aboutsummaryrefslogtreecommitdiff
Copied from Fedora.

http://pkgs.fedoraproject.org/cgit/unzip.git/plain/unzip-6.0-format-secure.patch?id=d18f821e

diff --git a/extract.c b/extract.c
index eeb2f57..a0a4929 100644
--- a/extract.c
+++ b/extract.c
@@ -472,8 +472,8 @@ int extract_or_test_files(__G)    /* return PK-type error code */
                      */
                     Info(slide, 0x401, ((char *)slide,
                       LoadFarString(CentSigMsg), j + blknum*DIR_BLKSIZ + 1));
-                    Info(slide, 0x401, ((char *)slide,
-                      LoadFarString(ReportMsg)));
+                    Info(slide, 0x401,
+                         ((char *)slide,"%s", LoadFarString(ReportMsg)));
                     error_in_archive = PK_BADERR;
                 }
                 reached_end = TRUE;     /* ...so no more left to do */
@@ -752,8 +752,8 @@ int extract_or_test_files(__G)    /* return PK-type error code */
 
 #ifndef SFX
     if (no_endsig_found) {                      /* just to make sure */
-        Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
-        Info(slide, 0x401, ((char *)slide, LoadFarString(ReportMsg)));
+        Info(slide, 0x401, ((char *)slide,"%s", LoadFarString(EndSigMsg)));
+        Info(slide, 0x401, ((char *)slide,"%s", LoadFarString(ReportMsg)));
         if (!error_in_archive)       /* don't overwrite stronger error */
             error_in_archive = PK_WARN;
     }
diff --git a/list.c b/list.c
index 15e0011..f7359c3 100644
--- a/list.c
+++ b/list.c
@@ -181,7 +181,7 @@ int list_files(__G)    /* return PK-type error code */
                 Info(slide, 0x401,
                      ((char *)slide, LoadFarString(CentSigMsg), j));
                 Info(slide, 0x401,
-                     ((char *)slide, LoadFarString(ReportMsg)));
+                     ((char *)slide,"%s", LoadFarString(ReportMsg)));
                 return PK_BADERR;   /* sig not found */
             }
         }
@@ -507,7 +507,8 @@ int list_files(__G)    /* return PK-type error code */
             && (!G.ecrec.is_zip64_archive)
             && (memcmp(G.sig, end_central_sig, 4) != 0)
            ) {          /* just to make sure again */
-            Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
+            Info(slide, 0x401, 
+                 ((char *)slide,"%s", LoadFarString(EndSigMsg)));
             error_in_archive = PK_WARN;   /* didn't find sig */
         }
 
@@ -591,7 +592,7 @@ int get_time_stamp(__G__ last_modtime, nmember)  /* return PK-type error code */
                 Info(slide, 0x401,
                      ((char *)slide, LoadFarString(CentSigMsg), j));
                 Info(slide, 0x401,
-                     ((char *)slide, LoadFarString(ReportMsg)));
+                     ((char *)slide,"%s", LoadFarString(ReportMsg)));
                 return PK_BADERR;   /* sig not found */
             }
         }
@@ -674,7 +675,7 @@ int get_time_stamp(__G__ last_modtime, nmember)  /* return PK-type error code */
   ---------------------------------------------------------------------------*/
 
     if (memcmp(G.sig, end_central_sig, 4)) {    /* just to make sure again */
-        Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
+        Info(slide, 0x401, ((char *)slide,"%s", LoadFarString(EndSigMsg)));
