Your message dated Thu, 12 Jan 2012 10:34:30 +0000
with message-id <[email protected]>
and subject line Bug#655499: fixed in zoo 2.10-25
has caused the Debian Bug report #655499,
regarding Please enabled hardened build flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
655499: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655499
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: zoo
Version: 2.10-24
Severity: important
Tags: patch
Please enabled hardened build flags through dpkg-buildflags.
Patch attached. The hardened build flags also exposed several
missing format strings, for which I have attached patches as
well.
Cheers,
Moritz
diff -aur zoo-2.10.orig/makefile zoo-2.10/makefile
--- zoo-2.10.orig/makefile 2012-01-09 06:08:51.000000000 +0100
+++ zoo-2.10/makefile 2012-01-09 06:13:28.000000000 +0100
@@ -23,7 +23,11 @@
MODEL =
EXTRA = -DBIG_MEM -DNDEBUG
LINTFLAGS = -DLINT
-OPTIM = -O -Wall
+OPTIM = `dpkg-buildflags --get CFLAGS`
+OPTIM += -Wall
+OPTIM += `dpkg-buildflags --get CPPFLAGS`
+LDFLAGS = `dpkg-buildflags --get LDFLAGS`
+
DESTDIR = /usr/local/bin
#List of all object files created for Zoo
@@ -98,11 +102,11 @@
# Linux
linux:
- $(MAKE) CC="gcc" CFLAGS="-c $(OPTIM) $(LINTFLAGS) -DLINUX -DANSI_HDRS" $(TARGETS)
+ $(MAKE) CC="gcc" CFLAGS="-c $(OPTIM) $(LINTFLAGS) -DLINUX -DANSI_HDRS" LDFLAGS="$(LDFLAGS)" $(TARGETS)
# Linux64
linux64:
- $(MAKE) CC="gcc" CFLAGS="-c $(OPTIM) $(LINTFLAGS) -DLINUX -DLONG64 -DANSI_HDRS" $(TARGETS)
+ $(MAKE) CC="gcc" CFLAGS="-c $(OPTIM) $(LINTFLAGS) -DLINUX -DLONG64 -DANSI_HDRS" LDFLAGS="$(LDFLAGS)" $(TARGETS)
# ULTRIX 4.1
ultrix:
Nur in zoo-2.10: makefile~.
diff -aur zoo-2.10.orig/zoo.c zoo-2.10/zoo.c
--- zoo-2.10.orig/zoo.c 2012-01-09 06:14:34.000000000 +0100
+++ zoo-2.10/zoo.c 2012-01-09 06:16:28.000000000 +0100
@@ -167,7 +167,7 @@
cmd == UPDATE || cmd == DELETE) && argc < 4) ||
((cmd == EXTRACT || cmd == TEST || cmd == LIST ||
cmd == PRINT || cmd == COMMENT) && argc < 3)) {
- fprintf (stderr, incorrect_args);
+ fprintf (stderr, "%s", incorrect_args);
goto show_usage;
}
} else {
@@ -191,7 +191,7 @@
)
)
) {
- fprintf (stderr, incorrect_args);
+ fprintf (stderr, "%s", incorrect_args);
goto show_usage;
}
}
@@ -282,25 +282,25 @@
/* brief usage list */
give_list:
- fprintf (stderr, usage); zooexit (1);
+ fprintf (stderr, "%s", usage); zooexit (1);
/* help screen */
bigusage:
printf ("Zoo archiver, %s\n", version);
printf("(C) Copyright 1991 Rahul Dhesi -- Noncommercial use permitted\n");
-printf (usage);
+printf ("%s", usage);
printf ("\nChoose a command from within {} and zero or more modifiers from within [].\n");
printf ("E.g.: `zoo a save /bin/*' will archive all files in /bin into save.zoo.\n");
printf ("(Please see the user manual for a complete description of commands.)\n");
-printf (nov_usage);
-printf (nov_cmds);
+printf ("%s", nov_usage);
+printf ("%s", nov_cmds);
printf ("\n");
wait_return(); /* print msg & wait for RETURN */
printf ("\n");
-printf (usage);
+printf ("%s", usage);
printf (" Commands in {} mean: |Modifiers in [] mean:\n");
Nur in zoo-2.10: zoo.c~.
