The package clearsilver fails to compile with -Werror=format-security

Question

The package clearsilver fails to compile with -Werror=format-security

GoogleCodeExporter opened this issue 9 years ago · 0 comments

GoogleCodeExporter commented 9 years ago

The package clearsilver fails to compile with the new hardened compiler
flags dpkg-buildflag outputs [0].
The problematic flag is: -Werror=format-security
See the ubuntu buildlog:
https://launchpadlibrarian.net/85252523/buildlog_ubuntu-precise-i386.clearsilver
_0.10.5-1.2_FAILEDTOBUILD.txt.gz

Snippet:
 neo_cgi.c: In function 'p_cgi_error':
 neo_cgi.c:181:3: error: format not a string literal and no format arguments [-Werror=format-security]
 cc1: some warnings being treated as errors


The problem bould be solved with:

--- a/python/neo_cgi.c
+++ b/python/neo_cgi.c
@@ -178,7 +178,7 @@
   if (!PyArg_ParseTuple(args, "s:error(str)", &s))
     return NULL;

-  cgi_error (cgi, s);
+  cgi_error (cgi, "%s", s);
   rv = Py_None;
   Py_INCREF(rv);
   return rv;


Please, apply this patch as soon as possible.


Best regards,
Leo Iannacone



[0] http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html


-- System Information:
Debian Release: wheezy/sid
  APT prefers oneiric
  APT policy: (500, 'oneiric')
Architecture: i386 (i686)

Kernel: Linux 3.0.0-12-generic (SMP w/2 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Original issue reported on code.google.com by leo.iann...@gmail.com on 19 Nov 2011 at 10:23

Attachments:

fix-cgi-error-format-security.patch