Bug#643352: arpalert: FTBFS: ./log.c:122:3: error: format not a string literal and no format arguments [-Werror=format-security]
Source: arpalert
Version: 2.0.11-7
Severity: serious
Tags: wheezy sid
User: debian-qa@lists.debian.org
Usertags: qa-ftbfs-20110923 qa-ftbfs hardening-format-security hardening
Justification: FTBFS on amd64
Hi,
During a rebuild of all packages in sid, your package failed to build on
amd64.
Relevant part:
> x86_64-linux-gnu-gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wall -DCONFIG_FILE=\"/etc/arpalert/arpalert.conf\" -DPID_FILE=\"/var/run/arpalert.pid\" -c -o sens_timeouts.o ./sens_timeouts.c
> ./loadconfig.c: In function 'convert_octal':
> ./loadconfig.c:608:6: warning: variable 'i' set but not used [-Wunused-but-set-variable]
> ./loadmodule.c: In function 'alerte_mod':
> ./loadmodule.c:140:12: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
> ./log.c: In function 'logmsg':
> ./log.c:122:3: error: format not a string literal and no format arguments [-Werror=format-security]
> ./sens_timeouts.c: In function 'sens_timeout_add':
> ./sens_timeouts.c:131:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
> ./sens_timeouts.c: In function 'sens_timeout_exist':
> ./sens_timeouts.c:153:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
> ./loadconfig.c: In function 'set_option':
> ./loadconfig.c:813:33: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
> cc1: some warnings being treated as errors
>
> make[1]: *** [log.o] Error 1
The full build log is available from:
http://people.debian.org/~lucas/logs/2011/09/23/arpalert_2.0.11-7_lsid64.buildlog
This happened because since dpkg 1.16.0 [0], hardening flags are enabled
under various conditions.
[0] http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html
A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!
About the archive rebuild: The rebuild was done on about 50 AMD64 nodes
of the Grid'5000 platform, using a clean chroot. Internet was not
accessible from the build systems.
Reply to: