Source: deng Version: 1.9.0-beta6.9+dfsg1-2 Severity: normal User: [email protected] Usertags: hardening-format-security hardening
the package deng fails to compile with the new hardened compiler flags dpkg-buildflag outputs. The problematic flag is: -Werror=format-security See the ubuntu buildlog: https://launchpadlibrarian.net/83126261/buildlog_ubuntu-precise-i386.deng_1.9.0-beta6.9%2Bdfsg1-2_FAILEDTOBUILD.txt.gz Snippet: /build/buildd/deng-1.9.0-beta6.9+dfsg1/doomsday/plugins/jdoom/src/m_cheat.c: In function 'printDebugInfo': /build/buildd/deng-1.9.0-beta6.9+dfsg1/doomsday/plugins/jdoom/src/m_cheat.c:492:5: error: format not a string literal and no format arguments [-Werror=format-security] cc1: some warnings being treated as errors The buildflags are not used in debian, but can be enabled e.g. with this patch: --- deng-1.9.0-beta6.9+dfsg1/debian/rules 2011-10-22 19:11:59.000000000 +0200 +++ deng-1.9.0-beta6.9+dfsg1/debian/rules 2011-10-22 19:43:49.017907566 +0200 @@ -9,7 +9,7 @@ dh_testdir # Add here commands to configure the package. mkdir doomsdaybuild - cd doomsdaybuild && cmake -DCMAKE_INSTALL_PREFIX=/usr $(CURDIR)/doomsday + cd doomsdaybuild && $(shell dpkg-buildflags --export=configure) cmake -DCMAKE_INSTALL_PREFIX=/usr $(CURDIR)/doomsday touch configure-stamp The fix is simple too: e.g. Con_Message(textBuffer); -> Con_Message("%s", textBuffer); Please fix the issues and maybe also enable the hardened build in debian.
signature.asc
Description: OpenPGP digital signature
