From orion@cora.nwra.com  Tue May  6 19:45:59 2014
Received: (at 423) by bugs.x2go.org; 6 May 2014 17:46:00 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
	RCVD_IN_DNSWL_BLOCKED,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from mail.cora.nwra.com (mercury.cora.nwra.com [4.28.99.165])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 5F6995DB15
	for <423@bugs.x2go.org>; Tue,  6 May 2014 19:45:59 +0200 (CEST)
Received: from [10.10.20.7] (barry.cora.nwra.com [10.10.20.7])
	(authenticated bits=0)
	by mail.cora.nwra.com (8.14.4/8.14.4) with ESMTP id s46HjuXk017756
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
	for <423@bugs.x2go.org>; Tue, 6 May 2014 11:45:57 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=cora.nwra.com;
	s=default; t=1399398357;
	bh=HvfjGngEidZvWzjdbaUfzGaueA4t8jdiuFlsBqvloa0=;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type;
	b=rq2iJRuSCA7XUJBG2r6XpJt0HAQHAdPVf8M/avnExS1FzY1u6LaTryz/7odue/LTT
	 1xfLxbG0gUGzDWHCpZ1+L00FHvuzvsYYvS1tEt7hncs1ERblRgI3Ed0lM4+LlQzz6m
	 VXw+T75LtopFb5BDQO6FQK1Zdd3oiKqKV7GxspvY=
Message-ID: <53691FD4.2050503@cora.nwra.com>
Date: Tue, 06 May 2014 11:45:56 -0600
From: Orion Poplawski <orion@cora.nwra.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: 423@bugs.x2go.org
Subject: Still present in3.5.0.23
Content-Type: multipart/mixed;
 boundary="------------060508000108070500070700"

This is a multi-part message in MIME format.
--------------060508000108070500070700
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

I'm still seeing this in 3.5.0.23:

In file included from x11trans.c:80:0:
../../lib/xtrans/Xtranssock.c: In function '_NXGetUnixDir':
../../lib/xtrans/Xtranssock.c:377:5: error: format not a string literal and no 
format arguments [-Werror=format-security]
      PRMSG (3, "_NXGetUnixDir(%s)\n", dir, 0, 0);
      ^
../../lib/xtrans/Xtranssock.c: In function '_NXGetUnixPath':
../../lib/xtrans/Xtranssock.c:446:5: error: format not a string literal and no 
format arguments [-Werror=format-security]
      PRMSG (3, "_NXGetUnixPath(%s)\n", path, 0, 0);
      ^
I don't see that this patch is actually applied.


-- 
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion@nwra.com
Boulder, CO 80301                   http://www.nwra.com

--------------060508000108070500070700
Content-Type: text/x-patch;
 name="nx-libs-format.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="nx-libs-format.patch"

diff -up nx-libs-3.5.0.22/nx-X11/lib/xtrans/Xtransint.h.format nx-libs-3.5.0.22/nx-X11/lib/xtrans/Xtransint.h
--- nx-libs-3.5.0.22/nx-X11/lib/xtrans/Xtransint.h.format	2014-01-04 13:39:35.000000000 -0700
+++ nx-libs-3.5.0.22/nx-X11/lib/xtrans/Xtransint.h	2014-01-24 20:29:37.678919812 -0700
@@ -443,7 +443,7 @@ static int trans_mkdir (
 			int hack= 0, saveerrno=errno; \
                         struct timeval tp;\
                         gettimeofday(&tp,0); \
-			ErrorF(__xtransname); \
+			ErrorF("%s",__xtransname); \
 			ErrorF(x+hack,a,b,c); \
                         ErrorF("timestamp (ms): %d\n",tp.tv_sec*1000+tp.tv_usec/1000); \
 			errno=saveerrno; \
@@ -453,7 +453,7 @@ static int trans_mkdir (
 			int hack= 0, saveerrno=errno; \
                         struct timeval tp;\
                         gettimeofday(&tp,0); \
-			fprintf(stderr, __xtransname); fflush(stderr); \
+			fprintf(stderr, "%s",__xtransname); fflush(stderr); \
 			fprintf(stderr, x+hack,a,b,c); fflush(stderr); \
                         fprintf(stderr, "timestamp (ms): %d\n",tp.tv_sec*1000+tp.tv_usec/1000); \
                         fflush(stderr); \
@@ -465,14 +465,14 @@ static int trans_mkdir (
 /* Use ErrorF() for the X server */
 #define PRMSG(lvl,x,a,b,c)	if (lvl <= XTRANSDEBUG){ \
 			int hack= 0, saveerrno=errno; \
-			ErrorF(__xtransname); \
+			ErrorF("%s",__xtransname); \
 			ErrorF(x+hack,a,b,c); \
 			errno=saveerrno; \
 			} else ((void)0)
 #else
 #define PRMSG(lvl,x,a,b,c)	if (lvl <= XTRANSDEBUG){ \
 			int hack= 0, saveerrno=errno; \
-			fprintf(stderr, __xtransname); fflush(stderr); \
+			fprintf(stderr, "%s",__xtransname); fflush(stderr); \
 			fprintf(stderr, x+hack,a,b,c); fflush(stderr); \
 			errno=saveerrno; \
 			} else ((void)0)
diff -up nx-libs-3.5.0.22/nx-X11/programs/nxauth/process.c.format nx-libs-3.5.0.22/nx-X11/programs/nxauth/process.c
--- nx-libs-3.5.0.22/nx-X11/programs/nxauth/process.c.format	2014-01-04 13:39:35.000000000 -0700
+++ nx-libs-3.5.0.22/nx-X11/programs/nxauth/process.c	2014-01-28 22:52:26.100107437 -0700
@@ -974,7 +974,7 @@ fprintfhex(register FILE *fp, int len, c
     char *hex;
 