         error_in_archive = PK_WARN;
     }
     if (*nmember == 0L && error_in_archive <= PK_WARN)
diff --git a/zipinfo.c b/zipinfo.c
index 6e22cc8..ac5c61b 100644
--- a/zipinfo.c
+++ b/zipinfo.c
@@ -771,7 +771,7 @@ int zipinfo(__G)   /* return PK-type error code */
                 Info(slide, 0x401,
                      ((char *)slide, LoadFarString(CentSigMsg), j));
                 Info(slide, 0x401,
-                     ((char *)slide, LoadFarString(ReportMsg)));
+                     ((char *)slide,"%s", LoadFarString(ReportMsg)));
                 error_in_archive = PK_BADERR;   /* sig not found */
                 break;
             }
@@ -960,7 +960,8 @@ int zipinfo(__G)   /* return PK-type error code */
             && (!G.ecrec.is_zip64_archive)
             && (memcmp(G.sig, end_central_sig, 4) != 0)
            ) {          /* just to make sure again */
-            Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
+            Info(slide, 0x401, 
+                 ((char *)slide,"%s", LoadFarString(EndSigMsg)));
             error_in_archive = PK_WARN;   /* didn't find sig */
         }
 
ke 2020-03-10gnu: hplip: Update to 3.20.3....* gnu/packages/cups.scm (hplip): Update to 3.20.3. Tobias Geerinckx-Rice 2020-03-10gnu: hplip: Update source hash....The tarball was modified in-place. See <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=40017>. * gnu/packages/cups.scm (hplip)[source]: Update tarball hash. Reported-by: Mark H Weaver <mhw@netris.org> Tobias Geerinckx-Rice 2020-03-10Merge branch 'master' into core-updatesMarius Bakke 2020-03-09Merge branch 'master' into stagingMarius Bakke 2020-03-07gnu: hplip: Update to 3.20.2....* gnu/packages/cups.scm (hplip): Update to 3.20.2. Tobias Geerinckx-Rice 2020-02-24gnu: cups-filters: Update to 1.27.1....* gnu/packages/cups.scm (cups-filters): Update to 1.27.1. Marius Bakke 2020-02-14Merge branch 'master' into core-updatesMarius Bakke 2020-02-14gnu: cups-filters: Update to 1.27.0....* gnu/packages/cups.scm (cups-filters): Update to 1.27.0. Marius Bakke 2020-02-13gnu: foo2zjs: Update to 20200207....* gnu/packages/cups.scm (foo2zjs): Update to 20200207. Tobias Geerinckx-Rice 2020-01-22gnu: Replace uses of 'libjpeg' with 'libjpeg-turbo'....* gnu/packages/abiword.scm (abiword)[inputs]: Change from LIBJPEG to LIBJPEG-TURBO. * gnu/packages/admin.scm (testdisk)[inputs]: Likewise. * gnu/packages/algebra.scm (giac)[inputs]: Likewise. * gnu/packages/animation.scm (synfig)[inputs]: Likewise. * gnu/packages/astronomy.scm (gnuastro, celestia)[inputs]: Likewise. * gnu/packages/cdrom.scm (dvdstyler)[inputs]: Likewise. * gnu/packages/cran.scm (r-jpeg, r-tiff, r-readbitmap)[inputs]: Likewise. * gnu/packages/cups.scm (cups-filters, hplip)[inputs]: Likewise. * gnu/packages/display-managers.scm (slim)[inputs]: Likewise. * gnu/packages/ebook.scm (fbreader)[inputs]: Likewise. * gnu/packages/emacs.scm (emacs)[inputs]: Likewise. * gnu/packages/enlightenment.scm (efl)[propagated-inputs]: Likewise. * gnu/packages/fltk.scm (fltk, ntk)[inputs]: Likewise. * gnu/packages/fontutils.scm (fontforge)[inputs]: Likewise. * gnu/packages/freedesktop.scm (weston)[inputs]: Likewise. * gnu/packages/game-development.scm (sfml, allegro, aseprite, python-pygame, eureka, ioquake3)[inputs]: Likewise. * gnu/packages/games.scm (adanaxisgpl, freedroidrpg, irrlicht, minetest, fizmo, supertuxkart, gzdoom, xmoto, xonotic)[inputs]: Likewise. * gnu/packages/gd.scm (gd, perl-gd)[inputs]: Likewise. * gnu/packages/ghostscript.scm (lcms)[inputs]: Likewise. (ghostscript)[inputs, native-inputs]: Likewise. * gnu/packages/gimp.scm (gegl, gimp)[inputs]: Likewise. * gnu/packages/gnome.scm (libgnomeui, eog, tracker-miners, gthumb)[inputs]: Likewise. * gnu/packages/gnunet.scm (libextractor)[inputs]: Likewise. * gnu/packages/gnustep.scm (windowmaker)[inputs]: Likewise. * gnu/packages/graphics.scm (blender, blender-2.79, openimageio, openscenegraph, openscenegraph-3.4, povray, fgallery)[inputs]: Likewise. * gnu/packages/graphviz.scm (graphviz)[inputs]: Likewise. * gnu/packages/gstreamer.scm (gst-plugins-good)[inputs]: Likewise. * gnu/packages/gtk.scm (gdk-pixbuf)[inputs]: Likewise. * gnu/packages/image-processing.scm (dcmtk, mia, vtk, opencv, vips, nip2, vxl, insight-toolkit)[inputs]: Likewise. * gnu/packages/image-viewers.scm (gpicview, luminance-hdr)[inputs]: Likewise. * gnu/packages/image.scm (jpegoptim, libtiff, leptonica, imlib2, freeimage, vigra, libwebp, libmng, jasper, steghide, jp2a)[inputs]: Likewise. * gnu/packages/imagemagick.scm (imagemagick, graphicsmagick)[inputs]: Likewise. * gnu/packages/java.scm (icedtea-6, icedtea-7, openjdk9, openjdk11, openjdk12)[inputs]: Likewise. * gnu/packages/kde-frameworks.scm (khtml)[inputs]: Likewise. * gnu/packages/kodi.scm (kodi)[inputs]: Likewise. * gnu/packages/machine-learning.scm (dlib, tensorflow)[inputs]: Likewise. * gnu/packages/mate.scm (atril, eom)[inputs]: Likewise. * gnu/packages/maths.scm (hdf4, hdf-java, hdf-eos2, netcdf)[inputs]: Likewise. * gnu/packages/netpbm.scm (netpbm)[inputs]: Likewise. * gnu/packages/pdf.scm (zathura-pdf-mupdf, podofo, mupdf, fbida)[inputs]: Likewise. * gnu/packages/photo.scm (libraw, libpano13, enblend-enfuse, darktable, hugin, rawtherapee)[inputs]: Likewise. * gnu/packages/prolog.scm (swi-prolog)[native-inputs]: Likewise. * gnu/packages/python-xyz.scm (python-hdf4, python-pillow)[inputs]: Likewise. * gnu/packages/qt.scm (qtbase, qtwebkit)[inputs]: Likewise. * gnu/packages/rdesktop.scm (freerdp)[inputs]: Likewise. * gnu/packages/scanner.scm (sane-backends, xsane)[inputs]: Likewise. * gnu/packages/scheme.scm (racket)[inputs]: Likewise. * gnu/packages/scribus.scm (scribus)[inputs]: Likewise. * gnu/packages/sdl.scm (sdl-image)[propagated-inputs]: Likewise. (guile-sdl)[native-inputs]: Likewise. * gnu/packages/spice.scm (spice-gtk)[inputs]: Likewise. * gnu/packages/statistics.scm (r-with-tests)[inputs]: Likewise. * gnu/packages/tcl.scm (perl-tk)[inputs]: Likewise. * gnu/packages/upnp.scm (readymedia)[inputs]: Likewise. * gnu/packages/video.scm (mplayer, mpv, v4l-utils, motion)[inputs]: Likewise. * gnu/packages/web-browsers.scm (dillo, links)[inputs]: Likewise. * gnu/packages/web.scm (netsurf)[inputs]: Likewise. * gnu/packages/webkit.scm (webkitgtk)[inputs]: Likewise. * gnu/packages/wine.scm (wine)[inputs]: Likewise. * gnu/packages/wv.scm (wv)[inputs]: Likewise. * gnu/packages/wxwidgets.scm (wxwidgets, wxwidgets-2)[inputs]: Likewise. * gnu/packages/xdisorg.scm (xscreensaver)[inputs]: Likewise. * gnu/packages/xfce.scm (tumbler)[inputs]: Likewise. * gnu/packages/xfig.scm (xfig, transfig)[inputs]: Likewise. * gnu/packages/xorg.scm (xpra)[inputs]: Likewise. Marius Bakke 2020-01-19gnu: cups-filters: Update to 1.26.2....