Your message dated Sat, 31 Dec 2011 21:32:12 +0000
with message-id <e1rh6xe-0002qa...@franck.debian.org>
and subject line Bug#649322: fixed in clearsilver 0.10.5-1.3
has caused the Debian Bug report #649322,
regarding clearsilver: FTBFS with -Werror=format-security
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
649322: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649322
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Subject: clearsilver: FTBFS with -Werror=format-security
Package: clearsilver
Severity: normal
The package clearsilver fails to compile with the new hardened compiler
flags dpkg-buildflag outputs [0].
The problematic flag is: -Werror=format-security
See the ubuntu buildlog:
https://launchpadlibrarian.net/85252523/buildlog_ubuntu-precise-i386.clearsilver_0.10.5-1.2_FAILEDTOBUILD.txt.gz
Snippet:
neo_cgi.c: In function 'p_cgi_error':
neo_cgi.c:181:3: error: format not a string literal and no format
arguments [-Werror=format-security]
cc1: some warnings being treated as errors
The problem bould be solved with:
--- a/python/neo_cgi.c
+++ b/python/neo_cgi.c
@@ -178,7 +178,7 @@
if (!PyArg_ParseTuple(args, "s:error(str)", &s))
return NULL;
- cgi_error (cgi, s);
+ cgi_error (cgi, "%s", s);
rv = Py_None;
Py_INCREF(rv);
return rv;
Please, apply this patch as soon as possible.
Best regards,
Leo Iannacone
[0] http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html
-- System Information:
Debian Release: wheezy/sid
APT prefers oneiric
APT policy: (500, 'oneiric')
Architecture: i386 (i686)
Kernel: Linux 3.0.0-12-generic (SMP w/2 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Description: Fix FTBFS with -Werror=format-security
--- a/python/neo_cgi.c
+++ b/python/neo_cgi.c
@@ -178,7 +178,7 @@
if (!PyArg_ParseTuple(args, "s:error(str)", &s))
return NULL;
- cgi_error (cgi, s);
+ cgi_error (cgi, "%s", s);
rv = Py_None;
Py_INCREF(rv);
return rv;
--- End Message ---
--- Begin Message ---
Source: clearsilver
Source-Version: 0.10.5-1.3
We believe that the bug you reported is fixed in the latest version of
clearsilver, which is due to be installed in the Debian FTP archive:
clearsilver-dev_0.10.5-1.3_i386.deb
to main/c/clearsilver/clearsilver-dev_0.10.5-1.3_i386.deb
clearsilver_0.10.5-1.3.debian.tar.gz
to main/c/clearsilver/clearsilver_0.10.5-1.3.debian.tar.gz
clearsilver_0.10.5-1.3.dsc
to main/c/clearsilver/clearsilver_0.10.5-1.3.dsc
libclearsilver-perl_0.10.5-1.3_i386.deb
to main/c/clearsilver/libclearsilver-perl_0.10.5-1.3_i386.deb
python-clearsilver_0.10.5-1.3_i386.deb
to main/c/clearsilver/python-clearsilver_0.10.5-1.3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 649...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luk Claes <l...@debian.org> (supplier of updated clearsilver package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 29 Dec 2011 21:57:11 +0100
Source: clearsilver
Binary: clearsilver-dev python-clearsilver libclearsilver-perl
Architecture: source i386
Version: 0.10.5-1.3
Distribution: unstable
Urgency: high
Maintainer: Jesus Climent <jesus.clim...@hispalinux.es>
Changed-By: Luk Claes <l...@debian.org>
Description:
clearsilver-dev - headers and static library for clearsilver
libclearsilver-perl - Perl bindings for clearsilver
python-clearsilver - Python bindings for clearsilver
Closes: 649322
Changes:
clearsilver (0.10.5-1.3) unstable; urgency=high
.
* Non-maintainer upload.
* Fix format string vulnerability CVE-2011-4357 (Closes: #649322).
Checksums-Sha1:
ddba403f5476e5b9a9a9420e777e9eafad78aa55 1445 clearsilver_0.10.5-1.3.dsc
ebb4e4ad672f9f1ffd3568c75a44975ea996adf4 7698
clearsilver_0.10.5-1.3.debian.tar.gz
afc87db732c4b9b043cb4201a827b07524493432 281976
clearsilver-dev_0.10.5-1.3_i386.deb
49df0438440a1c51ca677bda7057cba8f7bc347c 190628
python-clearsilver_0.10.5-1.3_i386.deb
98c32cd0ae9aa16ce1bbe8ed397854221f62b781 95490
libclearsilver-perl_0.10.5-1.3_i386.deb
Checksums-Sha256:
122cbf716e2fcad88f8f60a75eb0e4b463fb25c839ac8e7c3ff2c49fe9f2b92c 1445
clearsilver_0.10.5-1.3.dsc
5241d4816a0ecc73d801d3744980879bf467eb2e421c1a7b88db4710ed993574 7698
clearsilver_0.10.5-1.3.debian.tar.gz
9897e5ad98d24ebc92d781472cdca8d90903d327efc48619ccd604259990531c 281976
clearsilver-dev_0.10.5-1.3_i386.deb
65b34106a0940e04e9fa5d9679c89b8e7cb4d8510130aa46e6f3afe9752a6ea4 190628
python-clearsilver_0.10.5-1.3_i386.deb
b03a4a991c1feff76cb9760fdf68cadd9de03a33791557dbdf792cc5d342c963 95490
libclearsilver-perl_0.10.5-1.3_i386.deb
Files:
4b91d9dd3360fb94178d62c958144c10 1445 devel optional clearsilver_0.10.5-1.3.dsc
48e91d5b5745a9cf30e928a6f2fac9c0 7698 devel optional
clearsilver_0.10.5-1.3.debian.tar.gz
c3f979eb57d40660822e8b5e1ca9a894 281976 python optional
clearsilver-dev_0.10.5-1.3_i386.deb
5181507b138b02bd06b89ae07a6debed 190628 python optional
python-clearsilver_0.10.5-1.3_i386.deb
c050a9591dcf55f9ecbf595159236d50 95490 perl optional
libclearsilver-perl_0.10.5-1.3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk781dUACgkQ5UTeB5t8Mo1aLQCeMD4hJ/kFGmJ1qcGNGnlDjxeh
oukAoLS9KHGGNkDld5Goai4/DJo2w6uD
=fws0
-----END PGP SIGNATURE-----
--- End Message ---
