From orion@cora.nwra.com  Thu Jan 30 03:27:26 2014
Received: (at submit) by bugs.x2go.org; 30 Jan 2014 02:27:27 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID
	autolearn=ham version=3.3.2
Received: from mail.cora.nwra.com (mercury.cora.nwra.com [4.28.99.165])
	by ymir (Postfix) with ESMTPS id E1EEF5DA6C
	for <submit@bugs.x2go.org>; Thu, 30 Jan 2014 03:27:25 +0100 (CET)
Received: from pacas.cora.nwra.com (75-171-163-5.hlrn.qwest.net [75.171.163.5])
	(authenticated bits=0)
	by mail.cora.nwra.com (8.14.4/8.14.4) with ESMTP id s0U2RLT2004321
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
	for <submit@bugs.x2go.org>; Wed, 29 Jan 2014 19:27:23 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=cora.nwra.com;
	s=default; t=1391048844;
	bh=+c6hJsXCfMloIadt5wvdRx3YHnb0tnaj0xwLoEODXe0=;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type;
	b=cbjKvkYSUgeGq/7UM85DM7fjwAbCwOaQ9eQ6seJQZ6MrNHiH+ZeJSyzyaDAfZ6LeB
	 R577WyAxbgS4OGRsFj/NsJV6cUfv92532A4q563/qCOSOgi8QQEPBtOEZ7OXkD0YRR
	 M3lWoKQMleIsYSM/+U+e2M7ych1lQXuyKIOLR5jA=
Message-ID: <52E9B889.8090000@cora.nwra.com>
Date: Wed, 29 Jan 2014 19:27:21 -0700
From: Orion Poplawski <orion@cora.nwra.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: submit@bugs.x2go.org
Subject: FIx more -Werror=format-security errors
X-Enigmail-Version: 1.6
Content-Type: multipart/mixed;
 boundary="------------020404070505030607010601"

This is a multi-part message in MIME format.
--------------020404070505030607010601
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Package: nx-libs
Version: 3.5.0.22
Tags: patch

The attached patch fixes more -Werror=format-security errors.
Interestingly, most of the errors only showed up on our arm builds.  No
idea why.

-- 
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA/CoRA Division                    FAX: 303-415-9702
3380 Mitchell Lane                  orion@cora.nwra.com
Boulder, CO 80301              http://www.cora.nwra.com

--------------020404070505030607010601
Content-Type: text/x-patch;
 name="nx-libs-format.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="nx-libs-format.patch"

diff -up nx-libs-3.5.0.22/nx-X11/lib/xtrans/Xtransint.h.format nx-libs-3.5.0.22/nx-X11/lib/xtrans/Xtransint.h
--- nx-libs-3.5.0.22/nx-X11/lib/xtrans/Xtransint.h.format	2014-01-04 13:39:35.000000000 -0700
+++ nx-libs-3.5.0.22/nx-X11/lib/xtrans/Xtransint.h	2014-01-24 20:29:37.678919812 -0700
@@ -443,7 +443,7 @@ static int trans_mkdir (
 			int hack= 0, saveerrno=errno; \
                         struct timeval tp;\
                         gettimeofday(&tp,0); \
-			ErrorF(__xtransname); \
+			ErrorF("%s",__xtransname); \
 			ErrorF(x+hack,a,b,c); \
                         ErrorF("timestamp (ms): %d\n",tp.tv_sec*1000+tp.tv_usec/1000); \
 			errno=saveerrno; \
@@ -453,7 +453,7 @@ static int trans_mkdir (
 			int hack= 0, saveerrno=errno; \
                         struct timeval tp;\
                         gettimeofday(&tp,0); \
-			fprintf(stderr, __xtransname); fflush(stderr); \
+			fprintf(stderr, "%s",__xtransname); fflush(stderr); \
 			fprintf(stderr, x+hack,a,b,c); fflush(stderr); \
                         fprintf(stderr, "timestamp (ms): %d\n",tp.tv_sec*1000+tp.tv_usec/1000); \
                         fflush(stderr); \
@@ -465,14 +465,14 @@ static int trans_mkdir (
 /* Use ErrorF() for the X server */
 #define PRMSG(lvl,x,a,b,c)	if (lvl <= XTRANSDEBUG){ \
 			int hack= 0, saveerrno=errno; \
-			ErrorF(__xtransname); \
+			ErrorF("%s",__xtransname); \
 			ErrorF(x+hack,a,b,c); \
 			errno=saveerrno; \
 			} else ((void)0)
 #else
 #define PRMSG(lvl,x,a,b,c)	if (lvl <= XTRANSDEBUG){ \
 			int hack= 0, saveerrno=errno; \
-			fprintf(stderr, __xtransname); fflush(stderr); \
+			fprintf(stderr, "%s",__xtransname); fflush(stderr); \
 			fprintf(stderr, x+hack,a,b,c); fflush(stderr); \
 			errno=saveerrno; \
 			} else ((void)0)
diff -up nx-libs-3.5.0.22/nx-X11/programs/nxauth/process.c.format nx-libs-3.5.0.22/nx-X11/programs/nxauth/process.c
--- nx-libs-3.5.0.22/nx-X11/programs/nxauth/process.c.format	2014-01-04 13:39:35.000000000 -0700
+++ nx-libs-3.5.0.22/nx-X11/programs/nxauth/process.c	2014-01-28 22:52:26.100107437 -0700
@@ -974,7 +974,7 @@ fprintfhex(register FILE *fp, int len, c
     char *hex;
 
