Your message dated Sun, 24 Jun 2012 11:17:11 +0000 with message-id <[email protected]> and subject line Bug#653539: fixed in capi4hylafax 1:01.03.00.99.svn.300-17 has caused the Debian Bug report #653539, regarding Please enable hardened build flags to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 653539: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653539 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: capi4hylafax Severity: important Tags: patch capi-harden.patch enables hardened build flags through dpkg-buildflags. capi-format.patch, capi-format2.patch, capi-format3.patch and capi-format4.patch fix various code bits to be compatible with -Wformat-security Cheers, Moritzdiff -aur capi4hylafax-01.03.00.99.svn.300.orig/debian/rules capi4hylafax-01.03.00.99.svn.300/debian/rules --- capi4hylafax-01.03.00.99.svn.300.orig/debian/rules 2011-12-29 07:04:55.000000000 +0100 +++ capi4hylafax-01.03.00.99.svn.300/debian/rules 2011-12-29 07:06:23.000000000 +0100 @@ -5,13 +5,6 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 -ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) - CXXFLAGS += -O0 -else - CXXFLAGS += -O3 -endif -#The "nostrip" option of DEB_BUILD_OPTIONS is automatically implemented by dh_strip - ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) MAKEFLAGS += -j$(NUMJOBS) @@ -33,7 +26,7 @@ build: build-stamp build-stamp: dh_testdir - CXXFLAGS="$(CXXFLAGS)" ./configure $(confflags) --prefix=/usr --with-hylafax-spooldir=/var/spool/hylafax + ./configure $(confflags) $(shell dpkg-buildflags --export=configure) --prefix=/usr --with-hylafax-spooldir=/var/spool/hylafax $(MAKE) touch build-stampdiff -aur capi4hylafax-01.03.00.99.svn.300.orig/src/faxrecv/faxrecv.cpp capi4hylafax-01.03.00.99.svn.300/src/faxrecv/faxrecv.cpp --- capi4hylafax-01.03.00.99.svn.300.orig/src/faxrecv/faxrecv.cpp 2011-12-29 07:08:45.000000000 +0100 +++ capi4hylafax-01.03.00.99.svn.300/src/faxrecv/faxrecv.cpp 2011-12-29 07:09:56.000000000 +0100 @@ -443,7 +443,7 @@ sprintf (timebuf + strlen(timebuf), ".%02lu: [%5d]: ", tv.tv_usec / 10000, getpid()); if (hJobFile) { - fprintf (hJobFile, timebuf); + fprintf (hJobFile, "%s", timebuf); vfprintf (hJobFile, text, params); va_end (params); va_start (params, text); Nur in capi4hylafax-01.03.00.99.svn.300/src/faxrecv: faxrecv.cpp~.diff -aur capi4hylafax-01.03.00.99.svn.300.orig/src/faxrecv/recvmain.cpp capi4hylafax-01.03.00.99.svn.300/src/faxrecv/recvmain.cpp --- capi4hylafax-01.03.00.99.svn.300.orig/src/faxrecv/recvmain.cpp 2006-08-15 11:13:33.000000000 +0200 +++ capi4hylafax-01.03.00.99.svn.300/src/faxrecv/recvmain.cpp 2011-12-29 07:15:01.000000000 +0100 @@ -136,10 +136,10 @@ } if (hLogFile) { - fprintf (hLogFile, timebuf); + fprintf (hLogFile, "%s", timebuf); fprintf (hLogFile, "%s - ", RecvProgName.GetPointer()); if (statusText) { - fprintf (hLogFile, statusText); + fprintf (hLogFile, "%s", statusText); } va_copy(lparams, params); vfprintf (hLogFile, text, lparams); @@ -152,7 +152,7 @@ char errortext[MAX_STRING_SIZE]; vsnprintf (errortext, MAX_STRING_SIZE, text, params); openlog (DEFAULT_RECVPROG_NAME, LOG_PERROR, 0); - syslog (priority, errortext); + syslog (priority, "%s", errortext); closelog(); } } Nur in capi4hylafax-01.03.00.99.svn.300/src/faxrecv: recvmain.cpp~.diff -aur capi4hylafax-01.03.00.99.svn.300.orig/src/faxsend/faxsend.cpp capi4hylafax-01.03.00.99.svn.300/src/faxsend/faxsend.cpp --- capi4hylafax-01.03.00.99.svn.300.orig/src/faxsend/faxsend.cpp 2011-12-29 07:08:45.000000000 +0100 +++ capi4hylafax-01.03.00.99.svn.300/src/faxsend/faxsend.cpp 2011-12-29 07:18:49.000000000 +0100 @@ -703,7 +703,7 @@ sprintf (timebuf + strlen(timebuf), ".%02lu: [%5d]: ", tv.tv_usec / 10000, getpid()); if (hJobFile) { - fprintf (hJobFile, timebuf); + fprintf (hJobFile, "%s", timebuf); vfprintf (hJobFile, text, params); va_end (params); va_start (params, text); @@ -742,10 +742,10 @@ } if (hLogFile) { - fprintf (hLogFile, timebuf); + fprintf (hLogFile, "%s", timebuf); fprintf (hLogFile, DEFAULT_SENDPROG_NAME " - "); if (statusText) { - fprintf (hLogFile, statusText); + fprintf (hLogFile, "%s", statusText); } vfprintf (hLogFile, text, params); va_end (params); @@ -756,7 +756,7 @@ char errortext[MAX_STRING_SIZE]; vsnprintf (errortext, MAX_STRING_SIZE, text, params); openlog (DEFAULT_SENDPROG_NAME, LOG_PERROR, 0); - syslog (priority, errortext); + syslog (priority, "%s", errortext); closelog(); } va_end (params); Nur in capi4hylafax-01.03.00.99.svn.300/src/faxsend: faxsend.cpp~.diff -aur capi4hylafax-01.03.00.99.svn.300.orig/src/faxsend/sendmain.cpp capi4hylafax-01.03.00.99.svn.300/src/faxsend/sendmain.cpp --- capi4hylafax-01.03.00.99.svn.300.orig/src/faxsend/sendmain.cpp 2011-12-29 07:08:45.000000000 +0100 +++ capi4hylafax-01.03.00.99.svn.300/src/faxsend/sendmain.cpp 2011-12-29 07:21:07.000000000 +0100 @@ -175,7 +175,7 @@ ftruncate (fileno (qf), 0); while (textQ.Get (&ne) == vTrue) { dassert (ne != 0); - fprintf (qf, ne); + fprintf (qf, "%s", ne); delete [] ne; } fclose (qf); Nur in capi4hylafax-01.03.00.99.svn.300/src/faxsend: sendmain.cpp~.
