Package: gpe-conf
Version: 0.2.9-1
Severity: serious
Tags: patch wheezy sid
Justification: FTBFS on i386
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch hardening-format-security hardening
Hi,
your package failed to build with the -Wformat-security flag enabled.
Relevant part:
> gcc -DPACKAGE_NAME=\"gpe-conf\" -DPACKAGE_TARNAME=\"gpe-conf\"
> -DPACKAGE_VERSION=\"0.2.9\" -DPACKAGE_STRING=\"gpe-conf\ 0.2.9\"
> -DPACKAGE_BUGREPORT=\"gpe-l...@linuxtogo.org\" -DPACKAGE_URL=\"\"
> -DPACKAGE=\"gpe-conf\" -DVERSION=\"0.2.9\" -DSTDC_HEADERS=1
> -DGETTEXT_PACKAGE=\"gpe-conf\" -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1
> -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1
> -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_LOCALE_H=1
> -DHAVE_LC_MESSAGES=1 -DHAVE_BIND_TEXTDOMAIN_CODESET=1 -DHAVE_GETTEXT=1
> -DHAVE_DCGETTEXT=1 -DENABLE_NLS=1 -I. -pthread -I/usr/include/gtk-2.0
> -I/usr/lib/i386-linux-gnu/gtk-2.0/include -I/usr/include/atk-1.0
> -I/usr/include/cairo -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/pango-1.0
> -I/usr/include/gio-unix-2.0/ -I/usr/include/glib-2.0
> -I/usr/lib/i386-linux-gnu/glib-2.0/include -I/usr/include/pixman-1
> -I/usr/include/freetype2 -I/usr/include/libpng12 -I./gpe -I. -I./modules
> -DPREFIX=\"/usr\" -D_GNU_SOURCE -Wall
-DPACKAGE_LOCALE_DIR=\"/usr/share/locale\" -DVERSION=\"0.2.9\"
-DDBUS_API_SUBJECT_TO_CHANGE -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Wformat-security -g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security
-Wall -c suid.c
> suid.c: In function 'update_system_hostname':
> suid.c:97:2: error: format not a string literal and no format arguments
> [-Werror=format-security]
This was already solved in Ubuntu with the attached patch.
Regards.
-- System Information:
Debian Release: wheezy/sid
APT prefers oneiric-updates
APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500,
'oneiric'), (100, 'oneiric-backports')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-15-generic (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru gpe-conf-0.2.9/debian/patches/format-security.patch gpe-conf-0.2.9/debian/patches/format-security.patch
--- gpe-conf-0.2.9/debian/patches/format-security.patch 1970-01-01 01:00:00.000000000 +0100
+++ gpe-conf-0.2.9/debian/patches/format-security.patch 2012-01-27 14:35:32.000000000 +0100
@@ -0,0 +1,41 @@
+Description: Fix FTBFS with -Wformat-security
+Author: Alessio Treglia <ales...@debian.org>
+Forwarded: no
+---
+ modules/cardinfo.c | 1 +
+ modules/serial.c | 2 +-
+ suid.c | 2 +-
+ 3 files changed, 3 insertions(+), 2 deletions(-)
+
+--- gpe-conf-0.2.9.orig/suid.c
++++ gpe-conf-0.2.9/suid.c
+@@ -94,7 +94,7 @@ update_system_hostname (const gchar * sy
+ return;
+ }
+
+- fprintf (fnew, system_hostname);
++ fprintf (fnew, "%s", system_hostname);
+
+ fclose (fnew);
+ }
+--- gpe-conf-0.2.9.orig/modules/serial.c
++++ gpe-conf-0.2.9/modules/serial.c
+@@ -390,7 +390,7 @@ Serial_Build_Objects (void)
+ FIRST_SERIAL = get_first_serial_port ();
+
+ portlist[0][1] = FIRST_SERIAL;
+- sprintf (cur_port, FIRST_SERIAL);
++ sprintf (cur_port, "%s", FIRST_SERIAL);
+
+ gpsd_installed = !access (GPSD_STARTUP_SCRIPT, F_OK);
+ getty_installed = !access ("/sbin/getty", F_OK);
+--- gpe-conf-0.2.9.orig/modules/cardinfo.c
++++ gpe-conf-0.2.9/modules/cardinfo.c
+@@ -164,6 +164,7 @@ save_config (char *config, int socket)
+ cfg = g_strsplit (config, "\n", 4); // idstr,version,manfid,binding
+ cur_bind = malloc (strlen (st[socket].card.str) - 5); // current driver binding
+ snprintf (cur_bind, strlen (st[socket].card.str) - 6,
++ "%s",
+ st[socket].card.str + 3);
+
+ /* determine config file type */
diff -Nru gpe-conf-0.2.9/debian/patches/series gpe-conf-0.2.9/debian/patches/series
--- gpe-conf-0.2.9/debian/patches/series 2009-12-17 22:02:35.000000000 +0100
+++ gpe-conf-0.2.9/debian/patches/series 2012-01-27 13:52:10.000000000 +0100
@@ -1 +1,2 @@
desktop-validity
+format-security.patch
