[Debian-med-packaging] Bug#643444: ncbi-tools6: FTBFS: pgppop.c:2997:5: error: format not a string literal and no format arguments [-Werror=format-security]

Didier Raboud odyx at debian.org
Tue Sep 27 12:35:02 UTC 2011 

Source: ncbi-tools6
Version: 6.1.20110713-1
Severity: serious
Tags: wheezy sid
User: debian-qa at lists.debian.org
Usertags: qa-ftbfs-20110923 qa-ftbfs hardening-format-security hardening
Justification: FTBFS on amd64

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64.

Relevant part:
> gcc  -c -g -O2 -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wall -D_PNG -fPIC -I../include -DWIN_MOTIF pgppop.c
> pgppop.c:305:4: warning: missing braces around initializer [-Wmissing-braces]
> pgppop.c:305:4: warning: (near initialization for 'DDV_PaletteRGB[0]') [-Wmissing-braces]
> pgppop.c: In function 'DDV_WWW_get_CDS_minus':
> pgppop.c:574:9: warning: variable 'bGiForProductOk' set but not used [-Wunused-but-set-variable]
> pgppop.c:572:5: warning: variable 'numivals2' set but not used [-Wunused-but-set-variable]
> pgppop.c: In function 'DDV_WWW_get_CDS_plus':
> pgppop.c:696:9: warning: variable 'bGiForProductOk' set but not used [-Wunused-but-set-variable]
> pgppop.c: In function 'GetClrFromClrGlobal':
> pgppop.c:1322:4: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
> pgppop.c:1322:4: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
> pgppop.c: In function 'DDV_DisplayTopScale':
> pgppop.c:1545:7: warning: unused variable 'szBlank' [-Wunused-variable]
> pgppop.c: In function 'DDV_GetBLASTCompLine_1':
> pgppop.c:1981:21: warning: array subscript has type 'char' [-Wchar-subscripts]
> pgppop.c:1981:21: warning: array subscript has type 'char' [-Wchar-subscripts]
> pgppop.c: In function 'DDV_GetFullGapFASTAforIdxAli':
> pgppop.c:2997:5: error: format not a string literal and no format arguments [-Werror=format-security]
> pgppop.c: In function 'DDV_DisplayDefaultAlign':
> pgppop.c:3414:13: warning: unused variable 'sabp' [-Wunused-variable]
> pgppop.c: In function 'DDV_ShowSeqAlign':
> pgppop.c:3757:10: warning: unused variable 'szPopSetAuth' [-Wunused-variable]
> pgppop.c:3755:10: warning: unused variable 'szPopSetName' [-Wunused-variable]
> pgppop.c: In function 'DDV_PrintPopSetSummary':
> pgppop.c:3928:9: warning: variable 'bPairwise' set but not used [-Wunused-but-set-variable]
> pgppop.c: At top level:
> ../include/objentgene.h:176:33: warning: 'Method_methodFree' declared 'static' but never defined [-Wunused-function]
> ../include/objentgene.h:177:33: warning: 'Method_methodAsnRead' declared 'static' but never defined [-Wunused-function]
> ../include/objentgene.h:178:24: warning: 'Method_methodAsnWrite' declared 'static' but never defined [-Wunused-function]
> ../include/asnprt.h:12:15: warning: 'asnfilename' defined but not used [-Wunused-variable]
> ../include/asnprt.h:59:23: warning: 'avn' defined but not used [-Wunused-variable]
> ../include/asnprt.h:60:19: warning: 'at' defined but not used [-Wunused-variable]
> ../include/asnprt.h:61:21: warning: 'amp' defined but not used [-Wunused-variable]
> ../include/objalignloc.h:80:27: warning: 'Loc_locFree' declared 'static' but never defined [-Wunused-function]
> ../include/objalignloc.h:81:27: warning: 'Loc_locAsnRead' declared 'static' but never defined [-Wunused-function]
> ../include/objalignloc.h:82:24: warning: 'Loc_locAsnWrite' declared 'static' but never defined [-Wunused-function]
> pgppop.c:559:13: warning: 'DDV_WWW_get_CDS_minus' defined but not used [-Wunused-function]
> pgppop.c:2086:13: warning: 'DDV_HideMaskedLetters' defined but not used [-Wunused-function]
> pgppop.c:2861:13: warning: 'DDV_GetGappedSequence' defined but not used [-Wunused-function]
> pgppop.c:2908:13: warning: 'DDV_PrintFastaGappedSequence' defined but not used [-Wunused-function]
> cc1: some warnings being treated as errors
> 
> make[2]: *** [pgppop.o] Error 1

The full build log is available from:
   http://people.debian.org/~lucas/logs/2011/09/23/ncbi-tools6_6.1.20110713-1_lsid64.buildlog

This happened because since dpkg 1.16.0 [0], hardening flags are enabled 
under various conditions.

[0] http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html

A list of current common problems and possible solutions is available at 
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on about 50 AMD64 nodes
of the Grid'5000 platform, using a clean chroot.  Internet was not
accessible from the build systems.

More information about the Debian-med-packaging mailing list