Your message dated Mon, 24 Oct 2011 07:18:25 +0000
with message-id <e1rienh-0001s5...@franck.debian.org>
and subject line Bug#643419: fixed in libcroco 0.6.2-2
has caused the Debian Bug report #643419,
regarding libcroco: FTBFS: cr-statement.c:2614:17: error: format not a string
literal and no format arguments [-Werror=format-security]
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
643419: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643419
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libcroco
Version: 0.6.2-1
Severity: serious
Tags: wheezy sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20110923 qa-ftbfs hardening-format-security hardening
Justification: FTBFS on amd64
Hi,
During a rebuild of all packages in sid, your package failed to build on
amd64.
Relevant part:
> gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../intl -I ../src
> -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/libxml2 -g
> -O2 -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat
> -Wformat-security -Werror=format-security -Wall -Wall -c cr-statement.c
> -fPIC -DPIC -o .libs/cr-statement.o
> cr-statement.c: In function 'cr_statement_ruleset_to_string':
> cr-statement.c:603:25: warning: pointer targets in assignment differ in
> signedness [-Wpointer-sign]
> cr-statement.c:614:25: warning: pointer targets in assignment differ in
> signedness [-Wpointer-sign]
> cr-statement.c: In function 'cr_statement_font_face_rule_to_string':
> cr-statement.c:670:25: warning: pointer targets in assignment differ in
> signedness [-Wpointer-sign]
> cr-statement.c: In function 'cr_statement_at_page_rule_to_string':
> cr-statement.c:773:21: warning: pointer targets in assignment differ in
> signedness [-Wpointer-sign]
> cr-statement.c: In function 'cr_statement_media_rule_to_string':
> cr-statement.c:816:47: warning: pointer targets in initialization differ in
> signedness [-Wpointer-sign]
> cr-statement.c: In function 'cr_statement_import_rule_to_string':
> cr-statement.c:868:21: warning: pointer targets in assignment differ in
> signedness [-Wpointer-sign]
> cr-statement.c:906:21: warning: pointer targets in assignment differ in
> signedness [-Wpointer-sign]
> cr-statement.c:910:9: warning: pointer targets in return differ in signedness
> [-Wpointer-sign]
> cr-statement.c: In function 'cr_statement_does_buf_parses_against_core':
> cr-statement.c:938:9: warning: pointer targets in passing argument 1 of
> 'strlen' differ in signedness [-Wpointer-sign]
> /usr/include/string.h:399:15: note: expected 'const char *' but argument is
> of type 'const guchar *'
> cr-statement.c: In function 'cr_statement_ruleset_parse_from_buf':
> cr-statement.c:1058:9: warning: pointer targets in passing argument 1 of
> 'strlen' differ in signedness [-Wpointer-sign]
> /usr/include/string.h:399:15: note: expected 'const char *' but argument is
> of type 'const guchar *'
> cr-statement.c: In function 'cr_statement_at_media_rule_parse_from_buf':
> cr-statement.c:1195:9: warning: pointer targets in passing argument 1 of
> 'strlen' differ in signedness [-Wpointer-sign]
> /usr/include/string.h:399:15: note: expected 'const char *' but argument is
> of type 'const guchar *'
> cr-statement.c: In function 'cr_statement_at_import_rule_parse_from_buf':
> cr-statement.c:1381:9: warning: pointer targets in passing argument 1 of
> 'strlen' differ in signedness [-Wpointer-sign]
> /usr/include/string.h:399:15: note: expected 'const char *' but argument is
> of type 'const guchar *'
> cr-statement.c:1414:24: warning: variable 'cur' set but not used
> [-Wunused-but-set-variable]
> cr-statement.c: In function 'cr_statement_at_page_rule_parse_from_buf':
> cr-statement.c:1510:9: warning: pointer targets in passing argument 1 of
> 'strlen' differ in signedness [-Wpointer-sign]
> /usr/include/string.h:399:15: note: expected 'const char *' but argument is
> of type 'const guchar *'
> cr-statement.c: In function 'cr_statement_at_charset_rule_parse_from_buf':
> cr-statement.c:1626:9: warning: pointer targets in passing argument 1 of
> 'strlen' differ in signedness [-Wpointer-sign]
> /usr/include/string.h:399:15: note: expected 'const char *' but argument is
> of type 'const guchar *'
> cr-statement.c: In function 'cr_statement_font_face_rule_parse_from_buf':
> cr-statement.c:1723:9: warning: pointer targets in passing argument 1 of
> 'strlen' differ in signedness [-Wpointer-sign]
> /usr/include/string.h:399:15: note: expected 'const char *' but argument is
> of type 'const guchar *'
> cr-statement.c: In function 'cr_statement_dump_ruleset':
