Debian Bug report logs - #643420
libcsoap: FTBFS: nanohttp-logging.c:137:7: error: format not a string literal and no format arguments [-Werror=format-security]

version graph

Package: src:libcsoap; Maintainer for src:libcsoap is Russell Coker <russell@coker.com.au>;

Reported by: Didier Raboud <odyx@debian.org>

Date: Tue, 27 Sep 2011 12:38:12 UTC

Severity: serious

Tags: patch, sid, wheezy

Found in version libcsoap/1.1.0-17

Fixed in version libcsoap/1.1.0-17.1

Done: Ana Beatriz Guerrero Lopez <ana@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Russell Coker <russell@coker.com.au>:
Bug#643420; Package src:libcsoap. (Tue, 27 Sep 2011 12:38:17 GMT) Full text and rfc822 format available.

Acknowledgement sent to Didier Raboud <odyx@debian.org>:
New Bug report received and forwarded. Copy sent to Russell Coker <russell@coker.com.au>. (Tue, 27 Sep 2011 12:38:18 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Didier Raboud <odyx@debian.org>
To: submit@bugs.debian.org
Subject: libcsoap: FTBFS: nanohttp-logging.c:137:7: error: format not a string literal and no format arguments [-Werror=format-security]
Date: Tue, 27 Sep 2011 14:32:09 +0200
Source: libcsoap
Version: 1.1.0-17
Severity: serious
Tags: wheezy sid
User: debian-qa@lists.debian.org
Usertags: qa-ftbfs-20110923 qa-ftbfs hardening-format-security hardening
Justification: FTBFS on amd64

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64.

Relevant part:
> /bin/bash ../libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I..    -I.. -pthread -g -O2 -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wall -I/usr/include/libxml2 -I/usr/include/openssl -c -o libnanohttp_la-nanohttp-logging.lo `test -f 'nanohttp-logging.c' || echo './'`nanohttp-logging.c
> libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I.. -pthread -g -O2 -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wall -I/usr/include/libxml2 -I/usr/include/openssl -c nanohttp-logging.c  -fPIC -DPIC -o .libs/libnanohttp_la-nanohttp-logging.o
> nanohttp-logging.c: In function '_log_write':
> nanohttp-logging.c:137:7: error: format not a string literal and no format arguments [-Werror=format-security]
> nanohttp-logging.c:148:9: error: format not a string literal and no format arguments [-Werror=format-security]
> cc1: some warnings being treated as errors
> 
> make[3]: *** [libnanohttp_la-nanohttp-logging.lo] Error 1

The full build log is available from:
   http://people.debian.org/~lucas/logs/2011/09/23/libcsoap_1.1.0-17_lsid64.buildlog

This happened because since dpkg 1.16.0 [0], hardening flags are enabled 
under various conditions.

[0] http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html

A list of current common problems and possible solutions is available at 
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on about 50 AMD64 nodes
of the Grid'5000 platform, using a clean chroot.  Internet was not
accessible from the build systems.




Information forwarded to debian-bugs-dist@lists.debian.org, Russell Coker <russell@coker.com.au>:
Bug#643420; Package src:libcsoap. (Sat, 03 Dec 2011 23:15:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ana Guerrero Lopez <ana@debian.org>:
Extra info received and forwarded to list. Copy sent to Russell Coker <russell@coker.com.au>. (Sat, 03 Dec 2011 23:15:03 GMT) Full text and rfc822 format available.

Message #10 received at 643420@bugs.debian.org (full text, mbox):

From: Ana Guerrero Lopez <ana@debian.org>
To: 643420@bugs.debian.org
Subject: libcsoap: diff for NMU version 1.1.0-17.1
Date: Sun, 4 Dec 2011 00:13:20 +0100
[Message part 1 (text/plain, inline)]
tags 643420 + patch
tags 643420 + pending
thanks

Dear maintainer,

I've prepared an NMU for libcsoap (versioned as 1.1.0-17.1) and
uploaded it. Please find attached the diff.

Regards,
Ana
[libcsoap-1.1.0-17.1-nmu.diff (text/x-diff, attachment)]

Added tag(s) patch. Request was from Ana Guerrero Lopez <ana@debian.org> to control@bugs.debian.org. (Sat, 03 Dec 2011 23:15:05 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Ana Guerrero Lopez <ana@debian.org> to control@bugs.debian.org. (Sat, 03 Dec 2011 23:15:06 GMT) Full text and rfc822 format available.

