Package: posterazor Version: 1.5.1-1 Severity: normal Tags: upstream patch User: debian...@lists.debian.org Usertags: hardening-format-security
posterazor fails to build with -Werror=format-security compiler option. [ 20%] Building CXX object CMakeFiles/PosteRazor.dir/PosteRazorPDFOutput.o /build/buildd/posterazor-1.5.1/src/PosteRazorPDFOutput.cpp: In member function 'virtual int PosteRazorPDFOutputImplementation::finishSaving()': /build/buildd/posterazor-1.5.1/src/PosteRazorPDFOutput.cpp:400:31: error: format not a string literal and no format arguments [-Werror=format-security] cc1plus: some warnings being treated as errors Build log in Ubuntu: https://launchpadlibrarian.net/87307821/buildlog_ubuntu-precise-armhf.posterazor_1.5.1-1ubuntu1_FAILEDTOBUILD.txt.gz See also: http://wiki.debian.org/Hardening http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html Patch from Ubuntu follows. https://launchpad.net/ubuntu/+source/posterazor/1.5.1-1ubuntu2 only in patch2: unchanged: --- posterazor-1.5.1.orig/src/FlPosteRazorDialog.cpp +++ posterazor-1.5.1/src/FlPosteRazorDialog.cpp @@ -432,7 +432,7 @@ loaded = m_posteRazorController->loadInputImage(loadFileName, errorMessage, sizeof(errorMessage)); if (!loaded) { if (strlen(errorMessage) > 0) - fl_message(errorMessage); + fl_message("%s", errorMessage); else fl_message(Translations::instance().fileCouldNotBeLoaded(), fl_filename_name(loadFileName)); } @@ -603,7 +603,7 @@ fileExistsAskUserForOverwrite = my_file_exists(saveFileName); char overwriteQuestion[1024] = ""; sprintf(overwriteQuestion, Translations::instance().overwriteFile(), fl_filename_name(saveFileName)); - if (!fileExistsAskUserForOverwrite || fl_ask(overwriteQuestion)) { + if (!fileExistsAskUserForOverwrite || fl_ask("%s", overwriteQuestion)) { int err = m_posteRazorController->savePoster(saveFileName); if (err) fl_message(Translations::instance().fileCouldNotBeSaved(), fl_filename_name(saveFileName)); only in patch2: unchanged: --- posterazor-1.5.1.orig/src/PosteRazorPDFOutput.cpp +++ posterazor-1.5.1/src/PosteRazorPDFOutput.cpp @@ -397,7 +397,7 @@ int err = 0; const unsigned int startxref = ftell(m_outputFile); - fprintf(m_outputFile, m_xref); + fprintf(m_outputFile, "%s", m_xref); fprintf ( m_outputFile, -- System Information: Debian Release: wheezy/sid APT prefers oneiric-updates APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 'oneiric-proposed'), (500, 'oneiric'), (100, 'oneiric-backports') Architecture: i386 (i686) Kernel: Linux 3.0.0-15-generic (SMP w/2 CPU cores) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- System Information: Debian Release: wheezy/sid APT prefers oneiric-updates APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 'oneiric-proposed'), (500, 'oneiric'), (100, 'oneiric-backports') Architecture: i386 (i686) Kernel: Linux 3.0.0-15-generic (SMP w/2 CPU cores) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