> cr-statement.c:2612:13: warning: pointer targets in assignment differ in
> signedness [-Wpointer-sign]
> cr-statement.c:2614:17: warning: pointer targets in passing argument 2 of
> 'fprintf' differ in signedness [-Wpointer-sign]
> /usr/include/x86_64-linux-gnu/bits/stdio2.h:96:1: note: expected 'const char
> * __restrict__' but argument is of type 'guchar *'
> cr-statement.c:2614:17: error: format not a string literal and no format
> arguments [-Werror=format-security]
> cr-statement.c: In function 'cr_statement_dump_charset':
> cr-statement.c:2662:13: warning: pointer targets in assignment differ in
> signedness [-Wpointer-sign]
> cr-statement.c:2665:17: warning: pointer targets in passing argument 2 of
> 'fprintf' differ in signedness [-Wpointer-sign]
> /usr/include/x86_64-linux-gnu/bits/stdio2.h:96:1: note: expected 'const char
> * __restrict__' but argument is of type 'guchar *'
> cr-statement.c:2665:17: error: format not a string literal and no format
> arguments [-Werror=format-security]
> cr-statement.c: In function 'cr_statement_dump_page':
> cr-statement.c:2690:13: warning: pointer targets in assignment differ in
> signedness [-Wpointer-sign]
> cr-statement.c:2692:17: warning: pointer targets in passing argument 2 of
> 'fprintf' differ in signedness [-Wpointer-sign]
> /usr/include/x86_64-linux-gnu/bits/stdio2.h:96:1: note: expected 'const char
> * __restrict__' but argument is of type 'guchar *'
> cr-statement.c:2692:17: error: format not a string literal and no format
> arguments [-Werror=format-security]
> cr-statement.c: In function 'cr_statement_dump_media_rule':
> cr-statement.c:2718:17: error: format not a string literal and no format
> arguments [-Werror=format-security]
> cr-statement.c: In function 'cr_statement_dump_import_rule':
> cr-statement.c:2744:17: error: format not a string literal and no format
> arguments [-Werror=format-security]
> cc1: some warnings being treated as errors
>
> make[3]: *** [cr-statement.lo] Error 1
The full build log is available from:
http://people.debian.org/~lucas/logs/2011/09/23/libcroco_0.6.2-1_lsid64.buildlog
This happened because since dpkg 1.16.0 [0], hardening flags are enabled
under various conditions.
[0] http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html
A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!
About the archive rebuild: The rebuild was done on about 50 AMD64 nodes
of the Grid'5000 platform, using a clean chroot. Internet was not
accessible from the build systems.
--- End Message ---
--- Begin Message ---
Source: libcroco
Source-Version: 0.6.2-2
We believe that the bug you reported is fixed in the latest version of
libcroco, which is due to be installed in the Debian FTP archive:
libcroco-tools_0.6.2-2_i386.deb
to main/libc/libcroco/libcroco-tools_0.6.2-2_i386.deb
libcroco3-dev_0.6.2-2_i386.deb
to main/libc/libcroco/libcroco3-dev_0.6.2-2_i386.deb
libcroco3_0.6.2-2_i386.deb
to main/libc/libcroco/libcroco3_0.6.2-2_i386.deb
libcroco_0.6.2-2.debian.tar.gz
to main/libc/libcroco/libcroco_0.6.2-2.debian.tar.gz
libcroco_0.6.2-2.dsc
to main/libc/libcroco/libcroco_0.6.2-2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 643...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <bi...@debian.org> (supplier of updated libcroco package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 23 Oct 2011 01:51:25 +0200
Source: libcroco
Binary: libcroco3-dev libcroco3 libcroco-tools
Architecture: source i386
Version: 0.6.2-2
Distribution: unstable
Urgency: low
Maintainer: Debian GNOME Maintainers
<pkg-gnome-maintain...@lists.alioth.debian.org>
Changed-By: Michael Biebl <bi...@debian.org>
Description:
libcroco-tools - Cascading Style Sheet (CSS) parsing and manipulation toolkit
- ut
libcroco3 - Cascading Style Sheet (CSS) parsing and manipulation toolkit
libcroco3-dev - Cascading Style Sheet (CSS) parsing and manipulation toolkit
Closes: 462349 643419 646061
Changes:
libcroco (0.6.2-2) unstable; urgency=low
.
[ Emilio Pozuelo Monfort ]
* debian/control.in,
debian/rules:
+ Remove the chrpath hack, it's been fixed in libtool.
.
[ Steve Langasek ]
* src/cr-statement.c, tests/test{2,3}-main.c: fix passing of variables to
printf() when we should have a format string, to be safe. The tests/
problems are false positives because we control the input, and no
existing reverse dependencies call cr_statement_dump*, but better safe
than sorry. Closes: #643419.
* Build for multiarch. Closes: #646061.
* Move csslint to a new libcroco-tools package, for multiarch cleanliness.
