Bug#643393: gnome-scan: FTBFS: gnome-scan-dialog.c:565:13: error: format not a string literal and no format arguments [-Werror=format-security]

Tue Sep 27 12:28:53 UTC 2011

Source: gnome-scan
Version: 0.6.2-1
Severity: serious
Tags: wheezy sid
User: debian-qa at lists.debian.org
Usertags: qa-ftbfs-20110923 qa-ftbfs hardening-format-security hardening
Justification: FTBFS on amd64

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64.

Relevant part:
> /bin/bash ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DPACKAGE_LOCALE_DIR=\""/usr/share/locale"\" -DICON_DIR=\""/usr/share/gnome-scan/icons"\"   -pthread -DORBIT2=1 -I/usr/include/gtk-2.0 -I/usr/lib/x86_64-linux-gnu/gtk-2.0/include -I/usr/include/pango-1.0 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/atk-1.0 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/gio-unix-2.0/ -I/usr/include/cairo -I/usr/include/gegl-0.0 -I/usr/include/babl-0.0 -I/usr/include/gconf/2 -I/usr/include/orbit-2.0   -DMODULE_DIR="\"/usr/lib/gnome-scan-1.0\"" -g -O2 -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wall -c -o libgnomescan_la-gnome-scan-dialog.lo `test -f 'gnome-scan-dialog.c' || echo './'`gnome-scan-dialog.c
> libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -DPACKAGE_LOCALE_DIR=\"/usr/share/locale\" -DICON_DIR=\"/usr/share/gnome-scan/icons\" -pthread -DORBIT2=1 -I/usr/include/gtk-2.0 -I/usr/lib/x86_64-linux-gnu/gtk-2.0/include -I/usr/include/pango-1.0 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/atk-1.0 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/gio-unix-2.0/ -I/usr/include/cairo -I/usr/include/gegl-0.0 -I/usr/include/babl-0.0 -I/usr/include/gconf/2 -I/usr/include/orbit-2.0 -DMODULE_DIR=\"/usr/lib/gnome-scan-1.0\" -g -O2 -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wall -c gnome-scan-dialog.c  -fPIC -DPIC -o .libs/libgnomescan_la-gnome-scan-dialog.o
> gnome-scan-dialog.c: In function 'gnome_scan_dialog_dispose':
> gnome-scan-dialog.c:347:3: warning: suggest parentheses around assignment used as truth value [-Wparentheses]
> gnome-scan-dialog.c:361:3: warning: suggest parentheses around assignment used as truth value [-Wparentheses]
> gnome-scan-dialog.c: In function 'gsd_message_dialog':
> gnome-scan-dialog.c:565:13: error: format not a string literal and no format arguments [-Werror=format-security]
> gnome-scan-dialog.c:567:14: error: format not a string literal and no format arguments [-Werror=format-security]
> gnome-scan-dialog.c: In function 'gsd_build_group_box':
> gnome-scan-dialog.c:638:3: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
> gnome-scan-dialog.c:638:3: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
> gnome-scan-dialog.c:692:2: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
> gnome-scan-dialog.c:692:2: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
> gnome-scan-dialog.c:581:62: warning: unused variable 'eventbox' [-Wunused-variable]
> gnome-scan-dialog.c: In function 'gsd_show_hide_param_widget':
> gnome-scan-dialog.c:722:2: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
> gnome-scan-dialog.c:722:2: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
> gnome-scan-dialog.c:723:16: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
> gnome-scan-dialog.c:735:2: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
> gnome-scan-dialog.c:735:2: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
> gnome-scan-dialog.c:736:10: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
> gnome-scan-dialog.c: In function 'gsd_destroy_param':
> gnome-scan-dialog.c:767:3: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
> gnome-scan-dialog.c:767:3: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
> gnome-scan-dialog.c:771:16: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
> gnome-scan-dialog.c:773:3: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
> gnome-scan-dialog.c:773:3: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
> gnome-scan-dialog.c:777:10: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
> gnome-scan-dialog.c: In function 'gsd_load_backends':
> gnome-scan-dialog.c:799:11: warning: variable 'thread' set but not used [-Wunused-but-set-variable]
> gnome-scan-dialog.c: In function 'gsd_build_sink_ui':
> gnome-scan-dialog.c:1047:9: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
> gnome-scan-dialog.c: In function 'gsd_build_scanner_ui':
> gnome-scan-dialog.c:1080:2: warning: suggest parentheses around assignment used as truth value [-Wparentheses]
> gnome-scan-dialog.c:1139:9: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
> gnome-scan-dialog.c: In function 'gsd_build_processing_ui':
> gnome-scan-dialog.c:1179:10: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
> gnome-scan-dialog.c: In function 'gsd_preview_refresh':
> gnome-scan-dialog.c:1304:18: warning: unused variable 'origin' [-Wunused-variable]
> gnome-scan-dialog.c: At top level:
> gnome-scan-dialog.c:1149:1: warning: 'gsd_update_scanner_ui' defined but not used [-Wunused-function]
> cc1: some warnings being treated as errors
> 
> make[3]: *** [libgnomescan_la-gnome-scan-dialog.lo] Error 1

The full build log is available from:
   http://people.debian.org/~lucas/logs/2011/09/23/gnome-scan_0.6.2-1_lsid64.buildlog

This happened because since dpkg 1.16.0 [0], hardening flags are enabled 
under various conditions.

[0] http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html

A list of current common problems and possible solutions is available at 
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on about 50 AMD64 nodes
of the Grid'5000 platform, using a clean chroot.  Internet was not
accessible from the build systems.