[Debian-med-packaging] Bug#653001: njplot fails to build with with -Werror=format-security
Charles Plessy
plessy at debian.org
Thu Dec 22 18:38:43 UTC 2011
Dear Manolo,
NJplot needs a small change in order to be built with the current default
parameters in Debian and Ubuntu. Do you think you could arrange a new
release that covers it ?
You can see below for more details. Also, we currently apply another patch
to NJplot. Would you consider it ?
http://patch-tracker.debian.org/patch/series/view/njplot/2.3-3/no_unneded_libs.patch
Have a nice day,
-- Charles
Le Thu, Dec 22, 2011 at 09:38:36PM +0300, Ilya Barygin a écrit :
> Package: njplot
> Version: 2.3-3
> Severity: serious
> Tags: upstream patch
> Justification: fails to build from source (but built successfully in the past)
> User: debian-qa at lists.debian.org
> Usertags: hardening-format-security
>
> njplot fails to build with -Werror=format-security compiler option.
>
> gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -Wall -c -I/usr/include/ncbi -DNO_PDF -DWIN_MOTIF -DHELPFILENAME=\"/usr/share/njplot/njplot.help\" njplot-vib.c
> njplot-vib.c: In function 'process_args':
> njplot-vib.c:1979:3: error: format not a string literal and no format arguments [-Werror=format-security]
> njplot-vib.c: In function 'dir_lineto':
> njplot-vib.c:2455:7: warning: unused variable 'p' [-Wunused-variable]
> njplot-vib.c: In function 'unrootedset':
> njplot-vib.c:3184:1: warning: label 'problem' defined but not used [-Wunused-label]
> njplot-vib.c: In function 'tty_plot':
> njplot-vib.c:4297:8: warning: variable 'erreur' set but not used [-Wunused-but-set-variable]
> njplot-vib.c: In function 'Nlm_GetFontData':
> njplot-vib.c:4377:5: warning: statement with no effect [-Wunused-value]
> cc1: some warnings being treated as errors
>
> Build log in Ubuntu:
> https://launchpadlibrarian.net/87346162/buildlog_ubuntu-precise-armhf.njplot_2.3-3_FAILEDTOBUILD.txt.gz
>
> See also:
> http://wiki.debian.org/Hardening
> http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html
>
> Patch from Ubuntu attached.
> https://launchpad.net/ubuntu/+source/njplot/2.3-3ubuntu1
>
>
> -- System Information:
> Debian Release: wheezy/sid
> APT prefers oneiric-updates
> APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 'oneiric-proposed'), (500, 'oneiric'), (100, 'oneiric-backports')
> Architecture: i386 (i686)
>
> Kernel: Linux 3.0.0-15-generic (SMP w/2 CPU cores)
> Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Description: fix FTBFS with -Werror=format-security.
> Author: Ilya Barygin <randomaction at ubuntu.com>
>
> --- njplot-2.3.orig/njplot-vib.c
> +++ njplot-2.3/njplot-vib.c
> @@ -1976,7 +1976,7 @@ PDFONLY" no window interface, just
> #else
> fprintf(stderr,
> #endif
> - message);
> + "%s", message);
> exit(0);
> }
> }
> _______________________________________________
> Debian-med-packaging mailing list
> Debian-med-packaging at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-med-packaging
--
Charles Plessy
Debian Med packaging team,
http://www.debian.org/devel/debian-med
Tsurumi, Kanagawa, Japan
More information about the Debian-med-packaging
mailing list