Reply sent to Ana Beatriz Guerrero Lopez <ana@debian.org>:
You have taken responsibility. (Sat, 03 Dec 2011 23:36:09 GMT) Full text and rfc822 format available.

Notification sent to Didier Raboud <odyx@debian.org>:
Bug acknowledged by developer. (Sat, 03 Dec 2011 23:36:09 GMT) Full text and rfc822 format available.

Message #19 received at 643420-close@bugs.debian.org (full text, mbox):

From: Ana Beatriz Guerrero Lopez <ana@debian.org>
To: 643420-close@bugs.debian.org
Subject: Bug#643420: fixed in libcsoap 1.1.0-17.1
Date: Sat, 03 Dec 2011 23:34:02 +0000
Source: libcsoap
Source-Version: 1.1.0-17.1

We believe that the bug you reported is fixed in the latest version of
libcsoap, which is due to be installed in the Debian FTP archive:

libcsoap-dev_1.1.0-17.1_amd64.deb
  to main/libc/libcsoap/libcsoap-dev_1.1.0-17.1_amd64.deb
libcsoap1-dbg_1.1.0-17.1_amd64.deb
  to main/libc/libcsoap/libcsoap1-dbg_1.1.0-17.1_amd64.deb
libcsoap1_1.1.0-17.1_amd64.deb
  to main/libc/libcsoap/libcsoap1_1.1.0-17.1_amd64.deb
libcsoap_1.1.0-17.1.dsc
  to main/libc/libcsoap/libcsoap_1.1.0-17.1.dsc
libcsoap_1.1.0-17.1.tar.gz
  to main/libc/libcsoap/libcsoap_1.1.0-17.1.tar.gz
libnanohttp-dev_1.1.0-17.1_amd64.deb
  to main/libc/libcsoap/libnanohttp-dev_1.1.0-17.1_amd64.deb
libnanohttp1-dbg_1.1.0-17.1_amd64.deb
  to main/libc/libcsoap/libnanohttp1-dbg_1.1.0-17.1_amd64.deb
libnanohttp1_1.1.0-17.1_amd64.deb
  to main/libc/libcsoap/libnanohttp1_1.1.0-17.1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 643420@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ana Beatriz Guerrero Lopez <ana@debian.org> (supplier of updated libcsoap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 04 Dec 2011 00:08:29 +0100
Source: libcsoap
Binary: libcsoap-dev libnanohttp-dev libnanohttp1-dbg libcsoap1-dbg libnanohttp1 libcsoap1
Architecture: source amd64
Version: 1.1.0-17.1
Distribution: unstable
Urgency: low
Maintainer: Russell Coker <russell@coker.com.au>
Changed-By: Ana Beatriz Guerrero Lopez <ana@debian.org>
Description: 
 libcsoap-dev - development header files for CSOAP library
 libcsoap1  - shared CSOAP library for SOAP client/server in C
 libcsoap1-dbg - shared CSOAP library for SOAP client/server in C
 libnanohttp-dev - shared nanohttp header files for SOAP server apps in C
 libnanohttp1 - shared nanohttp library from CSOAP package
 libnanohttp1-dbg - shared nanohttp library from CSOAP package
Closes: 643420
Changes: 
 libcsoap (1.1.0-17.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Fix FTBFS with flag -Werror=format-security. (Closes: #643420)
Checksums-Sha1: 
 723872177ca9759e45319d7417bc484af295a48c 1791 libcsoap_1.1.0-17.1.dsc
 27b8f012d2db3b58c63d82068075d3d373093155 488752 libcsoap_1.1.0-17.1.tar.gz
 b16e8bcd9646cd518d17bf81e95c665697ec7fe2 73020 libcsoap-dev_1.1.0-17.1_amd64.deb
 42dcc8fc9a7966ea5d90e4d713ace0900c858a75 54534 libnanohttp-dev_1.1.0-17.1_amd64.deb
 da3917ff9a4db956225f3dfb2fab65e7f0e41b4e 73788 libnanohttp1-dbg_1.1.0-17.1_amd64.deb
 5cf1bcbf44bd3ddfc4f6fc2329df1a3fce15ed2a 41928 libcsoap1-dbg_1.1.0-17.1_amd64.deb
 82c05c9911fa527c0c5357e5c636317c58c22023 39404 libnanohttp1_1.1.0-17.1_amd64.deb
 46ddb8b0e1edd0423a45f174d0047fdb18305951 21318 libcsoap1_1.1.0-17.1_amd64.deb
Checksums-Sha256: 
 03616f67ab4c21b90686ef3de034f5bac1ce2b07adf1b29f309d05f1a56724ba 1791 libcsoap_1.1.0-17.1.dsc
 e9e30e4c6c61c655d1e15b06de08982fb29d050316b4042495d6649e37c0a40e 488752 libcsoap_1.1.0-17.1.tar.gz
 9d158eda708a07358c4fbfc9d318153ce534ac340c88b2931bb76cef50ccfd15 73020 libcsoap-dev_1.1.0-17.1_amd64.deb
 0e5852ee5755c399fd0e3096c90c1d9c23b61941682afe0d9911dc069cdb23d7 54534 libnanohttp-dev_1.1.0-17.1_amd64.deb
 75c8b69a4b1c38f3a997b9559803911fdf7e764a4eb87ca930aad321fd0a5ab3 73788 libnanohttp1-dbg_1.1.0-17.1_amd64.deb
 5d62a2bbb4382db53477445d5251da73a7d5ea4c022c8a80ab178b4727b45dd5 41928 libcsoap1-dbg_1.1.0-17.1_amd64.deb
 7ed05cacdecaf46c34f7314a15083abc9e4b226df72d557f1e50234755ef11fd 39404 libnanohttp1_1.1.0-17.1_amd64.deb
 2873d3ee6163d7aece81e9cfeb6a5fa81b17af8fc7113336dc8d5361c1a6c583 21318 libcsoap1_1.1.0-17.1_amd64.deb
Files: 
 38846d28197d729e08049d873863f91e 1791 libs optional libcsoap_1.1.0-17.1.dsc
 366bcb2163a3cd48f5675d2e7c014caa 488752 libs optional libcsoap_1.1.0-17.1.tar.gz
 ecfa3b6297d4b3013783269970c92ff7 73020 libdevel optional libcsoap-dev_1.1.0-17.1_amd64.deb
 d6f58fdeb2193b642214a3168a71851f 54534 libdevel optional libnanohttp-dev_1.1.0-17.1_amd64.deb
 075728312deb5c551840cacbbf811226 73788 debug extra libnanohttp1-dbg_1.1.0-17.1_amd64.deb
 6a372ad5bc7a50bfc4fc9001ac98a6f5 41928 debug extra libcsoap1-dbg_1.1.0-17.1_amd64.deb
 05550c42870174f0c7077187ae8e55fb 39404 libs optional libnanohttp1_1.1.0-17.1_amd64.deb
 ac69988e862108a117bc28047ea7341c 21318 libs optional libcsoap1_1.1.0-17.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Signed by Ana Guerrero

