Bug#661381: marked as done (libberkeleydb-perl: FTBFS with hardening flags enabled: -Werror=format-security)

[Debian Bug Tracking System]

Your message dated Mon, 14 May 2012 03:57:44 +0000
with message-id <e1stmpo-0001k1...@franck.debian.org>
and subject line Bug#661381: fixed in libberkeleydb-perl 0.51-1
has caused the Debian Bug report #661381,
regarding libberkeleydb-perl: FTBFS with hardening flags enabled: 
-Werror=format-security
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
661381: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661381
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: libberkeleydb-perl
Severity: normal
Version: 0.49-1

With hardening flags enabled, this package FTBFS:

BerkeleyDB.xs: In function 'softCrash':
BerkeleyDB.xs:948:5: error: format not a string literal and no format arguments 
[-Werror=format-security]

(this is the first error of this type seen: it's possible that there
could be others once this is fixed).

A likely fix is to change croak(var) to croak("%s", var)[1].

Note that I haven't verified whether an externally-controlled string is
used; if so, it would be appropriate to upgrade this bug RC severity
with the security tag[2].

Thanks,
Dominic.

[1] <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657853#92>
[2] <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657853#117>

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

--- End Message ---

--- Begin Message ---

Source: libberkeleydb-perl
Source-Version: 0.51-1

We believe that the bug you reported is fixed in the latest version of
libberkeleydb-perl, which is due to be installed in the Debian FTP archive:

libberkeleydb-perl_0.51-1.debian.tar.xz
  to main/libb/libberkeleydb-perl/libberkeleydb-perl_0.51-1.debian.tar.xz
libberkeleydb-perl_0.51-1.dsc
  to main/libb/libberkeleydb-perl/libberkeleydb-perl_0.51-1.dsc
libberkeleydb-perl_0.51-1_i386.deb
  to main/libb/libberkeleydb-perl/libberkeleydb-perl_0.51-1_i386.deb
libberkeleydb-perl_0.51.orig.tar.gz
  to main/libb/libberkeleydb-perl/libberkeleydb-perl_0.51.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 661...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marco d'Itri <m...@linux.it> (supplier of updated libberkeleydb-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 14 May 2012 03:44:44 +0200
Source: libberkeleydb-perl
Binary: libberkeleydb-perl
Architecture: source i386
Version: 0.51-1
Distribution: unstable
Urgency: low
Maintainer: Marco d'Itri <m...@linux.it>
Changed-By: Marco d'Itri <m...@linux.it>
Description: 
 libberkeleydb-perl - use Berkeley DB databases from Perl
Closes: 661381
Changes: 
 libberkeleydb-perl (0.51-1) unstable; urgency=low
 .
   * Support dpkg-buildflags.
   * Fix hardened builds. (Closes: #661381)
Checksums-Sha1: 
 1216ec31d6b5dd99ae77e82c0f6d82995f64d1fd 1123 libberkeleydb-perl_0.51-1.dsc
 913b0b361e3de1967c821a21a4db823f6179e2b3 196814 
libberkeleydb-perl_0.51.orig.tar.gz
 e6b0c4919afffa93a0f49b30396915974757b99a 3824 
libberkeleydb-perl_0.51-1.debian.tar.xz
 993b352989decc2e24ad9b49203eb479ad76c550 155708 
libberkeleydb-perl_0.51-1_i386.deb
Checksums-Sha256: 
 d325af43dae944b1e5559d06d9119524e835cebb0df5394d7ca84c847b627594 1123 
libberkeleydb-perl_0.51-1.dsc
 48363c65a8f6a07c88fcb8ef25cedde14d5c58bc63d1b9f76919fff38c02e12b 196814 
libberkeleydb-perl_0.51.orig.tar.gz
 49c0152f616fef53ec6a6a70eeeec57d937b4ca20be2fc4e6fa1b847414295f6 3824 
libberkeleydb-perl_0.51-1.debian.tar.xz
 8cfceda278f441d41df4ba2beffcf5b7689f7643b687c50794628ef1b2ec756d 155708 
libberkeleydb-perl_0.51-1_i386.deb
Files: 
 1fe73f4246fc6041f2dbf6a48a0161f4 1123 perl optional 
libberkeleydb-perl_0.51-1.dsc
 50d0d18227a6568e2557a1b1b33f8f55 196814 perl optional 
libberkeleydb-perl_0.51.orig.tar.gz
 e41f91c4a25a8ae34f7089d97d59649e 3824 perl optional 
libberkeleydb-perl_0.51-1.debian.tar.xz
 98abe34bec4ea54ee1d904ac854bae77 155708 perl optional 
libberkeleydb-perl_0.51-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk+waiMACgkQFGfw2OHuP7HksQCeO78HqCBl8cNYtVPwBZWIStPW
peMAoIwhEnwAb5o+aT/XGiNDF+i5gSTM
=c7PU
-----END PGP SIGNATURE-----

--- End Message ---