OSDN > Developer > hmatrjp > Chamber > dia > Commit

dia_improved
Fork

R/O
HTTP
SSH
HTTPS

Commit

Commit MetaInfo

Revision	fb847973b3aa66fb15796f44575c754afa62628c (tree)
Time	2006-05-27 05:54:32
Author	Lars Clausen <lclausen@src....>
Commiter	Lars Clausen

Log Message

0.95-1 release: Security fixes, ungroup, ...

Change Summary

modified: ChangeLog (diff)
modified: NEWS (diff)
modified: RELEASE-PROCESS (diff)
modified: app/app_procs.c (diff)
modified: app/display.c (diff)
modified: app/filedlg.c (diff)
modified: app/interface.c (diff)
modified: app/load_save.c (diff)
modified: app/sheets.c (diff)
modified: config.h.win32 (diff)
modified: configure.in (diff)
modified: doc/en/dia.xml (diff)
modified: doc/eu/dia.xml (diff)
modified: doc/pl/dia.xml (diff)
modified: lib/dia_image.c (diff)
modified: lib/message.c (diff)
modified: plug-ins/python/diamodule.c (diff)
modified: plug-ins/python/pydia-error.c (diff)
modified: plug-ins/wmf/wmf.cpp (diff)

Incremental Difference

--- a/ChangeLog

+++ b/ChangeLog

		@@ -1,3 +1,24 @@
	1	+2006-05-26 Lars Clausen <lars@raeder.dk>
	2	+
	3	+ * RELEASE-PROCESS:
	4	+ * doc/{en,pl,eu}/dia.xml:
	5	+ * config.h.win32:
	6	+ * configure.in:
	7	+ Update to version 0.95-1.
	8	+
	9	+ * app/app_procs.c:
	10	+ * app/filedlg.c
	11	+ * app/display.c:
	12	+ * app/interface.c:
	13	+ * app/load_save.c:
	14	+ * app/sheets.c:
	15	+ * lib/dia_image.c:
	16	+ * lib/message.c:
	17	+ * plug-ins/python/pydia-error.c:
	18	+ * plug-ins/python/diamodule.c:
	19	+ * plug-ins/wmf/wmf.cpp: Patch from Hans de Goede: Fix bug #342111,
	20	+ security vulnerabilities from string format errors.
	21	+
1	22	2006-05-21 Hans Breuer <hans@breuer.org>
2	23
3	24	* app/pagesetup.c app/diapagelayout.c : restrict every page margin

--- a/NEWS

+++ b/NEWS

		@@ -1,3 +1,8 @@
	1	+dia-0.95-1: 25-May-2006
	2	+
	3	+* Fix of bug #339562 (page margins restriction), #338336 ("query" in
	4	+ umloperation_offsets), and #334771 (ungroup crashes)
	5	+
1	6	dia-0.95: 19-Apr-2006
2	7
3	8	* Update of Gane/Sarson sheets.

--- a/RELEASE-PROCESS

+++ b/RELEASE-PROCESS

		@@ -102,7 +102,7 @@ How to make a tarball
102	102
103	103	Script to update version:
104	104
105		-find . -name configure.in -o -name config.h.win32 -o -name dia.xml \| xargs sed -i 's/0\.95-pre[0-9]*/0.95-pre5/;'
	105	+find . -name configure.in -o -name config.h.win32 -o -name dia.xml \| xargs sed -i 's/0\.95*/0.95-1/;'
106	106
107	107	Issues to solve
108	108	---------------

--- a/app/app_procs.c

+++ b/app/app_procs.c

		@@ -1175,7 +1175,7 @@ process_opts(int argc, char **argv,
1175	1175	# endif
1176	1176	if (!g_option_context_parse (context, &argc, &argv, &error)) {
1177	1177	if (error) { /* IMO !error here is a bug upstream, triggered with --gdk-debug=updates */
1178		- g_print (error->message);
	1178	+ g_print ("%s", error->message);
1179	1179	g_error_free (error);
1180	1180	} else {
1181	1181	g_print ("Invalid option?");

