Subject: metis-edf: FTBFS with -Werror=format-security Package: metis-edf Severity: normal
-- System Information: Package metis-edf fails to compile with the new hardened compiler lags dpkg-buildflag outputs [1]. The problematic flag is: -Werror=format-security See the ubuntu buildlog: https://launchpad.net/ubuntu/+source/metis-edf/4.1-2-1/+build/2862546/+files/buildlog_ubuntu-precise-i386.metis-edf_4.1-2-1_FAILEDTOBUILD.txt.gz Snippet: gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -Wall -fPIC -DPIC -I. -c util.c util.c: In function '__errexit': util.c:31:4: error: format not a string literal and no format arguments [-Werror=format-security] cc1: some warnings being treated as errors The buildflags are not exported in debian, but can be enabled e.g. by adding this to debian/rules: DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk The problem could be solved with: --- metis-edf-4.1-2.orig/Lib/util.c +++ metis-edf-4.1-2/Lib/util.c @@ -28,7 +28,7 @@ sprintf(out2, "Error! %s", out1); - fprintf(stdout, out2); + fprintf(stdout, "%s", out2); fflush(stdout); abort(); Please, apply this patch as soon as possible. Best regards, Leo Iannacone [0] http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html ** Please type your report below this line *** Debian Release: wheezy/sid APT prefers oneiric-updates APT policy: (500, 'oneiric-updates'), (500, 'oneiric'), (100, 'oneiric-backports') Architecture: i386 (i686) Kernel: Linux 3.0.0-13-generic (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org