Your message dated Thu, 09 Oct 2014 13:50:09 +0000
with message-id <[email protected]>
and subject line Bug#646327: fixed in libbs2b 3.1.0+dfsg-2.1
has caused the Debian Bug report #646327,
regarding libbs2b: FTBFS with -Werror=format-security
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
646327: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646327
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libbs2b
Version: 3.1.0+dfsg-2
Severity: serious
Tags: upstream patch
Justification: fails to build from source (but built successfully in the past)
User: [email protected]
Usertags: hardening-format-security
The package fails to build with -Werror=format-security compiler option.
Build log in Ubuntu:
https://launchpadlibrarian.net/83194981/buildlog_ubuntu-precise-i386.libbs2b_3.1.0%2Bdfsg-2_FAILEDTOBUILD.txt.gz
See also:
http://wiki.debian.org/Hardening
http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html
Patch from Ubuntu follows.
https://launchpad.net/ubuntu/+source/libbs2b/3.1.0+dfsg-2ubuntu1
Description: fix FTBFS with -Werror=format-security
Author: Ilya Barygin <[email protected]>
--- libbs2b-3.1.0+dfsg.orig/src/bs2bconvert.c
+++ libbs2b-3.1.0+dfsg/src/bs2bconvert.c
@@ -153,7 +153,7 @@ int main( int argc, char *argv[] )
if( ( infile = sf_open( infilename, SFM_READ, &sfinfo ) ) == NULL )
{
printf( "Not able to open input file %s.\n", infilename );
- printf( sf_strerror( NULL ) );
+ printf( "%s", sf_strerror( NULL ) );
return 1;
}
-- System Information:
Debian Release: wheezy/sid
APT prefers oneiric-updates
APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500,
'oneiric-proposed'), (500, 'oneiric'), (100, 'oneiric-backports')
Architecture: i386 (i686)
Kernel: Linux 3.0.0-13-generic (SMP w/2 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: libbs2b
Source-Version: 3.1.0+dfsg-2.1
We believe that the bug you reported is fixed in the latest version of
libbs2b, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Michael Green <[email protected]> (supplier of updated libbs2b package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 04 Oct 2014 11:23:37 +0000
Source: libbs2b
Binary: libbs2b0 libbs2b-dev
Architecture: source amd64
Version: 3.1.0+dfsg-2.1
Distribution: unstable
Urgency: medium
Maintainer: Andrew Gainer <[email protected]>
Changed-By: Peter Michael Green <[email protected]>
Description:
libbs2b-dev - Bauer stereophonic-to-binaural DSP library development files
libbs2b0 - Bauer stereophonic-to-binaural DSP library
Closes: 646327 702090 727396
Changes:
libbs2b (3.1.0+dfsg-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Use dh-autoreconf to update autotools stuff for new ports (Closes: #702090,
#727396).
* Apply patch from Andrew Gainer over at ubuntu to make autoreconf actually
work.
* Apply "format security" warning/error fix from Ilya Barygin. I don't think
it will actually cause a security issue in this context and i'm not sure if
it will cause a FTBFS in debian (apparently it didn't back in 2011) but
it's
certainly horrible coding practice to pass a string that is not explicitly
intended to be a format string to the first parameter of a printf so may
as well fix it. (Closes: #646327)
* Remove config.log manually in clean target, it doesn't seem to get removed
automatically in all situations (in particular it was left behind when
retrying a build after configure failed).
Checksums-Sha1:
81b42517c9ee7927d8dc38c7c540a0b6c24eae42 1960 libbs2b_3.1.0+dfsg-2.1.dsc
daa37ff51a1835cbcc49246c4583007168de1a32 4484
libbs2b_3.1.0+dfsg-2.1.debian.tar.xz
98d2affac18f11a14d64ea83a808b967acde8ed5 11702
libbs2b0_3.1.0+dfsg-2.1_amd64.deb
a4f7fb38dba52b43640fc85b4d7ce2f8e1444246 13204
libbs2b-dev_3.1.0+dfsg-2.1_amd64.deb
Checksums-Sha256:
42c5c55e14cfecdd32823fa3b77f8d4a822a5d3f9f474f4c807c1027d2d05c1f 1960
libbs2b_3.1.0+dfsg-2.1.dsc
f05f184b1e09b23a9d167d4809273660883a15131b142ef1ba353addb992de26 4484
libbs2b_3.1.0+dfsg-2.1.debian.tar.xz
50d02bed0c6fb02bc4c649fd02e4d9966145ebffebf2cc8076d22cf862ef7805 11702
libbs2b0_3.1.0+dfsg-2.1_amd64.deb
262720fdcac34d780ddbca079129c7341a9f6199d2b26197d4fbaffa313828a8 13204
libbs2b-dev_3.1.0+dfsg-2.1_amd64.deb
Files:
6e6fdcd6a5c216c543c352a825da9042 11702 libs extra
libbs2b0_3.1.0+dfsg-2.1_amd64.deb
a36382858ff0611ad7ecced885ade206 13204 libdevel extra
libbs2b-dev_3.1.0+dfsg-2.1_amd64.deb
881d357ca6dcaa021f4c1b281b674fbf 1960 libs extra libbs2b_3.1.0+dfsg-2.1.dsc
eca9d555d58222209a34481e41245f98 4484 libs extra
libbs2b_3.1.0+dfsg-2.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJUL/M9AAoJEAxI6ip6j/179YIP/A8wVGHbquBYX4Wjk3yWKmmD
RdGMdPsJvgD+08jB94wK+PInP0s23VfaQx5wnFS17DvfFNNOPCILw4mE2X9KEUFT
BLAllsgme7gTRX5iyzgkzFx7g/bN4hMv6jvrKo38MqDTadmGSpSD34lW0DXLGV9p
NFoS0hmcC9z5t2/jYc8N7sh3df7Jtqr5W/QUblFvaccdO1xdyMgFv8dRXkVR08fN
OIvzufUFbLhzeM17xmcew2KVqJXvgahHKrbNSZD/QpgMpgqPO/Bv3sBe3dqvNmaB
h+tY7r2KiZYXqM/yTBzbwnfMdIEgY9wk2IbJzn+rpqBa5lT4g9dskqeyepIR7UQi
im66UO4QMejfeWRNU/dr3+HJ7fDHfkqad8/Hk/mn7mTu6Ny9BQsq4+LmoZwJJqkD
mAdi1lkwSr0ESfVHImrjSFa3Hn08lMn/sAHl9Qbt5wBjN/y38rlJRu50cKkmkz6G
Djo6FBdCD55pWUPE6jlRQzDaHEk3kLUehlMW+sVEQ80jE+yayb7m5qegrZi+ZT7x
kIPK4jadIVQxItd4Z52v1w1veEIxEAfB/xylWtgkVlGlH1/2GR+cufwmjlqLeok+
xAuCkLylrLxFrJqnnqHkT3PSJQD81w1uhoH4NDAZMj3X1KJ4YpT1P+cZh8uJhjEH
fx8GIXClgKbQ16AjQv1K
=v9FP
-----END PGP SIGNATURE-----
--- End Message ---
