Bug#646264: gnome-commander: FTBFS with -Werror=format-security
On Sat, Oct 22, 2011 at 08:38:22PM +0200, Julian Taylor wrote: Source: gnome-commander Version: 1.2.8.14-1 Severity: normal User: debian...@lists.debian.org Usertags: hardening-format-security hardening the package gnome-commander fails to compile with the new hardened compiler flags dpkg-buildflag outputs [0]. The problematic flag is: -Werror=format-security See the ubuntu buildlog: https://launchpadlibrarian.net/83136730/buildlog_ubuntu-precise-i386.gnome-commander_1.2.8.14-1_FAILEDTOBUILD.txt.gz Thanks for your bugreport. Attached is a patch that fixes the issue. Cheers, Michael Index: gnome-commander-1.2.8.13/libgcmd/libgcmd-widget-factory.cc === --- gnome-commander-1.2.8.13.orig/libgcmd/libgcmd-widget-factory.cc 2011-10-24 10:44:57.678108798 +0200 +++ gnome-commander-1.2.8.13/libgcmd/libgcmd-widget-factory.cc 2011-10-24 10:45:11.237407452 +0200 @@ -652,7 +652,7 @@ va_end (argptr); dialog = gtk_message_dialog_new (GTK_WINDOW (main_win_widget), GTK_DIALOG_MODAL, - GTK_MESSAGE_ERROR, GTK_BUTTONS_OK, string); + GTK_MESSAGE_ERROR, GTK_BUTTONS_OK, %s, string); gtk_signal_connect (GTK_OBJECT (dialog), response, GTK_SIGNAL_FUNC (on_response), dialog); @@ -673,7 +673,7 @@ dialog = gtk_message_dialog_new ( GTK_WINDOW (main_win_widget), GTK_DIALOG_MODAL, -GTK_MESSAGE_WARNING, GTK_BUTTONS_OK, msg); +GTK_MESSAGE_WARNING, GTK_BUTTONS_OK, %s, msg); gtk_signal_connect (GTK_OBJECT (dialog), response, GTK_SIGNAL_FUNC (on_response), dialog);
Bug#646264: gnome-commander: FTBFS with -Werror=format-security
Source: gnome-commander Version: 1.2.8.14-1 Severity: normal User: debian...@lists.debian.org Usertags: hardening-format-security hardening the package gnome-commander fails to compile with the new hardened compiler flags dpkg-buildflag outputs [0]. The problematic flag is: -Werror=format-security See the ubuntu buildlog: https://launchpadlibrarian.net/83136730/buildlog_ubuntu-precise-i386.gnome-commander_1.2.8.14-1_FAILEDTOBUILD.txt.gz Snippet: libtool: compile: g++ -DHAVE_CONFIG_H -I. -I.. -Wall -DORBIT2=1 -pthread -D_REENTRANT -I/usr/include/gtk-2.0 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/pango-1.0 -I/usr/include/gail-1.0 -I/usr/include/freetype2 -I/usr/include/atk-1.0 -I/usr/lib/x86_64-linux-gnu/gtk-2.0/include -I/usr/include/pixman-1 -I/usr/include/libpng12 -I/usr/include/libgnomeui-2.0 -I/usr/include/libart-2.0 -I/usr/include/gconf/2 -I/usr/include/gnome-keyring-1 -I/usr/include/libgnome-2.0 -I/usr/include/libbonoboui-2.0 -I/usr/include/libgnomecanvas-2.0 -I/usr/include/gnome-vfs-2.0 -I/usr/lib/gnome-vfs-2.0/include -I/usr/include/orbit-2.0 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/libbonobo-2.0 -I/usr/include/bonobo-activation-2.0 -I/usr/include/libxml2 -I/usr/include/cairo -I/usr/include/gio-unix-2.0/ -pthread -DORBIT2=1 -I/usr/include/gnome-vfs-2.0 -I/usr/lib/gnome-vfs-2.0/include -I/usr/include/gconf/2 -I/usr/include/orbit-2.0 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -c libgcmd-data.cc -o libgcmd-data.o /dev/null 21 libgcmd-widget-factory.cc: In function 'GtkWidget* create_stock_button_with_data(GtkWidget*, gconstpointer, GtkSignalFunc, gpointer)': libgcmd-widget-factory.cc:293:84: warning: deprecated conversion from string constant to 'gchar* {aka char*}' [-Wwrite-strings] libgcmd-widget-factory.cc: In function 'void create_error_dialog(const gchar*, ...)': libgcmd-widget-factory.cc:655:79: error: format not a string literal and no format arguments [-Werror=format-security] libgcmd-widget-factory.cc: In function 'void create_warning_dialog(const gchar*, ...)': libgcmd-widget-factory.cc:676:49: error: format not a string literal and no format arguments [-Werror=format-security] The buildflags are not exported in debian, but can be enabled e.g. by adding this to debian/rules: DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk Please fix the issues and maybe also enable the hardened build in debian. [0] http://lists.debian.org/debian-devel-announce/2011/09/msg1.html signature.asc Description: OpenPGP digital signature