Closes: #462349.
* croco-config.in: libdir is never used, so don't set it at all - this lets
the executable be the same across architectures and allows the -dev
package to be Multi-Arch: same.
.
[ Michael Biebl ]
* Switch to dpkg source format 3.0 (quilt).
* Drop libtool .la files since we break existing references with the switch
to multiarch anyway.
* debian/rules:
- Remove clean-la.mk, since don't install any .la files anymore.
* debian/control.in:
- Set pkg-gnome-maintain...@lists.alioth.debian.org as Maintainer.
- Add Vcs-* fields.
- Bump Standards-Version to 3.9.2. No further changes.
- Drop versioned Build-Depends on dpkg-dev which is no longer necessary.
- Refine description synopsis.
* Revise debian/copyright.
Checksums-Sha1:
741d78a427f98b599fdf0e6cc41ec54e8c765249 2291 libcroco_0.6.2-2.dsc
f0f09cab0c950c45cd4dde9bd7a022ac7d52a81c 5143 libcroco_0.6.2-2.debian.tar.gz
e02503ed8510083feed3405a24855d05647ee702 157476 libcroco3-dev_0.6.2-2_i386.deb
abca1b610eae7e581ea31bdc18a1454acd03201c 121870 libcroco3_0.6.2-2_i386.deb
8ec4f3edbb35ca3732ab282ed3c4c5bc0346ba27 35602 libcroco-tools_0.6.2-2_i386.deb
Checksums-Sha256:
a1334e445fd9a3ce0135bd593e4f275ecf903eb9ac0d5c1b9f648f71e369e6a4 2291
libcroco_0.6.2-2.dsc
5e1d2b6d6485c8be366a73f9cefa5636307cb6bc0cf00ce93412e2556e7a1c29 5143
libcroco_0.6.2-2.debian.tar.gz
a87394c300f9ffb37935cb62e2ddf855fe509ac47e241e2c1ba413b1a0774fe3 157476
libcroco3-dev_0.6.2-2_i386.deb
720d72f7991668d9fbf13e9c7ed2f7e199240c4b2ddd51ddfeca1d6edb610d41 121870
libcroco3_0.6.2-2_i386.deb
a014de715f4d3731d283b603070d341cb6064501dbdaa30b83c7f106996430e4 35602
libcroco-tools_0.6.2-2_i386.deb
Files:
773baa819781e4a2f5ac8db7a416fece 2291 libs optional libcroco_0.6.2-2.dsc
44445399721a48de9996caf7e71001ad 5143 libs optional
libcroco_0.6.2-2.debian.tar.gz
ac8fdeee0b6ef5c98ff4272f0937554d 157476 libdevel optional
libcroco3-dev_0.6.2-2_i386.deb
5b5d70fd6403d42dda4a3fe99de2489e 121870 libs optional
libcroco3_0.6.2-2_i386.deb
3d90d2faae927d3834dca0e68508de7e 35602 libs optional
libcroco-tools_0.6.2-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJOo1fzAAoJEGrh3w1gjyLcgbQP/j98+ojYGGaxtD+hxiPvkX7b
RIkj1jXe/SsXQBIpuuNm/ftlMs447lnCoygIhjfPI3qaPYzQXMlWz/iUILdX7rR5
VhrhUWSjRk0qg94YjXKQ+SvLW/x5PxcnTIjNOeSm6bP/bTX69v1tQxJGGBOtcRpf
XQee4JeBUqOjyirRqZkmu8Bsr+1/f4JAOmw2/o97Mdh6vx7snniR5P36Q/fbYxIk
EhR05gsaU4B2hYQJyO8/bR5smwFbtpdOW1pO22ae7fC/Wwnt5sJiVJbaH+ML+HkJ
ygUtPlXbsP2aifL7/IR6mDwFKtcaJHQBy8X8N7tqfHBSKFnktVWb1O9TLfqdaGOO
u8uS+kLmTcyN/XrVN3o+7eg5R9eXdSqSCmGh0WrSd4m7k68PsIUzxYjgkpygCtTG
uYDUgrIfEYkfzJ4gD4JfbV9+eNPvPFtN7RRK+1ay9dm4//eRBiFLnWk8cBGujBs6
xkpVI4ifGP1554p+dxOTXwMppMle0pG2xZZ4JsxZWANAFjccJvlC354KvRZtiCUi
ykoGB057igcLG0HadYFSCMxYDMulTcnaSdg0heAsrd0fkty7frcZhjyZpm9jFgkq
ijSSlOxID1MVMSng7Ruwb5l+un6RiHwpolnmsTasajfaZtGd5QqjmZRrGfMvNLa5
4JzUX4Hq84DB46+8K4pZ
=fbNg
-----END PGP SIGNATURE-----
--- End Message ---