     hex = bintohex(len, cp);
-    fprintf(fp, hex);
+    fprintf(fp, "%s", hex);
     free(hex);
 }
 
diff -up nx-libs-3.5.0.22/nx-X11/programs/Xserver/GL/glx/glximports.c.format nx-libs-3.5.0.22/nx-X11/programs/Xserver/GL/glx/glximports.c
--- nx-libs-3.5.0.22/nx-X11/programs/Xserver/GL/glx/glximports.c.format	2014-01-04 13:39:35.000000000 -0700
+++ nx-libs-3.5.0.22/nx-X11/programs/Xserver/GL/glx/glximports.c	2014-01-27 20:26:27.614602671 -0700
@@ -110,12 +110,12 @@ void *__glXImpRealloc(__GLcontext *gc, v
 
 void __glXImpWarning(__GLcontext *gc, char *msg)
 {
-    ErrorF((char *)msg);
+    ErrorF("%s",(char *)msg);
 }
 
 void __glXImpFatal(__GLcontext *gc, char *msg)
 {
-    ErrorF((char *)msg);
+    ErrorF("%s",(char *)msg);
     __glXAbort();
 }
 
diff -up nx-libs-3.5.0.22/nx-X11/programs/Xserver/hw/nxagent/Error.c.format nx-libs-3.5.0.22/nx-X11/programs/Xserver/hw/nxagent/Error.c
--- nx-libs-3.5.0.22/nx-X11/programs/Xserver/hw/nxagent/Error.c.format	2014-01-04 13:41:35.000000000 -0700
+++ nx-libs-3.5.0.22/nx-X11/programs/Xserver/hw/nxagent/Error.c	2014-01-28 20:35:13.602642690 -0700
@@ -232,7 +232,7 @@ static int nxagentPrintError(dpy, event,
 
 int nxagentExitHandler(const char *message)
 {
-  FatalError(message);
+  FatalError("%s", message);
 
   return 0;
 }
diff -up nx-libs-3.5.0.22/nx-X11/programs/Xserver/hw/nxagent/Init.c.format nx-libs-3.5.0.22/nx-X11/programs/Xserver/hw/nxagent/Init.c
--- nx-libs-3.5.0.22/nx-X11/programs/Xserver/hw/nxagent/Init.c.format	2014-01-04 13:41:35.000000000 -0700
+++ nx-libs-3.5.0.22/nx-X11/programs/Xserver/hw/nxagent/Init.c	2014-01-27 20:53:59.551990127 -0700
@@ -509,7 +509,7 @@ void OsVendorVErrorFFunction(const char
 
     nxagentStartRedirectToClientsLog();
 
-    fprintf(stderr, buffer);
+    fprintf(stderr, "%s", buffer);
 
     nxagentEndRedirectToClientsLog();
   }
diff -up nx-libs-3.5.0.22/nx-X11/programs/Xserver/os/log.c.format nx-libs-3.5.0.22/nx-X11/programs/Xserver/os/log.c
--- nx-libs-3.5.0.22/nx-X11/programs/Xserver/os/log.c.format	2014-01-04 13:39:35.000000000 -0700
+++ nx-libs-3.5.0.22/nx-X11/programs/Xserver/os/log.c	2014-01-27 20:01:29.741979120 -0700
@@ -692,9 +692,9 @@ Error(char *str)
 	    return;
 	sprintf(err, "%s: ", str);
 	strcat(err, strerror(saveErrno));
-	LogWrite(-1, err);
+	LogWrite(-1, "%s", err);
     } else
-	LogWrite(-1, strerror(saveErrno));
+	LogWrite(-1, "%s", strerror(saveErrno));
 }
 
 void

--------------020404070505030607010601--