iQIcBAEBCAAGBQJO2q1vAAoJELNGT4lqoVlIcJIQAJDSoqXVgPHOJiOgqXDXT+zv
JG3TWsiTkIYBWfhJGhZ6phNBoMd8rrCe+PIBw3efTTwIlbwEUTOYsiptZUYn3yUd
ylD+Z0dDRAber5FRrzE1U4LzkC2/IGckIFC4+oEvq3mpQcSvxFwRNF+7DubzPIsa
OKDsnI9wp9DuBF5hFNA9JDNX7OV0HPfh573NktNNyDiJHpsh0VqnexDmhxCa/8Zu
wD1ZcKB6yMJ0kfr7eec15ncatOx2CmmbhpoLanYi0qXFZkcQ0bLQBaL0MxzP+eEb
8bNa02gvMOXEj8kTU3rB5mh1u4BOoQZSR3+hn3LT4rd0pGFJJJkABeEaDZ42TsrT
44zsg9kWFTv/r+/b4QDptzrYipheiMmWUJolMsxhQIMjN9Sb13tMm8V+3EoW5kuw
5ovOHKV4J5twd27U0gdo5aXgopVO7Qy/c9znPGoMcZWExOV88hgrV+8ZTVmG4HCg
BuPbSW0V1Ic93njIObS0+DBhx/94wwB1Avqs7AEf/TbUrJ3bq3NFmYb7+eZYUw02
4SDZbrQxroEjq2L1lFZrpcApVIGx32/+vM4H7csHDqqkfmrr5zuozbRTyTDkDIEZ
8w3bInKapTic3THr92ZgMs9ZqkcTbINY+bwMdRLOI5JwUMe1S1N5yCOTpRqHAE64
9imRrrdt8D6mWO1Mnq/Y
=mANf
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 14 Mar 2012 07:56:46 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 07:52:48 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.