Bug#700313: marked as done (sharutils: Enable -Wformat-security)

Debian Bug Tracking System Sun, 24 Feb 2013 07:24:18 -0800

Your message dated Sun, 24 Feb 2013 15:22:23 +0000
with message-id <[email protected]>
and subject line Bug#700313: fixed in sharutils 1:4.11.1-2
has caused the Debian Bug report #700313,
regarding sharutils: Enable -Wformat-security
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
700313: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700313
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: sharutils
Severity: normal
Tags: patch

Dear Maintainer,

The attached patch fixes the build with -Wformat-security. It
should be forwarded to upstream if possible.

diff -Nru sharutils-4.11.1/debian/rules sharutils-4.11.1/debian/rules
--- sharutils-4.11.1/debian/rules       2012-06-02 19:22:17.000000000 +0200
+++ sharutils-4.11.1/debian/rules       2013-02-11 15:34:10.000000000 +0100
@@ -2,8 +2,6 @@
 
 package = sharutils
 
-export DEB_BUILD_MAINT_OPTIONS=hardening=-format
-
 %:
        dh $@
 

Regards,
Simon
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9

Description: Fix compilation with -Werror=format-security.
Author: Simon Ruderich <[email protected]>
Last-Update: 2012-06-12

Index: sharutils-4.11.1/src/shar.c
===================================================================
--- sharutils-4.11.1.orig/src/shar.c	2011-01-15 02:38:38.000000000 +0100
+++ sharutils-4.11.1/src/shar.c	2013-02-11 15:33:42.000000000 +0100
@@ -513,7 +513,7 @@
 
   if (stat (local_name, &struct_stat))
     {
-      error (0, errno, local_name);
+      error (0, errno, "%s", local_name);
       return 1;
     }
 
@@ -522,7 +522,7 @@
 
   if (directory = opendir (local_name), !directory)
     {
-      error (0, errno, local_name);
+      error (0, errno, "%s", local_name);
       return 1;
     }
 
@@ -615,7 +615,7 @@
 #else
   if (closedir (directory))
     {
-      error (0, errno, local_name);
+      error (0, errno, "%s", local_name);
       return 1;
     }
 #endif
@@ -666,7 +666,7 @@
     int status = stat (local_name_copy, &struct_stat);
 
     if (status != 0)
-      error (0, errno, local_name_copy);
+      error (0, errno, "%s", local_name_copy);
     else
       status = (*routine) (local_name_copy, restore_name);
 
Index: sharutils-4.11.1/src/unshar.c
===================================================================
--- sharutils-4.11.1.orig/src/unshar.c	2011-01-15 02:39:02.000000000 +0100
+++ sharutils-4.11.1/src/unshar.c	2013-02-11 15:33:42.000000000 +0100
@@ -453,7 +453,7 @@
               strcpy (cp, arg);
             }
           if (file = fopen (name_buffer, "r"), !file)
-            error (EXIT_FAILURE, errno, name_buffer);
+            error (EXIT_FAILURE, errno, "%s", name_buffer);
           unarchive_shar_file (name_buffer, file);
           fclose (file);
         }
@@ -511,13 +511,13 @@
   {
     int fd = mkstemp (pz_fname);
     if (fd < 0)
-      error (EXIT_FAILURE, errno, pz_fname);
+      error (EXIT_FAILURE, errno, "%s", pz_fname);
 
     fp = fdopen (fd, "w+");
   }
 
   if (fp == NULL)
-    error (EXIT_FAILURE, errno, pz_fname);
+    error (EXIT_FAILURE, errno, "%s", pz_fname);
 
   {
     char *buf = malloc (pg_sz);

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: sharutils
Source-Version: 1:4.11.1-2

We believe that the bug you reported is fixed in the latest version of
sharutils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Santiago Vila <[email protected]> (supplier of updated sharutils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 24 Feb 2013 14:05:30 +0100
Source: sharutils
Binary: sharutils sharutils-doc
Architecture: source amd64 all
Version: 1:4.11.1-2
Distribution: unstable
Urgency: low
Maintainer: Santiago Vila <[email protected]>
Changed-By: Santiago Vila <[email protected]>
Description: 
 sharutils  - shar, unshar, uuencode, uudecode
 sharutils-doc - Documentation for GNU sharutils
Closes: 694956 700313
Changes: 
 sharutils (1:4.11.1-2) unstable; urgency=low
 .
   * Added fix for gnulib compilation against eglibc 2.16, which no longer
     declares gets by default. Closes: #694956.
   * Allow compilation with -Werror=format-security. Closes: #700313.
Checksums-Sha1: 
 92c9789ad0036e3035e0fd33a1cfb2f063f4cce4 1463 sharutils_4.11.1-2.dsc
 3647cbd593042c910fd5c582eb4e590af8f35cab 18005 sharutils_4.11.1-2.debian.tar.gz
 feb9dbe51037c3f8fc563fe1bd6bf345c34f05bd 194838 sharutils_4.11.1-2_amd64.deb
 99ddd51c0e6d199084df10c25456a705df2fc0e5 30680 sharutils-doc_4.11.1-2_all.deb
Checksums-Sha256: 
 97b2bf9483076e338e4151107dceab020a385884c4b2df845af797b9fde57dfe 1463 
sharutils_4.11.1-2.dsc
 2b8f5fcbef9ad586484f28aecf827296250520490c14a6a85d78e787d45e97df 18005 
sharutils_4.11.1-2.debian.tar.gz
 5f342de985a8137d3ef12f0ac0285c30dea7d548f9995e22478fc620678b6c32 194838 
sharutils_4.11.1-2_amd64.deb
 48b3c1f4d2ca576af5bc3feddacf7407ffcdc3696622750313a354316dc27a60 30680 
sharutils-doc_4.11.1-2_all.deb
Files: 
 2e269bda5aae3c17299506b6c3df9993 1463 utils optional sharutils_4.11.1-2.dsc
 c555f09fd1cbd089d35d2d750ed3a3f9 18005 utils optional 
sharutils_4.11.1-2.debian.tar.gz
 2f553861a5ae1d141e97651a724b3ee7 194838 utils optional 
sharutils_4.11.1-2_amd64.deb
 d60790a0a64ed057a53eb4565d4dbe17 30680 doc optional 
sharutils-doc_4.11.1-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJRKhUsAAoJEEHOfwufG4syh3cH/Rkx1Od0NrxLbdNLXBa2YwuQ
gYSIGROND7vGeMP4qvwMYyt5WNrprbuQi/izpLsdEKZC2NvbaM4TKXbbwlbjw9JM
ZiXIPblypf8OjhpgFPtvsUED9fdxk+KTHSBNdaFBvGdJ2F3xHATBQDULcVBv5yOW
N0EG5iBi0RZvHfUMeZYKtI+ZnZCc0BFIWKXm+gWWM2ZX172zW19FIg1eY7p3GuG0
bQVrey+/nS8Uef78xb25kRPdRRGcGAh3B2lI0hNt5i2F7preXmRHwQCV/TtfodM0
F08q9jaaeyq9SrLFz0hidvgUHaG/62aBS4xLXITqep8VRZmovfpc5cqIIb/EKIg=
=QHP/
-----END PGP SIGNATURE-----

--- End Message ---

Bug#700313: marked as done (sharutils: Enable -Wformat-security)

Reply via email to