		@@ -1273,22 +1273,22 @@ print_credits(gboolean credits)
1273	1273
1274	1274	g_print(_("The original author of Dia was:\n\n"));
1275	1275	for (i = 0; i < NUMBER_OF_ORIG_AUTHORS; i++) {
1276		- g_print(authors[i]); g_print("\n");
	1276	+ g_print("%s\n", authors[i]);
1277	1277	}
1278	1278
1279	1279	g_print(_("\nThe current maintainers of Dia are:\n\n"));
1280	1280	for (i = NUMBER_OF_ORIG_AUTHORS; i < NUMBER_OF_ORIG_AUTHORS + NUMBER_OF_MAINTAINERS; i++) {
1281		- g_print(authors[i]); g_print("\n");
	1281	+ g_print("%s\n", authors[i]);
1282	1282	}
1283	1283
1284	1284	g_print(_("\nOther authors are:\n\n"));
1285	1285	for (i = NUMBER_OF_ORIG_AUTHORS + NUMBER_OF_MAINTAINERS; i < nauthors; i++) {
1286		- g_print(authors[i]); g_print("\n");
	1286	+ g_print("%s\n", authors[i]);
1287	1287	}
1288	1288
1289	1289	g_print(_("\nDia is documented by:\n\n"));
1290	1290	for (i = 0; i < ndocumentors; i++) {
1291		- g_print(documentors[i]); g_print("\n");
	1291	+ g_print("%s\n", documentors[i]);
1292	1292	}
1293	1293
1294	1294	exit(0);

--- a/app/display.c

+++ b/app/display.c

		@@ -1119,7 +1119,6 @@ ddisplay_close(DDisplay *ddisp)
1119	1119	Diagram *dia;
1120	1120	GtkWidget dialog, button;
1121	1121	gchar *fname;
1122		- gchar *msg;
1123	1122
1124	1123	g_return_if_fail(ddisp != NULL);
1125	1124

		@@ -1134,10 +1133,6 @@ ddisplay_close(DDisplay *ddisp)
1134	1133	fname = dia->filename;
1135	1134	if (!fname)
1136	1135	fname = _("<unnamed>");
1137		- msg = g_strdup_printf (
1138		- _("The diagram '%s'\n"
1139		- "has not been saved. Save changes now?"),
1140		- fname);
1141	1136
1142	1137	dialog = gtk_message_dialog_new(GTK_WINDOW (ddisp->shell),
1143	1138	GTK_DIALOG_MODAL,

		@@ -1145,8 +1140,9 @@ ddisplay_close(DDisplay *ddisp)
1145	1140	GTK_BUTTONS_NONE, /* no standard buttons */
1146	1141	_("Closing diagram without saving"),
1147	1142	NULL);
1148		- gtk_message_dialog_format_secondary_text(GTK_MESSAGE_DIALOG(dialog), msg);
1149		- g_free (msg);
	1143	+ gtk_message_dialog_format_secondary_text(GTK_MESSAGE_DIALOG(dialog),
	1144	+ _("The diagram '%s'\n"
	1145	+ "has not been saved. Save changes now?"), fname);
1150	1146	gtk_window_set_title (GTK_WINDOW(dialog), _("Close Diagram"));
1151	1147
1152	1148	button = gtk_button_new_from_stock (GTK_STOCK_CANCEL);

--- a/app/filedlg.c

+++ b/app/filedlg.c

		@@ -299,7 +299,6 @@ file_save_as_response_callback(GtkWidget *fs,
299	299
300	300	if (stat(filename, &stat_struct) == 0) {
301	301	GtkWidget *dialog = NULL;
302		- char buffer[300];
303	302	char *utf8filename = NULL;
304	303	if (!g_utf8_validate(filename, -1, NULL)) {
305	304	utf8filename = g_filename_to_utf8(filename, -1, NULL, NULL, NULL);

		@@ -310,16 +309,15 @@ file_save_as_response_callback(GtkWidget *fs,
310	309	}
311	310	if (utf8filename == NULL) utf8filename = g_strdup(filename);
312	311
313		- g_snprintf(buffer, 300,
314		- _("The file '%s' already exists.\n"
315		- "Do you want to overwrite it?"), utf8filename);
316		- g_free(utf8filename);
317	312
318	313	dialog = gtk_message_dialog_new (GTK_WINDOW(fs),
319	314	GTK_DIALOG_MODAL, GTK_MESSAGE_QUESTION,
320	315	GTK_BUTTONS_YES_NO,
321	316	_("File already exists"));
322		- gtk_message_dialog_format_secondary_text(GTK_MESSAGE_DIALOG(dialog), buffer);
	317	+ gtk_message_dialog_format_secondary_text(GTK_MESSAGE_DIALOG(dialog),
	318	+ _("The file '%s' already exists.\n"
	319	+ "Do you want to overwrite it?"), utf8filename);
	320	+ g_free(utf8filename);
323	321	gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_YES);
324	322
325	323	if (gtk_dialog_run (GTK_DIALOG (dialog)) != GTK_RESPONSE_YES) {

