Bug#643438: m16c-flash: FTBFS: cm16flash.cxx:230:24: error: format not a string literal and no format arguments [-Werror=format-security]

Thu, 08 Dec 2011 08:45:16 -0800 

On Tue, Sep 27, 2011 at 02:34:25PM +0200, Didier Raboud wrote:
>Source: m16c-flash
>Version: 0.1-1
>Severity: serious
>Tags: wheezy sid
>User: debian...@lists.debian.org
>Usertags: qa-ftbfs-20110923 qa-ftbfs hardening-format-security hardening
>Justification: FTBFS on amd64
>
>Hi,
>
>During a rebuild of all packages in sid, your package failed to build on
>amd64.
>
>Relevant part:
>> g++ -g -O2 -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 
>> -Wformat -Wformat-security -Werror=format-security -Wall cm16flash.cxx -c -o 
>> cm16flash.o
>> cm16flash.cxx: In member function 'int CM16Flash::readVersionInfo(char*)':
>> cm16flash.cxx:230:24: error: format not a string literal and no format 
>> arguments [-Werror=format-security]
>> cc1plus: some warnings being treated as errors
>> 
>> make[1]: *** [cm16flash.o] Error 1
>
>The full build log is available from:
>   
> http://people.debian.org/~lucas/logs/2011/09/23/m16c-flash_0.1-1_lsid64.buildlog
>
>This happened because since dpkg 1.16.0 [0], hardening flags are enabled 
>under various conditions.
>
>[0] http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html

Trivial NMU diff attached to fix this.

Cheers,
-- 
Steve McIntyre                                steve.mcint...@linaro.org
<http://www.linaro.org/> Linaro.org | Open source software for ARM SoCs

diff -u m16c-flash-0.1/debian/changelog m16c-flash-0.1/debian/changelog
--- m16c-flash-0.1/debian/changelog
+++ m16c-flash-0.1/debian/changelog
@@ -1,3 +1,10 @@
+m16c-flash (0.1-1.1) unstable; urgency=low
+
+  * NMU
+  * Trivial fix for format-security FTBFS. Closes: #643438
+
+ -- Steve McIntyre <steve.mcint...@linaro.org>  Thu, 08 Dec 2011 16:28:48 +0000
+
 m16c-flash (0.1-1) unstable; urgency=low
 
   * Initial release (Closes: #384171).
only in patch2:
unchanged:
--- m16c-flash-0.1.orig/debian/patches/11_format_security_643438.patch
+++ m16c-flash-0.1/debian/patches/11_format_security_643438.patch
@@ -0,0 +1,11 @@
+--- m16c-flash-0.1/cm16flash.cxx.old	2011-12-08 16:25:17.244440173 +0000
++++ m16c-flash-0.1/cm16flash.cxx	2011-12-08 16:25:22.176439506 +0000
+@@ -227,7 +227,7 @@
+     return 0;
+   }
+   
+-  printf(pszVersionInfo);
++  printf("%s", pszVersionInfo);
+ //  printf("OK.");
+   fflush(stdout);
+   return 1;

Reply via email to