Your message dated Sun, 29 Jan 2012 13:34:26 +0000
with message-id <e1rrutm-0008ke...@franck.debian.org>
and subject line Bug#657624: fixed in gpe-conf 0.2.9-1.1
has caused the Debian Bug report #657624,
regarding FTBFS: suid.c:97:2: error: format not a string literal and no format
arguments [-Werror=format-security]
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
657624: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657624
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gpe-conf
Version: 0.2.9-1
Severity: serious
Tags: patch wheezy sid
Justification: FTBFS on i386
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch hardening-format-security hardening
Hi,
your package failed to build with the -Wformat-security flag enabled.
Relevant part:
> gcc -DPACKAGE_NAME=\"gpe-conf\" -DPACKAGE_TARNAME=\"gpe-conf\"
> -DPACKAGE_VERSION=\"0.2.9\" -DPACKAGE_STRING=\"gpe-conf\ 0.2.9\"
> -DPACKAGE_BUGREPORT=\"gpe-l...@linuxtogo.org\" -DPACKAGE_URL=\"\"
> -DPACKAGE=\"gpe-conf\" -DVERSION=\"0.2.9\" -DSTDC_HEADERS=1
> -DGETTEXT_PACKAGE=\"gpe-conf\" -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1
> -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1
> -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_LOCALE_H=1
> -DHAVE_LC_MESSAGES=1 -DHAVE_BIND_TEXTDOMAIN_CODESET=1 -DHAVE_GETTEXT=1
> -DHAVE_DCGETTEXT=1 -DENABLE_NLS=1 -I. -pthread -I/usr/include/gtk-2.0
> -I/usr/lib/i386-linux-gnu/gtk-2.0/include -I/usr/include/atk-1.0
> -I/usr/include/cairo -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/pango-1.0
> -I/usr/include/gio-unix-2.0/ -I/usr/include/glib-2.0
> -I/usr/lib/i386-linux-gnu/glib-2.0/include -I/usr/include/pixman-1
> -I/usr/include/freetype2 -I/usr/include/libpng12 -I./gpe -I. -I./modules
> -DPREFIX=\"/usr\" -D_GNU_SOURCE -Wall
-DPACKAGE_LOCALE_DIR=\"/usr/share/locale\" -DVERSION=\"0.2.9\"
-DDBUS_API_SUBJECT_TO_CHANGE -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Wformat-security -g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security
-Wall -c suid.c
> suid.c: In function 'update_system_hostname':
> suid.c:97:2: error: format not a string literal and no format arguments
> [-Werror=format-security]
This was already solved in Ubuntu with the attached patch.
Regards.
-- System Information:
Debian Release: wheezy/sid
APT prefers oneiric-updates
APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500,
'oneiric'), (100, 'oneiric-backports')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-15-generic (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru gpe-conf-0.2.9/debian/patches/format-security.patch gpe-conf-0.2.9/debian/patches/format-security.patch
--- gpe-conf-0.2.9/debian/patches/format-security.patch 1970-01-01 01:00:00.000000000 +0100
+++ gpe-conf-0.2.9/debian/patches/format-security.patch 2012-01-27 14:35:32.000000000 +0100
@@ -0,0 +1,41 @@
+Description: Fix FTBFS with -Wformat-security
+Author: Alessio Treglia <ales...@debian.org>
+Forwarded: no
+---
+ modules/cardinfo.c | 1 +
+ modules/serial.c | 2 +-
+ suid.c | 2 +-
+ 3 files changed, 3 insertions(+), 2 deletions(-)
+
+--- gpe-conf-0.2.9.orig/suid.c
++++ gpe-conf-0.2.9/suid.c
+@@ -94,7 +94,7 @@ update_system_hostname (const gchar * sy
+ return;
+ }
+
+- fprintf (fnew, system_hostname);
++ fprintf (fnew, "%s", system_hostname);
+
+ fclose (fnew);
+ }
+--- gpe-conf-0.2.9.orig/modules/serial.c
++++ gpe-conf-0.2.9/modules/serial.c
+@@ -390,7 +390,7 @@ Serial_Build_Objects (void)
+ FIRST_SERIAL = get_first_serial_port ();
+
+ portlist[0][1] = FIRST_SERIAL;
+- sprintf (cur_port, FIRST_SERIAL);
++ sprintf (cur_port, "%s", FIRST_SERIAL);
+
+ gpsd_installed = !access (GPSD_STARTUP_SCRIPT, F_OK);
+ getty_installed = !access ("/sbin/getty", F_OK);
+--- gpe-conf-0.2.9.orig/modules/cardinfo.c
++++ gpe-conf-0.2.9/modules/cardinfo.c
+@@ -164,6 +164,7 @@ save_config (char *config, int socket)
+ cfg = g_strsplit (config, "\n", 4); // idstr,version,manfid,binding
+ cur_bind = malloc (strlen (st[socket].card.str) - 5); // current driver binding
+ snprintf (cur_bind, strlen (st[socket].card.str) - 6,
++ "%s",
+ st[socket].card.str + 3);
+
+ /* determine config file type */
diff -Nru gpe-conf-0.2.9/debian/patches/series gpe-conf-0.2.9/debian/patches/series
--- gpe-conf-0.2.9/debian/patches/series 2009-12-17 22:02:35.000000000 +0100
+++ gpe-conf-0.2.9/debian/patches/series 2012-01-27 13:52:10.000000000 +0100
@@ -1 +1,2 @@
desktop-validity
+format-security.patch
--- End Message ---
--- Begin Message ---
Source: gpe-conf
Source-Version: 0.2.9-1.1
We believe that the bug you reported is fixed in the latest version of
gpe-conf, which is due to be installed in the Debian FTP archive:
gpe-conf_0.2.9-1.1.debian.tar.gz
to main/g/gpe-conf/gpe-conf_0.2.9-1.1.debian.tar.gz
gpe-conf_0.2.9-1.1.dsc
to main/g/gpe-conf/gpe-conf_0.2.9-1.1.dsc
gpe-conf_0.2.9-1.1_amd64.deb
to main/g/gpe-conf/gpe-conf_0.2.9-1.1_amd64.deb
gpe_0.2.9-1.1_all.deb
to main/g/gpe-conf/gpe_0.2.9-1.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 657...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alessio Treglia <ales...@debian.org> (supplier of updated gpe-conf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 29 Jan 2012 13:02:27 +0100
Source: gpe-conf
Binary: gpe-conf gpe
Architecture: source all amd64
Version: 0.2.9-1.1
Distribution: unstable
Urgency: low
Maintainer: Neil Williams <codeh...@debian.org>
Changed-By: Alessio Treglia <ales...@debian.org>
Description:
gpe - The G Palmtop Environment (GPE) metapackage
gpe-conf - configuration toolset for GPE
Closes: 657624
Changes:
gpe-conf (0.2.9-1.1) unstable; urgency=low
.
