Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#73877 - [profanity] FTBFS due to string format security error

Attached to Project: Community Packages
Opened by Jeffrey Pan (XieJiSS) - Saturday, 19 February 2022, 06:31 GMT
Last edited by freswa (frederik) - Wednesday, 02 March 2022, 21:36 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Levente Polyak (anthraxx)
freswa (frederik)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

src/ui/titlebar.c:528:9: error: format not a string literal and no format arguments [-Werror=format-security]
528 | wprintw(win, pgpmsg->str);
| ^~~~~~~

(similar logs truncated)

Additional info:
* package version(s) 0.11.1
* config and/or log files etc.
* link to upstream bug report, if any

Steps to reproduce:

1. asp checkout
2. extra-x86_64-build

Proposed patch:

diff --git a/trunk/PKGBUILD b/trunk/PKGBUILD
index 886c038..ed16462 100644
--- a/trunk/PKGBUILD
+++ b/trunk/PKGBUILD
@@ -26,13 +26,28 @@ makedepends=(
${_clidepends[@]} ${_gtkdepends[@]} 'autoconf-archive'
)
checkdepends=('cmocka')
-source=(https://github.com/profanity-im/profanity/archive/${pkgver}/${pkgbase}-${pkgver}.tar.gz)
-sha256sums=('6a8b0b5a478c3a2b17b8c2eb572a3173a70b4c3740c61dd638a2d04a45147f9f')
-sha512sums=('560116b85516f883711f54f2229619b49179666c6a5459df0dec311cc5ab6919bf648f14888b09f5c4f13a2d834f3c598967fe84ecf1169bc197274e8b5aaa93')
-b2sums=('07aac723f080b482295a2f1f12c7ab0dfa2112d7690bf4c05412497d14dc09dafbb0933650c5240aa465fadbc5a13d48384a7679809925cc47e8b01685cc7a81')
+source=(https://github.com/profanity-im/profanity/archive/${pkgver}/${pkgbase}-${pkgver}.tar.gz
+ fix-titlebar-format-1.patch::https://github.com/profanity-im/profanity/commit/fd9ccec8dc604902bbb1d444dba4223ccee0a092.diff
+ fix-titlebar-format-2.patch::https://github.com/profanity-im/profanity/commit/e5b6258c997d4faf36e2ffb8a47b386c5629b4eb.diff
+ fix-statusbar-format.patch::https://github.com/profanity-im/profanity/commit/242696f09a49c8446ba6aef8bdad65fb58a77715.diff)
+sha256sums=('6a8b0b5a478c3a2b17b8c2eb572a3173a70b4c3740c61dd638a2d04a45147f9f'
+ '98cb916cad06bea3cec9d274cbed926569f67480224d3e267fabf10460bf4a6f'
+ 'e09c0bc03527c3f9b5db027d087ac7b04323faad50bcb2a7b8e04c9ef934ca40'
+ 'fed6faf5e93c6d7a2d837d0a97c70680bc7e00a8946313e3e61f8426ae324688')
+sha512sums=('560116b85516f883711f54f2229619b49179666c6a5459df0dec311cc5ab6919bf648f14888b09f5c4f13a2d834f3c598967fe84ecf1169bc197274e8b5aaa93'
+ 'ecfb6852e9291e983a8533832c9f28d311ae36103a5332a2870c9ef396f1f9de26b087b16c7b1c4eb61a415b072a3579d0a7beeb00c5dc971235507c4a7b68fb'
+ 'b39d7be7dbd87e68c88e71a98d7fab9fceb2b836fb0c0a8877ad1ffc8b459928a0238c9a2c4d861b30d9dbf54eeab246a492fcdd99fdb1edf2b41f65ea1bf16f'
+ 'b2ecb04467329f416993634ed54d6dffec244387b17049b027633354cbbe6ff44b9a81f92cc38d90dc3efda92c28b2e91268e0cc0d28464f968ee6a19a98a01a')
+b2sums=('07aac723f080b482295a2f1f12c7ab0dfa2112d7690bf4c05412497d14dc09dafbb0933650c5240aa465fadbc5a13d48384a7679809925cc47e8b01685cc7a81'
+ '366859f853842704bf1762b02b3f47515243a004e08d8548a6dde937ef062ee5ba599e04ecded5b977c96874f36230a3de9d70a1476159fae2441c9ef1f12f49'
+ '71db67060d7c04eac89c3a5a72c3c1afc7cf1f2e546fc967202f51fedb67effb0fe62d80fc71df2a1f8554210ee9a23c4445c551e8af5508bd1ec5e9d72fddfb'
+ 'd02ed4496ea2efa8fad24393152725285f1946813bd04d734d2ca8ac5072a8067d0f9f6163cdfc3af61801295a8eedba75ed5e9cf81c56bcb6411717119cc158')

prepare() {
cd ${pkgname}-${pkgver}
+ patch -Np1 -i ../fix-titlebar-format-1.patch
+ patch -Np1 -i ../fix-titlebar-format-2.patch
+ patch -Np1 -i ../fix-statusbar-format.patch
mkdir -p m4
autoreconf -fiv
cp -a "${srcdir}"/${pkgname}-${pkgver}{,-gtk}


(The provided checksums should be regenerated by maintainers)
This task depends upon

Closed by  freswa (frederik)
Wednesday, 02 March 2022, 21:36 GMT
Reason for closing:  Fixed
Additional comments about closing:  profanity-1:0.11.1-4

Loading...