From 56e8974ead862577d526a9e17918d3de3957b8ec Mon Sep 17 00:00:00 2001
From: Andrew Price <anprice@redhat.com>
Date: Jun 23 2022 14:41:47 +0000
Subject: * Thu Jun 23 2022 Andrew Price <anprice@redhat.com> - 3.4.1-4

- gfs2/edit: always use "%s"-style format for printf()-style functions
- Custom patch to fix a printw() call missed by the above
  Fixes a build failure due to format-security warnings being treated as errors

---

diff --git a/0-gfs2_edit_always_use_s_style_format_for_printf_style_functions.patch b/0-gfs2_edit_always_use_s_style_format_for_printf_style_functions.patch
new file mode 100644
index 0000000..1c5d7d7
--- /dev/null
+++ b/0-gfs2_edit_always_use_s_style_format_for_printf_style_functions.patch
@@ -0,0 +1,33 @@
+commit 17fb470356a6d55988f05ac70f06b382ef982604
+Author: Sergei Trofimovich <slyich@gmail.com>
+Date:   Sun Nov 7 09:00:31 2021 +0000
+
+    gfs2/edit: always use "%s"-style format for printf()-style functions
+    
+    `ncurses-6.3` added printf-style function attributes and now makes
+    it easier to catch cases when user input is used in place of format
+    string when built with CFLAGS=-Werror=format-security:
+    
+        hexedit.c:227:9: error: format not a string literal and no format arguments [-Werror=format-security]
+          227 |         printw(s2);
+              |         ^~~~~~
+    
+    Let's wrap all the missing places with "%s" format.
+
+diff --git a/gfs2/edit/hexedit.c b/gfs2/edit/hexedit.c
+index 798639b5..88ee3e5f 100644
+--- a/gfs2/edit/hexedit.c
++++ b/gfs2/edit/hexedit.c
+@@ -221,10 +221,10 @@ static void gfs2instr(const char *s1, const char *s2)
+ {
+ 	COLORS_HIGHLIGHT;
+ 	move(line,0);
+-	printw(s1);
++	printw("%s", s1);
+ 	COLORS_NORMAL;
+ 	move(line,17);
+-	printw(s2);
++	printw("%s", s2);
+ 	line++;
+ }
+ 
diff --git a/1-fix-missed-printw.patch b/1-fix-missed-printw.patch
new file mode 100644
index 0000000..be4c2d7
--- /dev/null
+++ b/1-fix-missed-printw.patch
@@ -0,0 +1,12 @@
+diff -urN gfs2-utils-3.4.1.old/gfs2/edit/gfs2hex.c gfs2-utils-3.4.1/gfs2/edit/gfs2hex.c
+--- gfs2-utils-3.4.1.old/gfs2/edit/gfs2hex.c	2022-06-23 15:28:41.957428587 +0100
++++ gfs2-utils-3.4.1/gfs2/edit/gfs2hex.c	2022-06-23 15:29:38.013944443 +0100
+@@ -374,7 +374,7 @@
+ 	if (termlines) {
+ 		check_highlight(TRUE);
+ 		move(line,2);
+-		printw(title);
++		printw("%s", title);
+ 		check_highlight(FALSE);
+ 	}
+ 	else
diff --git a/gfs2-utils.spec b/gfs2-utils.spec
index e79c924..d0bcb5c 100644
--- a/gfs2-utils.spec
+++ b/gfs2-utils.spec
@@ -1,6 +1,6 @@
 Name: gfs2-utils
 Version: 3.4.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+ and LGPLv2+
 Summary: Utilities for managing the global file system (GFS2)
 %ifnarch %{arm}
@@ -21,6 +21,8 @@ BuildRequires: bzip2-devel
 BuildRequires: make
 Source: https://releases.pagure.org/gfs2-utils/gfs2-utils-%{version}.tar.gz
 URL: https://pagure.io/gfs2-utils
+Patch: 0-gfs2_edit_always_use_s_style_format_for_printf_style_functions.patch
+Patch: 1-fix-missed-printw.patch
 
 %prep
 %autosetup -p1
@@ -63,6 +65,11 @@ modifying, and correcting inconsistencies in GFS2 file systems.
 %{_prefix}/lib/udev/rules.d/82-gfs2-withdraw.rules
 
 %changelog
+* Thu Jun 23 2022 Andrew Price <anprice@redhat.com> - 3.4.1-4
+- gfs2/edit: always use "%s"-style format for printf()-style functions
+- Custom patch to fix a printw() call missed by the above
+  Fixes a build failure due to format-security warnings being treated as errors
+
 * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild