On Sat, Oct 22, 2011 at 08:38:22PM +0200, Julian Taylor wrote:
> Source: gnome-commander
> Version: 1.2.8.14-1
> Severity: normal
> User: [email protected]
> Usertags: hardening-format-security hardening
>
> the package gnome-commander fails to compile with the new hardened compiler
> flags dpkg-buildflag outputs [0].
> The problematic flag is: -Werror=format-security
> See the ubuntu buildlog:
>
https://launchpadlibrarian.net/83136730/buildlog_ubuntu-precise-i386.gnome-commander_1.2.8.14-1_FAILEDTOBUILD.txt.gz
Thanks for your bugreport.
Attached is a patch that fixes the issue.
Cheers,
Michael
Index: gnome-commander-1.2.8.13/libgcmd/libgcmd-widget-factory.cc
===================================================================
--- gnome-commander-1.2.8.13.orig/libgcmd/libgcmd-widget-factory.cc 2011-10-24 10:44:57.678108798 +0200
+++ gnome-commander-1.2.8.13/libgcmd/libgcmd-widget-factory.cc 2011-10-24 10:45:11.237407452 +0200
@@ -652,7 +652,7 @@
va_end (argptr);
dialog = gtk_message_dialog_new (GTK_WINDOW (main_win_widget), GTK_DIALOG_MODAL,
- GTK_MESSAGE_ERROR, GTK_BUTTONS_OK, string);
+ GTK_MESSAGE_ERROR, GTK_BUTTONS_OK, "%s", string);
gtk_signal_connect (GTK_OBJECT (dialog), "response", GTK_SIGNAL_FUNC (on_response), dialog);
@@ -673,7 +673,7 @@
dialog = gtk_message_dialog_new (
GTK_WINDOW (main_win_widget), GTK_DIALOG_MODAL,
- GTK_MESSAGE_WARNING, GTK_BUTTONS_OK, msg);
+ GTK_MESSAGE_WARNING, GTK_BUTTONS_OK, "%s", msg);
gtk_signal_connect (GTK_OBJECT (dialog), "response",
GTK_SIGNAL_FUNC (on_response), dialog);
