Package: snacc Version: snacc_1.3bbn-11 Severity: normal Tags: upstream patch User: debian...@lists.debian.org Usertags: hardening-format-security
snacc fails to build with -Werror=format-security compiler option. libtool: compile: gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../../c-lib/inc -DUSE_GEN_BUF -DTTBL -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -Wall -DFLEX_IN_USE -c tbl-dbg.c -fPIC -DPIC -o .libs/tbl-dbg.o In file included from ../../c-lib/inc/tbl-gen.h:5:0, from ../../c-lib/inc/tbl-dbg.h:4, from tbl-dbg.c:2: .../../c-lib/inc/tbl-incl.h:27:0: warning: "TTBL" redefined [enabled by default] <command-line>:0:0: note: this is the location of the previous definition tbl-dbg.c: In function 'DBGOcts': tbl-dbg.c:11:2: warning: implicit declaration of function 'isprint' [-Wimplicit-function-declaration] tbl-dbg.c: In function 'DBGSimple': tbl-dbg.c:227:9: warning: unused variable 'i' [-Wunused-variable] tbl-dbg.c:223:14: warning: unused variable 'form' [-Wunused-variable] tbl-dbg.c: In function 'DBGPrintType': tbl-dbg.c:309:2: error: format not a string literal and no format arguments [-Werror=format-security] tbl-dbg.c: In function 'DBGType': tbl-dbg.c:325:5: warning: initialization from incompatible pointer type [enabled by default] tbl-dbg.c:325:5: warning: (near initialization for 'printproc[0]') [enabled by default] tbl-dbg.c:325:5: warning: initialization from incompatible pointer type [enabled by default] tbl-dbg.c:325:5: warning: (near initialization for 'printproc[1]') [enabled by default] tbl-dbg.c:325:5: warning: initialization from incompatible pointer type [enabled by default] tbl-dbg.c:325:5: warning: (near initialization for 'printproc[2]') [enabled by default] tbl-dbg.c:326:5: warning: initialization from incompatible pointer type [enabled by default] tbl-dbg.c:326:5: warning: (near initialization for 'printproc[3]') [enabled by default] tbl-dbg.c:327:13: warning: initialization from incompatible pointer type [enabled by default] tbl-dbg.c:327:13: warning: (near initialization for 'printproc[4]') [enabled by default] tbl-dbg.c:327:13: warning: initialization from incompatible pointer type [enabled by default] tbl-dbg.c:327:13: warning: (near initialization for 'printproc[5]') [enabled by default] tbl-dbg.c:327:13: warning: initialization from incompatible pointer type [enabled by default] tbl-dbg.c:327:13: warning: (near initialization for 'printproc[6]') [enabled by default] tbl-dbg.c:327:13: warning: initialization from incompatible pointer type [enabled by default] tbl-dbg.c:327:13: warning: (near initialization for 'printproc[7]') [enabled by default] cc1: some warnings being treated as errors Build log in Ubuntu: https://launchpadlibrarian.net/87253059/buildlog_ubuntu-precise-armhf.snacc_1.3bbn-11ubuntu1_FAILEDTOBUILD.txt.gz See also: http://wiki.debian.org/Hardening http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html Patch from Ubuntu attached. https://launchpad.net/ubuntu/+source/snacc/1.3bbn-11ubuntu2 -- System Information: Debian Release: wheezy/sid APT prefers oneiric-updates APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 'oneiric-proposed'), (500, 'oneiric'), (100, 'oneiric-backports') Architecture: i386 (i686) Kernel: Linux 3.0.0-15-generic (SMP w/2 CPU cores) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
Description: fix FTBFS with -Werror=format-security Author: Ilya Barygin <randomact...@ubuntu.com> --- snacc-1.3bbn.orig/c-lib/src/tbl-dbg.c +++ snacc-1.3bbn/c-lib/src/tbl-dbg.c @@ -306,7 +306,7 @@ if (type->typeId == TBL_TYPEREF) DBGOcts(&type->content->a.typeRef->typeDefPtr->typeName); else - fprintf(stdout,TIN[type->typeId]); + fprintf(stdout,"%s",TIN[type->typeId]); if (type->fieldName.octetLen) { fprintf(stdout," ");