Package: libdumbnet Version: 1.12-4 Usertags: goto-cc During a rebuild of all packages in a clean sid chroot (and cowbuilder+pbuilder) the build failed with the following error. Please note that we use our research compiler tool-chain (using tools from the cbmc package), which permits extended reporting on type inconsistencies at link time. [...] libtool: link: gcc -shared -fPIC -DPIC .libs/addr-util.o .libs/addr.o .libs/blob.o .libs/ip-util.o .libs/ip6.o .libs/rand.o .libs/strlcat.o .libs/strlcpy.o .libs/arp-ioctl.o .libs/eth-linux.o .libs/fw-none.o .libs/intf.o .libs/ip.o .libs/route-linux.o .libs/tun-linux.o -O2 -Wl,-soname -Wl,libdumbnet.so.1 -o .libs/libdumbnet.so.1.0.1 error: conflicting function declarations "strlcpy" old definition in module strlcpy file strlcpy.c line 43 unsigned long int (char *dst, const char *src, unsigned long int siz) new definition in module arp-ioctl file ../include/config.h line 297 signed int (char *, const char *, signed int) Makefile:399: recipe for target 'libdumbnet.la' failed make[2]: *** [libdumbnet.la] Error 64 make[2]: Leaving directory '/srv/jenkins-slave/workspace/sid-goto-cc-libdumbnet/libdumbnet-1.12/src' Makefile:460: recipe for target 'all-recursive' failed While only the first error is reported, the following similarly holds for strlcat: The declarations in config.h.in need to use size_t as type of the last argument as all systems with sizeof(size_t)>sizeof(int) may see arbitrary values for the high bytes of the argument. Consequently strlcpy/strlcat may overflow. Likely this is not remote controllable, but security considerations should apply. Best, Michael
Attachment:
pgpD_Mvk7Hkf_.pgp
Description: PGP signature