--- End Message ---
--- Begin Message ---Source: capi4hylafax Source-Version: 1:01.03.00.99.svn.300-17 We believe that the bug you reported is fixed in the latest version of capi4hylafax, which is due to be installed in the Debian FTP archive: capi4hylafax_01.03.00.99.svn.300-17.debian.tar.gz to main/c/capi4hylafax/capi4hylafax_01.03.00.99.svn.300-17.debian.tar.gz capi4hylafax_01.03.00.99.svn.300-17.dsc to main/c/capi4hylafax/capi4hylafax_01.03.00.99.svn.300-17.dsc capi4hylafax_01.03.00.99.svn.300-17_amd64.deb to main/c/capi4hylafax/capi4hylafax_01.03.00.99.svn.300-17_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Joachim Wiedorn <[email protected]> (supplier of updated capi4hylafax package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 17 Jun 2012 16:36:13 +0200 Source: capi4hylafax Binary: capi4hylafax Architecture: source amd64 Version: 1:01.03.00.99.svn.300-17 Distribution: unstable Urgency: medium Maintainer: Joachim Wiedorn <[email protected]> Changed-By: Joachim Wiedorn <[email protected]> Description: capi4hylafax - Faxing over CAPI 2.0 device Closes: 647164 653539 Changes: capi4hylafax (1:01.03.00.99.svn.300-17) unstable; urgency=medium . * New maintainer (adopted). * Move to source formate 3.0 (quilt). * Generate explicit patches of old source changes. * Fix configure.in to work with newer automake/autoconf. * Optimize some fprintf params (thanks to M. Muehlhoff). * Fix datatype issue: use __WORDSIZE for checking 64 bit arch. * debian/control: - Bump to Standards-Version 3.9.3. - Move to build dependency debhelper (>= 8). - Move to build dependency libtiff-dev. - Remove old versions in dependencies. - Remove old conflicts field. - Add recommended targets build-arch and build-indep. - Enable hardenend build flags. Closes: #653539 - Add Vcs fields to new git repository. . * Update postrm, preinst, prerm scripts. Remove old version checks. * Add udev rules file for creating /dev/faxCAPI symlink. * Move default logfile to /var/log/hylafax directory. * Add logrotate configuration for logfile. Closes: #647164 * Rename to filename capi4hylafax.init, move LSB INIT INFO to header and optimize dependencies in the header. * Fix small typo in manpage c2faxsend.1. * Update all automake/autoconf files (autoreconf). * Fix spelling errors in sources. * Add doc-base registration file with hints about documentation. * Rewrite copyright file (DEP-5 standard). * Add small manpage for faxsend script. Checksums-Sha1: 871b61ba4c06ee0dc72e10268fb13bb45158b2c1 1337 capi4hylafax_01.03.00.99.svn.300-17.dsc ed4d5f52dd284476920ac9af566a1e2ee705db4d 544639 capi4hylafax_01.03.00.99.svn.300-17.debian.tar.gz 420d132a2bd284246d574bc2404c7bd1051fd906 236218 capi4hylafax_01.03.00.99.svn.300-17_amd64.deb Checksums-Sha256: 51d1624bab865a55bddb505132a0aa0a44d5f078d224d8f303244b5033261265 1337 capi4hylafax_01.03.00.99.svn.300-17.dsc 8d068fab0eae6933a456319133e00c31dd170c2086cc6bb5cf37d66c5e3d4497 544639 capi4hylafax_01.03.00.99.svn.300-17.debian.tar.gz 429f6ac2d7aacc2fbe015a8ff870bd73dac4c7500a95e8372b2b128ba8c4a2d8 236218 capi4hylafax_01.03.00.99.svn.300-17_amd64.deb Files: 0158d260a2465a90c9669ed570f83e9b 1337 comm extra capi4hylafax_01.03.00.99.svn.300-17.dsc 68a06e4bf59df89399052e995855f85a 544639 comm extra capi4hylafax_01.03.00.99.svn.300-17.debian.tar.gz 46e6d116cc098d32343873a398c0caef 236218 comm extra capi4hylafax_01.03.00.99.svn.300-17_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk/m9R0ACgkQXm3vHE4uylqLkwCggyNbnFm4/UGMJ1odVZNOI0Y4 HVoAoOL0wwvCIpT8zJlY2Ta1gWHHyFpd =iold -----END PGP SIGNATURE-----
--- End Message ---
