Enabling "-Werror=format-security" by default
Dhiru Kholia
dhiru.kholia at gmail.com
Wed Nov 20 17:45:56 UTC 2013
On 11/20/13 at 11:16am, David Smith wrote:
> > On 11/20/13 at 09:27pm, Dhiru Kholia wrote:
> > A list of packages which FTBFS is available at,
> >
> > http://people.fedoraproject.org/~halfie/rebuild-logs.txt
>
> Looking at the list, I see several (~17) packages with errors of the form:
>
> error: -Wformat-security ignored without -Wformat [-Werror=format-security]
>
> Which is an error, but not exactly what you are trying to catch. Got any
> ideas on what is going on here?
Hi David,
Excellent catch! I took a quick look and it seems that these packages
are trying to use custom compilation flags.
E.g. p0f-3.06b-3.fc20.src.rpm has a line which says,
BASIC_CFLAGS="-Wall -Wno-format -I/usr/local/include/ \
-I/opt/local/include/ -DVERSION=\"$VERSION\" $CFLAGS"
The usage of hard-coded "-Wno-format" flag conflicts with our desired
"-Werror=format-security" flag. p0f is a "security package" and it
should know better, I believe.
Additionally, p0f packaging seems to be violating the Fedora packaging
guidelines,
https://fedoraproject.org/wiki/Packaging:Guidelines#Compiler_flags
The very next project I am (and was) planning to work on, is to detect
packages which try to use custom compilation flags ;)
--
Dhiru
More information about the devel
mailing list