522,7 +522,7 @@
 
   if (directory = opendir (local_name), !directory)
     {
-      error (0, errno, local_name);
+      error (0, errno, "%s", local_name);
       return 1;
     }
 
@@ -615,7 +615,7 @@
 #else
   if (closedir (directory))
     {
-      error (0, errno, local_name);
+      error (0, errno, "%s", local_name);
       return 1;
     }
 #endif
@@ -666,7 +666,7 @@
     int status = stat (local_name_copy, &struct_stat);
 
     if (status != 0)
-      error (0, errno, local_name_copy);
+      error (0, errno, "%s", local_name_copy);
     else
       status = (*routine) (local_name_copy, restore_name);
 
Index: sharutils-4.11.1/src/unshar.c
===================================================================
--- sharutils-4.11.1.orig/src/unshar.c	2011-01-15 02:39:02.000000000 +0100
+++ sharutils-4.11.1/src/unshar.c	2013-02-11 15:33:42.000000000 +0100
@@ -453,7 +453,7 @@
               strcpy (cp, arg);
             }
           if (file = fopen (name_buffer, "r"), !file)
-            error (EXIT_FAILURE, errno, name_buffer);
+            error (EXIT_FAILURE, errno, "%s", name_buffer);
           unarchive_shar_file (name_buffer, file);
           fclose (file);
         }
@@ -511,13 +511,13 @@
   {
     int fd = mkstemp (pz_fname);
     if (fd < 0)
-      error (EXIT_FAILURE, errno, pz_fname);
+      error (EXIT_FAILURE, errno, "%s", pz_fname);
 
     fp = fdopen (fd, "w+");
   }
 
   if (fp == NULL)
-    error (EXIT_FAILURE, errno, pz_fname);
+    error (EXIT_FAILURE, errno, "%s", pz_fname);
 
   {
     char *buf = malloc (pg_sz);

signature.asc
Description: Digital signature