[Debian-med-packaging] Bug#653001: njplot fails to build with with -Werror=format-security

Charles Plessy plessy at debian.org
Thu Dec 22 18:38:43 UTC 2011 

Dear Manolo,

NJplot needs a small change in order to be built with the current default
parameters in Debian and Ubuntu.  Do you think you could arrange a new
release that covers it ?

You can see below for more details.  Also, we currently apply another patch
to NJplot.  Would you consider it ?

  http://patch-tracker.debian.org/patch/series/view/njplot/2.3-3/no_unneded_libs.patch

Have a nice day,

-- Charles 

Le Thu, Dec 22, 2011 at 09:38:36PM +0300, Ilya Barygin a écrit :
> Package: njplot
> Version: 2.3-3
> Severity: serious
> Tags: upstream patch
> Justification: fails to build from source (but built successfully in the past)
> User: debian-qa at lists.debian.org
> Usertags: hardening-format-security
> 
> njplot fails to build with -Werror=format-security compiler option.
> 
> gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -Wall -c -I/usr/include/ncbi -DNO_PDF -DWIN_MOTIF -DHELPFILENAME=\"/usr/share/njplot/njplot.help\"  njplot-vib.c
> njplot-vib.c: In function 'process_args':
> njplot-vib.c:1979:3: error: format not a string literal and no format arguments [-Werror=format-security]
> njplot-vib.c: In function 'dir_lineto':
> njplot-vib.c:2455:7: warning: unused variable 'p' [-Wunused-variable]
> njplot-vib.c: In function 'unrootedset':
> njplot-vib.c:3184:1: warning: label 'problem' defined but not used [-Wunused-label]
> njplot-vib.c: In function 'tty_plot':
> njplot-vib.c:4297:8: warning: variable 'erreur' set but not used [-Wunused-but-set-variable]
> njplot-vib.c: In function 'Nlm_GetFontData':
> njplot-vib.c:4377:5: warning: statement with no effect [-Wunused-value]
> cc1: some warnings being treated as errors
> 
> Build log in Ubuntu:
> https://launchpadlibrarian.net/87346162/buildlog_ubuntu-precise-armhf.njplot_2.3-3_FAILEDTOBUILD.txt.gz
> 
> See also:
> http://wiki.debian.org/Hardening
> http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html
> 
> Patch from Ubuntu attached.
> https://launchpad.net/ubuntu/+source/njplot/2.3-3ubuntu1
> 
> 
> -- System Information:
> Debian Release: wheezy/sid
>   APT prefers oneiric-updates
>   APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 'oneiric-proposed'), (500, 'oneiric'), (100, 'oneiric-backports')
> Architecture: i386 (i686)
> 
> Kernel: Linux 3.0.0-15-generic (SMP w/2 CPU cores)
> Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash

> Description: fix FTBFS with -Werror=format-security.
> Author: Ilya Barygin <randomaction at ubuntu.com>
> 
> --- njplot-2.3.orig/njplot-vib.c
> +++ njplot-2.3/njplot-vib.c
> @@ -1976,7 +1976,7 @@ PDFONLY"       no window interface, just
>  #else
>  		fprintf(stderr,
>  #endif
> -		message);
> +		"%s", message);
>  		exit(0);
>  		}
>  	}

> _______________________________________________
> Debian-med-packaging mailing list
> Debian-med-packaging at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-med-packaging


-- 
Charles Plessy
Debian Med packaging team,
http://www.debian.org/devel/debian-med
Tsurumi, Kanagawa, Japan

More information about the Debian-med-packaging mailing list