		@@ -552,17 +550,15 @@ file_export_response_callback(GtkWidget *fs,
552	550
553	551	if (stat(filename, &statbuf) == 0) {
554	552	GtkWidget *dialog = NULL;
555		- char buffer[300];
556	553
557		- g_snprintf(buffer, 300,
558		- _("The file '%s' already exists.\n"
559		- "Do you want to overwrite it?"), dia_message_filename(filename));
560	554	dialog = gtk_message_dialog_new (GTK_WINDOW(fs),
561	555	GTK_DIALOG_MODAL \| GTK_DIALOG_DESTROY_WITH_PARENT,
562	556	GTK_MESSAGE_QUESTION,
563	557	GTK_BUTTONS_YES_NO,
564	558	_("File already exists"));
565		- gtk_message_dialog_format_secondary_text(GTK_MESSAGE_DIALOG(dialog), buffer);
	559	+ gtk_message_dialog_format_secondary_text(GTK_MESSAGE_DIALOG(dialog),
	560	+ _("The file '%s' already exists.\n"
	561	+ "Do you want to overwrite it?"), dia_message_filename(filename));
566	562	gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_YES);
567	563
568	564	if (gtk_dialog_run (GTK_DIALOG (dialog)) != GTK_RESPONSE_YES) {

--- a/app/interface.c

+++ b/app/interface.c

		@@ -902,7 +902,7 @@ sheet_menu_callback(DiaDynamicMenu menu, const gchar string, void *user_data)
902	902	{
903	903	Sheet *sheet = get_sheet_by_name(string);
904	904	if (sheet == NULL) {
905		- message_warning(g_strdup_printf(_("No sheet named %s"), string));
	905	+ message_warning(_("No sheet named %s"), string);
906	906	} else {
907	907	persistence_set_string("last-sheet-selected", string);
908	908	fill_sheet_wbox(sheet);

--- a/app/load_save.c

+++ b/app/load_save.c

		@@ -200,7 +200,7 @@ read_objects(xmlNodePtr objects,
200	200	g_hash_table_foreach(unknown_hash,
201	201	GHFuncUnknownObjects,
202	202	unknown_str);
203		- message_error(unknown_str->str);
	203	+ message_error("%s", unknown_str->str);
204	204	}
205	205	g_hash_table_destroy(unknown_hash);
206	206	g_string_free(unknown_str, TRUE);

--- a/app/sheets.c

+++ b/app/sheets.c

		@@ -340,7 +340,7 @@ create_object_pixmap(SheetObject so, GtkWidget parent,
340	340	gdk_pixbuf_render_pixmap_and_mask(pixbuf, pixmap, mask, 1.0);
341	341	gdk_pixbuf_unref(pixbuf);
342	342	} else {
343		- message_warning (error->message);
	343	+ message_warning ("%s", error->message);
344	344	g_error_free (error);
345	345	*pixmap = gdk_pixmap_colormap_create_from_xpm_d
346	346	(NULL,

--- a/config.h.win32

+++ b/config.h.win32

		@@ -18,7 +18,7 @@
18	18	#undef LOCALEDIR /* needs to be calculated at runtime */
19	19	/* NOT: #define LOCALEDIR "../lib/locale" */
20	20
21		-#define VERSION "0.95"
	21	+#define VERSION "0.95-1"
22	22
23	23	/*
24	24	* We are linking libxml as DLL with either msvc or mingw, but this

--- a/configure.in

+++ b/configure.in

		@@ -1,6 +1,6 @@
1	1	dnl Process this -- autoconf -- file with autoconf to produce a
2	2	dnl configure script.
3		-AC_INIT(dia, 0.95, http://bugzilla.gnome.org/enter_bug.cgi?product=dia)
	3	+AC_INIT(dia, 0.95-1, http://bugzilla.gnome.org/enter_bug.cgi?product=dia)
4	4	AC_CONFIG_SRCDIR(app/diagram.c)
5	5	AM_INIT_AUTOMAKE(AC_PACKAGE_NAME,AC_PACKAGE_VERSION)
6	6

		@@ -67,10 +67,10 @@ if test "$have_pangoft2" = "true"; then
67	67	have_freetype=false
68	68	AC_CHECK_LIB(freetype,FT_Init_FreeType,have_freetype=true,have_freetype=false,`freetype-config --libs`)
69	69	if test "$have_freetype" = "true"; then
70		- dnl Need 2.0.9, as a bug was fixed for us there.
	70	+ dnl Need 2.0.95-1, as a bug was fixed for us there.
71	71	dnl However, freetype-config doesn't give a meaningful version, so we must
72	72	dnl do it like this.
73		- AC_MSG_CHECKING([if FreeType version is 2.0.9 or higher])
	73	+ AC_MSG_CHECKING([if FreeType version is 2.0.95-1 or higher])
74	74	old_CPPFLAGS="$CPPFLAGS"
75	75	CPPFLAGS="$CPPFLAGS `freetype-config --cflags`"
76	76	AC_TRY_CPP([#include <ft2build.h>