--- zoo-2.10.orig/zooadd.c 2012-01-09 06:14:34.000000000 +0100
+++ zoo-2.10/zooadd.c 2012-01-09 06:19:07.000000000 +0100
@@ -542,7 +542,7 @@
status = getfile (this_file, zoo_file, -1L, 1);
if (status != 0) { /* if III */
success = 0;
- printf (disk_full);
+ printf ("%s", disk_full);
exit_status++;
} else {
success = 1;
diff -aur zoo-2.10.orig/zoolist.c zoo-2.10/zoolist.c
--- zoo-2.10.orig/zoolist.c 2012-01-09 06:14:34.000000000 +0100
+++ zoo-2.10/zoolist.c 2012-01-11 18:53:32.000000000 +0100
@@ -373,7 +373,7 @@
} else {
if (talking && first_time && !show_name) {/*print archive header */
printf ("Length CF Size Now Date Time\n");
- printf (tot_line);
+ printf ("%s", tot_line);
}
printf ("%8lu %3u%% %8lu %2d %-.3s %02d %02d:%02d:%02d",
direntry.org_size,
@@ -476,7 +476,7 @@
if (talking && !show_name) {
if (!fast && file_count) {
tot_sf = cfactor (tot_org_siz, tot_siz_now);
- printf (tot_line);
+ printf ("%s", tot_line);
printf (tot_fmt, tot_org_siz, tot_sf, tot_siz_now, file_count);
if (file_count > 1)
@@ -486,7 +486,7 @@
if (del_count || expl_ver || expl_deleted || expl_comment ||
expl_star || (show_gen && (zoo_header.type > 0)))
- printf (dashes);
+ printf ("%s", dashes);
}
if (!fast) {
@@ -528,7 +528,7 @@
if (talking && show_name) {
if (file_count) {
tot_sf = cfactor (tot_org_siz, tot_siz_now);
- printf (tot_line);
+ printf ("%s", tot_line);
printf (tot_fmt, tot_org_siz, tot_sf, tot_siz_now, file_count);
if (file_count > 1)
printf ("s\n");
Nur in zoo-2.10: zoolist.c~.
--- End Message ---
--- Begin Message ---
Source: zoo
Source-Version: 2.10-25
We believe that the bug you reported is fixed in the latest version of
zoo, which is due to be installed in the Debian FTP archive:
zoo_2.10-25.debian.tar.gz
to main/z/zoo/zoo_2.10-25.debian.tar.gz
zoo_2.10-25.dsc
to main/z/zoo/zoo_2.10-25.dsc
zoo_2.10-25_amd64.deb
to main/z/zoo/zoo_2.10-25_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jari Aalto <[email protected]> (supplier of updated zoo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 11 Jan 2012 21:54:22 +0200
Source: zoo
Binary: zoo
Architecture: source amd64
Version: 2.10-25
Distribution: unstable
Urgency: low
Maintainer: Jari Aalto <[email protected]>
Changed-By: Jari Aalto <[email protected]>
Description:
zoo - manipulate zoo archives
Closes: 655499
Changes:
zoo (2.10-25) unstable; urgency=low
.
* debian/patches:
- (10, 12, 14, 20): Enable hardened build flags through dpkg-buildflags.
Patches thanks to Moritz Muehlenhoff <[email protected]>.
(Closes: #655499).
Checksums-Sha1:
262d6317a351e388d19e6e473a9b7dffa8d797ed 1159 zoo_2.10-25.dsc
07d2e2a2dbfd5143cc5576c14af657d092dedb43 15922 zoo_2.10-25.debian.tar.gz
123d8b1b80f322c9c6ae4a6a46d88e3517452d34 71930 zoo_2.10-25_amd64.deb
Checksums-Sha256:
d514dfc31a5af060e540e941e9ea8243cfab2b7d728e515527708ceff286dbff 1159
zoo_2.10-25.dsc
4047fd46df55b57f4f4dfa28b289c8ea19ad42d59bc81e27007de2704cb70ec8 15922
zoo_2.10-25.debian.tar.gz
2ea1eca63b98a131b46681cea3c3826f91ce53c33901b0bc9eb637e503cbb235 71930
zoo_2.10-25_amd64.deb
Files:
fcbb3077b2dd1ddf7911fed72f72b6f4 1159 utils optional zoo_2.10-25.dsc
00d52c0f94a4c4ab7685553f508df597 15922 utils optional zoo_2.10-25.debian.tar.gz
87fc29b1e8bb1d1f74326bca32ae79bf 71930 utils optional zoo_2.10-25_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk8Os/IACgkQLARVQsm1XawqFgCeN7E3E7PWZH6BJw1ACINKfepa
4KQAnRfIFgWGf19sCWoceeJyfNM0Itmy
=uPr8
-----END PGP SIGNATURE-----
--- End Message ---
