media-sound/vimpc: add tests note; fix -Wformat-security; sync live

Signed-off-by: Sam James <sam@gentoo.org>
author: Sam James <sam@gentoo.org> 2023-05-12 03:37:04 +0100
committer: Sam James <sam@gentoo.org> 2023-05-12 03:55:39 +0100
commit: 5866f0c6aba60050dff8c51d89ec800ebaf3290c (patch)
tree: e6604993e50fcaa4d8614d43f82833c8494cb924 /media-sound/vimpc/files
parent: media-sound/mpdscribble: wire up (restricted) tests (diff)
download: gentoo-5866f0c6aba60050dff8c51d89ec800ebaf3290c.tar.gz
gentoo-5866f0c6aba60050dff8c51d89ec800ebaf3290c.tar.bz2
gentoo-5866f0c6aba60050dff8c51d89ec800ebaf3290c.zip
1 files changed, 103 insertions, 0 deletions
diff --git a/media-sound/vimpc/files/vimpc-0.09.2-wformat-security.patch b/media-sound/vimpc/files/vimpc-0.09.2-wformat-security.patch
new file mode 100644
index 000000000000..2d8c09e416e5
--- /dev/null
+++ b/media-sound/vimpc/files/vimpc-0.09.2-wformat-security.patch
@@ -0,0 +1,103 @@
+https://github.com/boysetsfrog/vimpc/commit/055ecdce0720fdfc9ec2528c520b6c33da36271b
+
+From 055ecdce0720fdfc9ec2528c520b6c33da36271b Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <slyich@gmail.com>
+Date: Wed, 3 Nov 2021 08:25:58 +0000
+Subject: [PATCH] vimpc: always use "%s"-style format for printf()-style
+ functions
+
+`ncuses-6.3` added printf-style function attributes and now makes
+it easier to catch cases when user input is used in palce of format
+string when built with CFLAGS=-Werror=format-security:
+
+    src/window/listwindow.cpp:120:16:
+      error: format not a string literal and no format arguments [-Werror=format-security]
+      120 |       mvwprintw(window, line, 0, BlankLine.c_str());
+          |       ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Let's wrap all the missing places with "%s" format.
+--- a/src/screen.cpp
++++ b/src/screen.cpp
+@@ -1489,7 +1489,7 @@ void Screen::ClearStatus() const
+       wattron(statusWindow_, A_REVERSE);
+    }
+ 
+-   mvwprintw(statusWindow_, 0, 0, BlankLine.c_str());
++   mvwprintw(statusWindow_, 0, 0, "%s", BlankLine.c_str());
+ 
+    if (settings_.Get(Setting::ColourEnabled) == true)
+    {
+@@ -1516,7 +1516,7 @@ void Screen::UpdateTabWindow() const
+       wattron(tabWindow_, COLOR_PAIR(settings_.colours.TabWindow));
+    }
+ 
+-   mvwprintw(tabWindow_, 0, 0, BlankLine.c_str());
++   mvwprintw(tabWindow_, 0, 0, "%s", BlankLine.c_str());
+    wmove(tabWindow_, 0, 0);
+ 
+    std::string name   = "";
+--- a/src/window/directorywindow.cpp
++++ b/src/window/directorywindow.cpp
+@@ -220,8 +220,8 @@ void DirectoryWindow::Print(uint32_t line) const
+ 
+       wattron(window, A_BOLD);
+       std::string const Directory = "/" + directory_.CurrentDirectory();
+-      mvwprintw(window, line, 0, BlankLine.c_str());
+-      mvwprintw(window, line, 1, Directory.c_str());
++      mvwprintw(window, line, 0, "%s", BlankLine.c_str());
++      mvwprintw(window, line, 1, "%s", Directory.c_str());
+       wattroff(window, A_BOLD);
+ 
+       if (settings_.Get(Setting::ColourEnabled) == true)
+@@ -250,7 +250,7 @@ void DirectoryWindow::Print(uint32_t line) const
+             wattron(window, A_REVERSE);
+          }
+ 
+-         mvwprintw(window, line, 0, BlankLine.c_str());
++         mvwprintw(window, line, 0, "%s", BlankLine.c_str());
+ 
+          uint8_t expandCol = 1;
+ 
+@@ -276,7 +276,7 @@ void DirectoryWindow::Print(uint32_t line) const
+       }
+       else
+       {
+-         mvwprintw(window, line, 0, BlankLine.c_str());
++         mvwprintw(window, line, 0, "%s", BlankLine.c_str());
+       }
+    }
+ }
+--- a/src/window/help.cpp
++++ b/src/window/help.cpp
+@@ -64,7 +64,7 @@ void HelpWindow::Print(uint32_t line) const
+    WINDOW * window = N_WINDOW();
+ 
+    std::string const BlankLine(Columns(), ' ');
+-   mvwprintw(window, line, 0, BlankLine.c_str());
++   mvwprintw(window, line, 0, "%s", BlankLine.c_str());
+    wmove(window, line, 0);
+ 
+    if ((FirstLine() + line) < help_.Size())
+--- a/src/window/listwindow.cpp
++++ b/src/window/listwindow.cpp
+@@ -117,7 +117,7 @@ void ListWindow::Print(uint32_t line) const
+    else
+    {
+       std::string const BlankLine(Columns(), ' ');
+-      mvwprintw(window, line, 0, BlankLine.c_str());
++      mvwprintw(window, line, 0, "%s", BlankLine.c_str());
+    }
+ #else
+    SelectWindow::Print(line);
+--- a/src/window/lyricswindow.cpp
++++ b/src/window/lyricswindow.cpp
+@@ -61,7 +61,7 @@ void LyricsWindow::Print(uint32_t line) const
+    WINDOW * window = N_WINDOW();
+ 
+    std::string const BlankLine(Columns(), ' ');
+-   mvwprintw(window, line, 0, BlankLine.c_str());
++   mvwprintw(window, line, 0, "%s", BlankLine.c_str());
+    wmove(window, line, 0);
+ 
+    if ((FirstLine() == 0) && (line == 0))
+
author	Sam James <sam@gentoo.org>	2023-05-12 03:37:04 +0100
committer	Sam James <sam@gentoo.org>	2023-05-12 03:55:39 +0100
commit	5866f0c6aba60050dff8c51d89ec800ebaf3290c (patch)
tree	e6604993e50fcaa4d8614d43f82833c8494cb924 /media-sound/vimpc/files
parent	media-sound/mpdscribble: wire up (restricted) tests (diff)
download	gentoo-5866f0c6aba60050dff8c51d89ec800ebaf3290c.tar.gz gentoo-5866f0c6aba60050dff8c51d89ec800ebaf3290c.tar.bz2 gentoo-5866f0c6aba60050dff8c51d89ec800ebaf3290c.zip