Bug#643461: qhull: FTBFS: io.c:2169:3: error: format not a string literal and no format arguments [-Werror=format-security]

Didier Raboud odyx at debian.org
Tue Sep 27 12:36:40 UTC 2011 

Source: qhull
Version: 2009.1-2
Severity: serious
Tags: wheezy sid
User: debian-qa at lists.debian.org
Usertags: qa-ftbfs-20110923 qa-ftbfs hardening-format-security hardening
Justification: FTBFS on amd64

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64.

Relevant part:
> /bin/bash ../libtool --tag=CC   --mode=compile gcc -DPACKAGE_NAME=\"qhull\" -DPACKAGE_TARNAME=\"qhull\" -DPACKAGE_VERSION=\"2009.1\" -DPACKAGE_STRING=\"qhull\ 2009.1\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"qhull\" -DVERSION=\"2009.1\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -I.     -g -O2 -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wall -fno-strict-aliasing -c -o io.lo io.c
> libtool: compile:  gcc -DPACKAGE_NAME=\"qhull\" -DPACKAGE_TARNAME=\"qhull\" -DPACKAGE_VERSION=\"2009.1\" "-DPACKAGE_STRING=\"qhull 2009.1\"" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"qhull\" -DVERSION=\"2009.1\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -I. -g -O2 -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wall -fno-strict-aliasing -c io.c  -fPIC -DPIC -o .libs/io.o
> io.c: In function 'qh_printfacet3math':
> io.c:2169:3: error: format not a string literal and no format arguments [-Werror=format-security]
> cc1: some warnings being treated as errors
> 
> make[2]: *** [io.lo] Error 1

The full build log is available from:
   http://people.debian.org/~lucas/logs/2011/09/23/qhull_2009.1-2_lsid64.buildlog

This happened because since dpkg 1.16.0 [0], hardening flags are enabled 
under various conditions.

[0] http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html

A list of current common problems and possible solutions is available at 
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on about 50 AMD64 nodes
of the Grid'5000 platform, using a clean chroot.  Internet was not
accessible from the build systems.

More information about the debian-science-maintainers mailing list