* Non-maintainer upload.
* Fix FTBFS with GCC hardened flag -Wformat-security (Closes: #657624)
Checksums-Sha1:
761ff9be3992ec44f80416aa6893ee374c10e429 2277 gpe-conf_0.2.9-1.1.dsc
abcca70b526c0fdb51c37c609b2b6efc31f6e45a 47257 gpe-conf_0.2.9-1.1.debian.tar.gz
b9e2bd109e067c7d09f2ecffc30e64e7cf9e0492 21428 gpe_0.2.9-1.1_all.deb
21b20c98acd258b3776c8f9ce7979d50297edd1d 618202 gpe-conf_0.2.9-1.1_amd64.deb
Checksums-Sha256:
66dcfbf2a63bfdc91e4346b0d949d5b4d5175a36ef597f4281619e4aecddd9cd 2277
gpe-conf_0.2.9-1.1.dsc
fac3ad44be9f589ff382f4e41a2b090f2ab9c3360a45c8e3c686703fa05331f1 47257
gpe-conf_0.2.9-1.1.debian.tar.gz
0bbd2e668c48bdc259f840371008968fd4cfe935d271d2dd40455d1a2a461cd3 21428
gpe_0.2.9-1.1_all.deb
fe3f231e41c1d4179166701a505643084857da30c8a8617558be2bec876fa3d7 618202
gpe-conf_0.2.9-1.1_amd64.deb
Files:
e79597a448a4143a27ab16824dbce84c 2277 x11 optional gpe-conf_0.2.9-1.1.dsc
f2e939e489707627dee03a35b5edc8df 47257 x11 optional
gpe-conf_0.2.9-1.1.debian.tar.gz
cd32448210a5df43562c04ca507a393f 21428 embedded extra gpe_0.2.9-1.1_all.deb
68a3f2f7d8ce4f7c1d4898a6de26e43f 618202 embedded extra
gpe-conf_0.2.9-1.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJPJUp1AAoJEOikiuUxHXZajyMP/AxDTnrxnBqAENXjNgSyKl41
mHkhSQUzG6kiOszxHNPvpalIIL9kb4mkosNfcxpP5bGd/2KFDhNVHB57TdBWdlOU
XJGm2CNm4IJHRindXv3UKcHcXTEXCLY1kp4+lgmdybTMc3mCqCNTLW0UtOimHYjV
LeOaed9V7qqLXIMl8ytqh5sIfbzVbIBA3u1gkBdKyUIRHvrt8+4mzWlpfQC2M9Y+
wITWbeMnBitl3orGS9lKbbYHQJACpDysPLHYMXEswh5eKtb93pe2TtMlN1LVkFB4
YsgGT9urBnWTZCltkMZyq1lmTA61wNdPKvxUpXQuNcjyF/7Tv3+XfyhFT0SvI8zj
JLOnELQq/jcdML7WCvOCI1lmm2eUhnFOr/Iv7+XZBOz8h1DBcF2yCRcYLEI5KMQY
EqZVGhGYgB4CC7lxwIE/8gWOE95uFK0j6Ft5Sd0ElTS/0/83cwTyx5Tt2FoT/aAt
UdCqyVuEYz4nzQa/4w+mP6OtmuycbW/znssz/nX0rSDeX0YEAF3JlGClXfa8Eb45
FZZrCHJsZ+b0bX8Gr+QrJ87nSuPiCczFfgPqwS4zCYx3Q6G6WoYdjMH2cHwc5q3R
oNpUmJJ4VeI0M4ihzd+Kt9BauaS6EXI7MMBDyvxR3JT5Ub8XszOpnH67qq9k9gs/
2ZwcQcLl4UqA8yc9Uq4a
=LWjK
-----END PGP SIGNATURE-----
--- End Message ---