* gnu/packages/cups.scm (cups-filters): Update to 1.26.2. Marius Bakke 2020-01-19gnu: cups: Update to 2.3.1....* gnu/packages/cups.scm (cups-minimal): Update to 2.3.1. Marius Bakke 2020-01-10gnu: hplip: Fix scanner model detection....* gnu/packages/cups.scm (hplip)[arguments]<#:phases>[install-models-dat]: New phase. Danny Milosavljevic 2020-01-03Merge branch 'master' into stagingMarius Bakke 2019-12-24gnu: hplip: Update to 3.19.12....* gnu/packages/cups.scm (hplip): Update to 3.19.12. Tobias Geerinckx-Rice 2019-12-11gnu: cups-filters: Update to 1.25.13....* gnu/packages/cups.scm (cups-filters): Update to 1.25.13. Marius Bakke 2019-11-15Merge branch 'master' into stagingMarius Bakke 2019-11-08gnu: hplip: Actually wrap binaries....* gnu/packages/cups.scm (hplip)[arguments]: Reduce indentation. Replace ‘wrap-binaries’ phase with a custom implementation. Tobias Geerinckx-Rice 2019-11-05gnu: hplip: Update to 3.19.11....* gnu/packages/cups.scm (hplip): Update to 3.19.11. Tobias Geerinckx-Rice 2019-11-03gnu: hplip: Update to 3.19.10....* gnu/packages/cups.scm (hplip): Update to 3.19.10. Tobias Geerinckx-Rice 2019-10-13gnu: cups-filters: Update to 1.25.11....* gnu/packages/cups.scm (cups-filters): Update to 1.25.11. Marius Bakke 2019-10-09gnu: CUPS: Update to 2.3.0....* gnu/packages/cups.scm (cups-minimal): Update to 2.3.0. [arguments]: Adjust for renamed test file. [license]: Change to ASL2.0. Marius Bakke 2019-10-09gnu: cups-filters: Update to 1.25.7....* gnu/packages/cups.scm (cups-filters): Update to 1.25.7. Marius Bakke 2019-09-11gnu: foo2zjs: Update to 20190909....* gnu/packages/cups.scm (foo2zjs): Update to 20190909. Tobias Geerinckx-Rice 2019-09-01gnu: hplip: Update to 3.19.8....* gnu/packages/cups.scm (hplip): Update to 3.19.8. [arguments]: Remove type mismatch fix. Tobias Geerinckx-Rice 2019-08-30gnu: Add splix....* gnu/packages/cups.scm (splix): New public variable. Tobias Geerinckx-Rice 2019-08-23gnu: foomatic-filters: Don't use NAME in source URI....* gnu/packages/cups.scm (foomatic-filters)[source]: Hard-code NAME. Tobias Geerinckx-Rice 2019-08-23gnu: foo2zjs: Update to 20190517....The (unversioned) tarball was modified to replace mention of ‘yum’ with ‘dnf’. * gnu/packages/cups.scm (foo2zjs): Update to 20190517. Tobias Geerinckx-Rice 2019-08-04gnu: cups-filters: Update to 1.25.1....* gnu/packages/cups.scm (cups-filters): Update to 1.25.1. Marius Bakke 2019-06-14gnu: cups-filters: Update to 1.25.0....* gnu/packages/cups.scm (cups-filters): Update to 1.25.0. Marius Bakke 2019-05-24gnu: cups-filters: Update to 1.23.0....* gnu/packages/cups.scm (cups-filters): Update to 1.23.0. Marius Bakke 2019-05-17gnu: foo2zjs: Update source hash....The tarball was modified in place, adding one line to foo2zjs/printer-profile.sh: ARGYLL_VER=1.6.3 +ARGYLL_VER=2.1.1 ARGYLL_ROOT=$HOME/src/Argyll_V${ARGYLL_VER} * gnu/packages/cups.scm (foo2zjs)[source]: Update sha256. Tobias Geerinckx-Rice 2019-04-23Merge branch 'master' into stagingMarius Bakke 2019-04-22gnu: foo2zjs: Update to 20190413....* gnu/packages/cups.scm (foo2zjs): Update to 20190413. Tobias Geerinckx-Rice 2019-04-01gnu: cups-filters: Update to 1.22.3....* gnu/packages/cups.scm (cups-filters): Update to 1.22.3. Marius Bakke