[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Monotone-debian] Bug#646349: monotone: FTBFS with -Werror=format-securi
From: |
Julian Taylor |
Subject: |
[Monotone-debian] Bug#646349: monotone: FTBFS with -Werror=format-security |
Date: |
Sun, 23 Oct 2011 15:11:44 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 |
Source: monotone
Version: 1.0-3
Severity: normal
User: address@hidden
Usertags: hardening-format-security hardening
the package monotone fails to compile with the new hardened compiler
flags dpkg-buildflag outputs [0].
The problematic flag is: -Werror=format-security
See the ubuntu buildlog:
https://launchpadlibrarian.net/83074600/buildlog_ubuntu-precise-i386.monotone_1.0-3_FAILEDTOBUILD.txt.gz
Snippet:
g++ -I. -I/usr/include/lua5.1 -D_FORTIFY_SOURCE=2 -g -O2
-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security
-Werror=format-security -Wall -W -Wno-unused -c -o src/cmd.o src/cmd.cc
src/cmd.cc: In member function 'virtual void
commands::cmd_manpage::exec(app_state&, const command_id&, const
args_vector&) const':
src/cmd.cc:977:31: error: format not a string literal and no format
arguments [-Werror=format-security]
The buildflags are not exported in debian, but can be enabled e.g. by
adding this to debian/rules:
DPKG_EXPORT_BUILDFLAGS = 1
include /usr/share/dpkg/buildflags.mk
Please fix the issues and maybe also enable the hardened build in debian.
[0] http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html
signature.asc
Description: OpenPGP digital signature
- [Monotone-debian] Bug#646349: monotone: FTBFS with -Werror=format-security,
Julian Taylor <=