Bug#712588: marked as done (libxaw: Please enable -Werror=format-security)

[Debian Bug Tracking System]

Your message dated Fri, 1 Nov 2024 18:30:20 +0100
with message-id <ZyUQLE3ze-ypjU_N@carotte>
and subject line Re: Bug#712588: libxaw: Please enable -Werror=format-security
has caused the Debian Bug report #712588,
regarding libxaw: Please enable -Werror=format-security
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
712588: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712588
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libxaw
Severity: normal
Tags: patch

Hello,

The attached patch fixes compiling with -Werror=format-security.
Please apply it. It should be sent to upstream if possible.

diff -u libxaw-1.0.11/debian/rules libxaw-1.0.11/debian/rules
--- libxaw-1.0.11/debian/rules
+++ libxaw-1.0.11/debian/rules
@@ -24,7 +24,7 @@
 else
        confflags += --build=$(DEB_BUILD_GNU_TYPE) --host=$(DEB_HOST_GNU_TYPE)
 endif
-confflags += $(shell DEB_CFLAGS_MAINT_APPEND=-Wall 
DEB_BUILD_MAINT_OPTIONS=hardening=-format dpkg-buildflags --export=configure)
+confflags += $(shell DEB_CFLAGS_MAINT_APPEND=-Wall dpkg-buildflags 
--export=configure)
 
 configure: $(QUILT_STAMPFN)
        autoreconf -vfi

Regards
Simon
-- 
+ privacy is necessary
+ using gnupg http://gnupg.org
+ public key id: 0x92FEFDB7E44C32F9

--- libxaw-1.0.11.orig/src/DisplayList.c
+++ libxaw-1.0.11/src/DisplayList.c
@@ -290,7 +290,7 @@
 	}
       if (fp)
 	{
-	  snprintf(cname, fp - fname + 1, fname);
+	  snprintf(cname, fp - fname + 1, "%s", fname);
 	  memmove(fname, fp + 1, strlen(fp));
 	  lc = cname[0] ? XawGetDisplayListClass(cname) : xlibc;
 	  if (!lc)

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Version: 2:1.0.12-1

On Mon, Jun 17, 2013 at 16:45:04 +0200, Simon Ruderich wrote:

> The attached patch fixes compiling with -Werror=format-security.
> Please apply it. It should be sent to upstream if possible.
> 
This was fixed upstream in
https://gitlab.freedesktop.org/xorg/lib/libxaw/-/commit/ec7d7c303385a6bdb0833a5aaae96be697cca7ab
and in debian in version 2:1.0.12-1 (over 10 years ago...)

Cheers,
Julien

--- End Message ---