     hex = bintohex(len, cp);
-    fprintf(fp, hex);
+    fprintf(fp, "%s", hex);
     free(hex);
 }
 
diff -up nx-libs-3.5.0.22/nx-X11/programs/Xserver/GL/glx/glximports.c.format nx-libs-3.5.0.22/nx-X11/programs/Xserver/GL/glx/glximports.c
--- nx-libs-3.5.0.22/nx-X11/programs/Xserver/GL/glx/glximports.c.format	2014-01-04 13:39:35.000000000 -0700
+++ nx-libs-3.5.0.22/nx-X11/programs/Xserver/GL/glx/glximports.c	2014-01-27 20:26:27.614602671 -0700
@@ -110,12 +110,12 @@ void *__glXImpRealloc(__GLcontext *gc, v
 
 void __glXImpWarning(__GLcontext *gc, char *msg)
 {
-    ErrorF((char *)msg);
+    ErrorF("%s",(char *)msg);
 }
 
 void __glXImpFatal(__GLcontext *gc, char *msg)
 {
-    ErrorF((char *)msg);
+    ErrorF("%s",(char *)msg);
     __glXAbort();
 }
 
diff -up nx-libs-3.5.0.22/nx-X11/programs/Xserver/hw/nxagent/Error.c.format nx-libs-3.5.0.22/nx-X11/programs/Xserver/hw/nxagent/Error.c
--- nx-libs-3.5.0.22/nx-X11/programs/Xserver/hw/nxagent/Error.c.format	2014-01-04 13:41:35.000000000 -0700
+++ nx-libs-3.5.0.22/nx-X11/programs/Xserver/hw/nxagent/Error.c	2014-01-28 20:35:13.602642690 -0700
@@ -232,7 +232,7 @@ static int nxagentPrintError(dpy, event,
 
 int nxagentExitHandler(const char *message)
 {
-  FatalError(message);
+  FatalError("%s", message);
 
   return 0;
 }
diff -up nx-libs-3.5.0.22/nx-X11/programs/Xserver/hw/nxagent/Init.c.format nx-libs-3.5.0.22/nx-X11/programs/Xserver/hw/nxagent/Init.c
--- nx-libs-3.5.0.22/nx-X11/programs/Xserver/hw/nxagent/Init.c.format	2014-01-04 13:41:35.000000000 -0700
+++ nx-libs-3.5.0.22/nx-X11/programs/Xserver/hw/nxagent/Init.c	2014-01-27 20:53:59.551990127 -0700
@@ -509,7 +509,7 @@ void OsVendorVErrorFFunction(const char
 
     nxagentStartRedirectToClientsLog();
 
-    fprintf(stderr, buffer);
+    fprintf(stderr, "%s", buffer);
 
     nxagentEndRedirectToClientsLog();
   }
diff -up nx-libs-3.5.0.22/nx-X11/programs/Xserver/os/log.c.format nx-libs-3.5.0.22/nx-X11/programs/Xserver/os/log.c
--- nx-libs-3.5.0.22/nx-X11/programs/Xserver/os/log.c.format	2014-01-04 13:39:35.000000000 -0700
+++ nx-libs-3.5.0.22/nx-X11/programs/Xserver/os/log.c	2014-01-27 20:01:29.741979120 -0700
@@ -692,9 +692,9 @@ Error(char *str)
 	    return;
 	sprintf(err, "%s: ", str);
 	strcat(err, strerror(saveErrno));
-	LogWrite(-1, err);
+	LogWrite(-1, "%s", err);
     } else
-	LogWrite(-1, strerror(saveErrno));
+	LogWrite(-1, "%s", strerror(saveErrno));
 }
 
 void

--------------060508000108070500070700--