Enabling "-Werror=format-security" by default

Dhiru Kholia dhiru.kholia at gmail.com
Wed Nov 20 17:45:56 UTC 2013

On 11/20/13 at 11:16am, David Smith wrote:
> > On 11/20/13 at 09:27pm, Dhiru Kholia wrote:
> > A list of packages which FTBFS is available at,
> >
> > http://people.fedoraproject.org/~halfie/rebuild-logs.txt
> Looking at the list, I see several (~17) packages with errors of the form:
> error: -Wformat-security ignored without -Wformat [-Werror=format-security]
> Which is an error, but not exactly what you are trying to catch. Got any
> ideas on what is going on here?

Hi David,

Excellent catch! I took a quick look and it seems that these packages
are trying to use custom compilation flags.

E.g. p0f-3.06b-3.fc20.src.rpm has a line which says,

BASIC_CFLAGS="-Wall -Wno-format -I/usr/local/include/ \
              -I/opt/local/include/ -DVERSION=\"$VERSION\" $CFLAGS"

The usage of hard-coded "-Wno-format" flag conflicts with our desired
"-Werror=format-security" flag. p0f is a "security package" and it
should know better, I believe.

Additionally, p0f packaging seems to be violating the Fedora packaging


The very next project I am (and was) planning to work on, is to detect
packages which try to use custom compilation flags ;)


More information about the devel mailing list