		@@ -87,7 +87,7 @@ if test "$have_pangoft2" = "true"; then
87	87	GTK_MODULES="$GTK_MODULES pangoft2"
88	88	AC_DEFINE(HAVE_FREETYPE,1,[Define if you have the FreeType2 library])]
89	89	,
90		- [AC_MSG_ERROR([Need FreeType library version 2.0.9 or higher])])
	90	+ [AC_MSG_ERROR([Need FreeType library version 2.0.95-1 or higher])])
91	91	CPPFLAGS="$old_CPPFLAGS"
92	92	else
93	93	AC_MSG_ERROR(Can't find FreeType library)

--- a/doc/en/dia.xml

+++ b/doc/en/dia.xml

		@@ -8,7 +8,7 @@
8	8
9	9	[
10	10
11		- <!ENTITY VERSION "0.95">
	11	+ <!ENTITY VERSION "0.95-1">
12	12
13	13	<!ENTITY INTRODUCTION SYSTEM "intro.xml">
14	14

--- a/doc/eu/dia.xml

+++ b/doc/eu/dia.xml

		@@ -4,7 +4,7 @@
4	4
5	5	<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "../../dtd/docbookx.dtd" [
6	6
7		- <!ENTITY VERSION "0.95">
	7	+ <!ENTITY VERSION "0.95-1">
8	8
9	9	<!ENTITY INTRODUCTION SYSTEM "intro.xml">
10	10

--- a/doc/pl/dia.xml

+++ b/doc/pl/dia.xml

		@@ -1,7 +1,7 @@
1	1	<?xml version="1.0" encoding="iso-8859-1"?>
2	2
3	3	<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "../../dtd/docbookx.dtd"[
4		-<!ENTITY VERSION "0.95">
	4	+<!ENTITY VERSION "0.95-1">
5	5	<!ENTITY INTRODUCTION SYSTEM "intro.xml">
6	6	<!ENTITY QUICKSTART SYSTEM "usage-quickstart.xml">
7	7	<!ENTITY CANVAS SYSTEM "usage-canvas.xml">

--- a/lib/dia_image.c

+++ b/lib/dia_image.c

		@@ -92,7 +92,7 @@ dia_image_load(gchar *filename)
92	92	* only if there is something else wrong while loading it.
93	93	*/
94	94	if (g_file_test(filename, G_FILE_TEST_EXISTS))
95		- g_warning (error->message);
	95	+ g_warning ("%s", error->message);
96	96	g_error_free (error);
97	97	return NULL;
98	98	}

--- a/lib/message.c

+++ b/lib/message.c

		@@ -86,7 +86,7 @@ message_create_dialog(const gchar title, DiaMessageInfo msginfo, gchar *buf)
86	86	0, /* GtkDialogFlags */
87	87	type,
88	88	GTK_BUTTONS_CLOSE,
89		- buf);
	89	+ "%s", buf);
90	90	if (title) {
91	91	gchar *real_title;
92	92

--- a/plug-ins/python/diamodule.c

+++ b/plug-ins/python/diamodule.c

		@@ -393,11 +393,11 @@ PyDia_Message (PyObject self, PyObject args)
393	393	return NULL;
394	394
395	395	if (0 == type)
396		- message_notice (text);
	396	+ message_notice ("%s", text);
397	397	else if (1 == type)
398		- message_warning (text);
	398	+ message_warning ("%s", text);
399	399	else
400		- message_error (text);
	400	+ message_error ("%s", text);
401	401
402	402	Py_INCREF(Py_None);
403	403	return Py_None;

--- a/plug-ins/python/pydia-error.c

+++ b/plug-ins/python/pydia-error.c

		@@ -46,7 +46,7 @@ _pyerror_report_last (gboolean popup, const char* fn, const char* file, int line
46	46	PyFile_WriteObject (v, ef, 0);
47	47	PyTraceBack_Print(tb, ef);
48	48	if (((PyDiaError*)ef)->str && popup)
49		- message_error (((PyDiaError*)ef)->str->str);
	49	+ message_error ("%s", ((PyDiaError*)ef)->str->str);
50	50	g_free (sLoc);
51	51	Py_DECREF (ef);
52	52	Py_XDECREF(exc);

--- a/plug-ins/wmf/wmf.cpp

+++ b/plug-ins/wmf/wmf.cpp

		@@ -223,7 +223,7 @@ my_log(WmfRenderer* renderer, char* format, ...)
223	223	va_end (args);
224	224
225	225	//fprintf(renderer->file, string);
226		- g_print(string);
	226	+ g_print("%s", string);
227	227
228	228	g_free(string);
229	229	}

dia_improved Fork