diff --git a/drgeo-1.1.0-format-security.patch b/drgeo-1.1.0-format-security.patch index 9c3843c..e7cc500 100644 --- a/drgeo-1.1.0-format-security.patch +++ b/drgeo-1.1.0-format-security.patch @@ -1,85 +1,80 @@ ---- a/drgeo-1.1.0-format-security.patch -+++ a/drgeo-1.1.0-format-security.patch -@@ -0,0 +1,82 @@ -+These are actually arrays of string literals, but there doesn't seem to -+be a way of convincing gcc of that -+ -+--- a/geo/drgeo_postscriptdrawable.cc -++++ b/geo/drgeo_postscriptdrawable.cc -+@@ -130,8 +130,8 @@ drgeoPostScriptDrawable::drawPoint (drgeoStyle & style, drgeoPoint & point) -+ p = areaToPostScript (point); -+ -+ /* we're initializing color and line width */ -+- fprintf (fileHandle, postscriptColor[style.color]); -+- fprintf (fileHandle, postscriptLineWidth[drgeoThicknessNormal + 1]); -++ fprintf (fileHandle, "%s", postscriptColor[style.color]); -++ fprintf (fileHandle, "%s", postscriptLineWidth[drgeoThicknessNormal + 1]); -+ -+ switch (style.pointShape) -+ { -+@@ -207,9 +207,9 @@ drawPolygon (drgeoStyle & style, drgeoPoint * point, gint number) -+ gint nb; -+ -+ /* we're initializing color and line width */ -+- fprintf (fileHandle, postscriptColor[style.color]); -++ fprintf (fileHandle, "%s", postscriptColor[style.color]); -+ /* Invisible line. */ -+- fprintf (fileHandle, postscriptLineWidth[0]); -++ fprintf (fileHandle, "%s", postscriptLineWidth[0]); -+ -+ fprintf (fileHandle, "%%Polygon\nnewpath\n"); -+ -+@@ -235,11 +235,11 @@ drawSegment (drgeoStyle & style, drgeoPoint & start, drgeoPoint & end) -+ p2 = areaToPostScript (end); -+ p1 = areaToPostScript (start); -+ -+- fprintf (fileHandle, postscriptColor[style.color]); -++ fprintf (fileHandle, "%s", postscriptColor[style.color]); -+ if (style.mask == yes) -+- fprintf (fileHandle, postscriptLineWidth[0]); -++ fprintf (fileHandle, "%s", postscriptLineWidth[0]); -+ else -+- fprintf (fileHandle, postscriptLineWidth[style.thick + 1]); -++ fprintf (fileHandle, "%s", postscriptLineWidth[style.thick + 1]); -+ fprintf (fileHandle, -+ "%% Segment\n%f %f moveto %f %f lineto stroke\n", -+ p1.getX () * PostScriptScale, p1.getY () * PostScriptScale, -+@@ -263,11 +263,11 @@ drawCircle (drgeoStyle & style, drgeoPoint & center, double radius) -+ drgeoPoint p; -+ -+ p = areaToPostScript (center); -+- fprintf (fileHandle, postscriptColor[style.color]); -++ fprintf (fileHandle, "%s", postscriptColor[style.color]); -+ if (style.mask == yes) -+- fprintf (fileHandle, postscriptLineWidth[0]); -++ fprintf (fileHandle, "%s", postscriptLineWidth[0]); -+ else -+- fprintf (fileHandle, postscriptLineWidth[style.thick + 1]); -++ fprintf (fileHandle, "%s", postscriptLineWidth[style.thick + 1]); -+ fprintf (fileHandle, -+ /* is there a better way to draw a circle in ps ? */ -+ "%% Circle\n%f %f moveto %f %f %f 0 360 arc closepath stroke\n", -+@@ -285,11 +285,11 @@ drawArc (drgeoStyle & style, drgeoPoint & center, double radius, -+ drgeoPoint p, startPoint; -+ -+ p = areaToPostScript (center); -+- fprintf (fileHandle, postscriptColor[style.color]); -++ fprintf (fileHandle, "%s", postscriptColor[style.color]); -+ if (style.mask == yes) -+- fprintf (fileHandle, postscriptLineWidth[0]); -++ fprintf (fileHandle, "%s", postscriptLineWidth[0]); -+ else -+- fprintf (fileHandle, postscriptLineWidth[style.thick + 1]); -++ fprintf (fileHandle, "%s", postscriptLineWidth[style.thick + 1]); -+ -+ -+ -+@@ -336,7 +336,7 @@ drawText (drgeoPoint & where, char *text, drgeoColorType fontColor) -+ // FIXME: how to handle this correctly ? -+ convString = g_convert (text, -1, "iso8859-1", "utf-8", NULL, NULL, NULL); -+ -+- fprintf (fileHandle, postscriptColor[fontColor]); -++ fprintf (fileHandle, "%s", postscriptColor[fontColor]); -+ /* The size of the font is arbitrary : 10 points */ -+ fprintf (fileHandle, -+ "%% Text\n/Times findfont 10 scalefont setfont %f %f moveto (%s) show\n", +diff -up drgeo-1.1.0/geo/drgeo_postscriptdrawable.cc.format-security drgeo-1.1.0/geo/drgeo_postscriptdrawable.cc +--- drgeo-1.1.0/geo/drgeo_postscriptdrawable.cc.format-security 2003-11-05 16:29:13.000000000 -0700 ++++ drgeo-1.1.0/geo/drgeo_postscriptdrawable.cc 2014-06-12 22:24:29.887507667 -0600 +@@ -130,8 +130,8 @@ drgeoPostScriptDrawable::drawPoint (drge + p = areaToPostScript (point); + + /* we're initializing color and line width */ +- fprintf (fileHandle, postscriptColor[style.color]); +- fprintf (fileHandle, postscriptLineWidth[drgeoThicknessNormal + 1]); ++ fprintf (fileHandle, "%s", postscriptColor[style.color]); ++ fprintf (fileHandle, "%s", postscriptLineWidth[drgeoThicknessNormal + 1]); + + switch (style.pointShape) + { +@@ -207,9 +207,9 @@ drawPolygon (drgeoStyle & style, drgeoPo + gint nb; + + /* we're initializing color and line width */ +- fprintf (fileHandle, postscriptColor[style.color]); ++ fprintf (fileHandle, "%s", postscriptColor[style.color]); + /* Invisible line. */ +- fprintf (fileHandle, postscriptLineWidth[0]); ++ fprintf (fileHandle, "%s", postscriptLineWidth[0]); + + fprintf (fileHandle, "%%Polygon\nnewpath\n"); + +@@ -235,11 +235,11 @@ drawSegment (drgeoStyle & style, drgeoPo + p2 = areaToPostScript (end); + p1 = areaToPostScript (start); + +- fprintf (fileHandle, postscriptColor[style.color]); ++ fprintf (fileHandle, "%s", postscriptColor[style.color]); + if (style.mask == yes) +- fprintf (fileHandle, postscriptLineWidth[0]); ++ fprintf (fileHandle, "%s", postscriptLineWidth[0]); + else +- fprintf (fileHandle, postscriptLineWidth[style.thick + 1]); ++ fprintf (fileHandle, "%s", postscriptLineWidth[style.thick + 1]); + fprintf (fileHandle, + "%% Segment\n%f %f moveto %f %f lineto stroke\n", + p1.getX () * PostScriptScale, p1.getY () * PostScriptScale, +@@ -263,11 +263,11 @@ drawCircle (drgeoStyle & style, drgeoPoi + drgeoPoint p; + + p = areaToPostScript (center); +- fprintf (fileHandle, postscriptColor[style.color]); ++ fprintf (fileHandle, "%s", postscriptColor[style.color]); + if (style.mask == yes) +- fprintf (fileHandle, postscriptLineWidth[0]); ++ fprintf (fileHandle, "%s", postscriptLineWidth[0]); + else +- fprintf (fileHandle, postscriptLineWidth[style.thick + 1]); ++ fprintf (fileHandle, "%s", postscriptLineWidth[style.thick + 1]); + fprintf (fileHandle, + /* is there a better way to draw a circle in ps ? */ + "%% Circle\n%f %f moveto %f %f %f 0 360 arc closepath stroke\n", +@@ -285,11 +285,11 @@ drawArc (drgeoStyle & style, drgeoPoint + drgeoPoint p, startPoint; + + p = areaToPostScript (center); +- fprintf (fileHandle, postscriptColor[style.color]); ++ fprintf (fileHandle, "%s", postscriptColor[style.color]); + if (style.mask == yes) +- fprintf (fileHandle, postscriptLineWidth[0]); ++ fprintf (fileHandle, "%s", postscriptLineWidth[0]); + else +- fprintf (fileHandle, postscriptLineWidth[style.thick + 1]); ++ fprintf (fileHandle, "%s", postscriptLineWidth[style.thick + 1]); + + + +@@ -336,7 +336,7 @@ drawText (drgeoPoint & where, char *text + // FIXME: how to handle this correctly ? + convString = g_convert (text, -1, "iso8859-1", "utf-8", NULL, NULL, NULL); + +- fprintf (fileHandle, postscriptColor[fontColor]); ++ fprintf (fileHandle, "%s", postscriptColor[fontColor]); + /* The size of the font is arbitrary : 10 points */ + fprintf (fileHandle, + "%% Text\n/Times findfont 10 scalefont setfont %f %f moveto (%s) show\n",