Bug#646348: mixxx: FTBFS with -Werror=format-security
Julian Taylor
jtaylor.debian at googlemail.com
Sun Oct 23 13:11:06 UTC 2011
Source: mixxx
Version: 1.9.0+dfsg0-5
Severity: normal
User: debian-qa at lists.debian.org
Usertags: hardening-format-security hardening
the package mixxx fails to compile with the new hardened compiler
flags dpkg-buildflag outputs [0].
The problematic flag is: -Werror=format-security
See the ubuntu buildlog:
https://launchpadlibrarian.net/83074185/buildlog_ubuntu-precise-i386.mixxx_1.9.0%2Bdfsg0-5_FAILEDTOBUILD.txt.gz
Snippet:
g++ -o lin32_build/main.o -c -g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Wformat-security
-Werror=format-security -g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Wformat-security
-Werror=format-security -pipe -Wall -Wextra -g -O3 -fomit-frame-pointer
-ffast-math -funroll-loops -DQT_GUI_LIB -Damd64 -D__LINUX__ -D__UNIX__
-DSETTINGS_PATH=\".mixxx/\" -DBPMSCHEME_FILE=\"mixxxbpmscheme.xml\"
-DSETTINGS_FILE=\"mixxx.cfg\" -DTRACK_FILE=\"mixxxtrack.xml\"
-DUNIX_SHARE_PATH=\"/usr/share/mixxx\" -D__PORTAUDIO__
-DQT_TABLET_SUPPORT -DQT_SHARED -D__SNDFILE__ -D__MIDISCRIPT__
-D__VINYLCONTROL__ -D__SHOUTCAST__ -I/usr/share/qt4/include
-Ilin32_build -Isrc -I/usr/include/soundtouch -Ilib/kissfft
-Ilib/replaygain -I/usr/include/qt4 -I/usr/include/qt4/QtCore
-I/usr/include/qt4/QtGui -I/usr/include/qt4/QtOpenGL
-I/usr/include/qt4/QtXml -I/usr/include/qt4/QtSvg
-I/usr/include/qt4/QtSql -I/usr/include/qt4/QtScript
-I/usr/include/qt4/QtXmlPatterns -I/usr/include/qt4/QtNetwork
-I/usr/include/qt4/QtWebKit -I/usr/share/qt4/include/QtCore
-I/usr/share/qt4/include/QtGui -I/usr/share/qt4/include/QtXml
-I/usr/share/qt4/include/QtNetwork -I/usr/share/qt4/include/QtSql
-I/usr/share/qt4/include/QtOpenGL -I/usr/share/qt4/include/QtWebKit
-I/usr/share/qt4/include/Qt -Ilib/fidlib-0.9.9 -I/usr/include/taglib
-I/usr/share/qt4/include/QtScript -Ilib/xwax -Ilib/scratchlib src/main.cpp
src/main.cpp: In function 'int main(int, char**)':
src/main.cpp:206:36: error: format not a string literal and no format
arguments [-Werror=format-security]
The buildflags are not exported in debian, but can be enabled e.g. by
adding this to debian/rules:
DPKG_EXPORT_BUILDFLAGS = 1
include /usr/share/dpkg/buildflags.mk
Please fix the issues and maybe also enable the hardened build in debian.
[0] http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20111023/6ab84ae1/attachment.pgp>
More information about the pkg-multimedia-maintainers
mailing list