Summary: | sys-process/numad-0.5-r1 - numad.c:174:5: error: format not a string literal and no format arguments [-Werror=format-security] | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Agostino Sarubbo <ago> |
Component: | [OLD] Core system | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | 89q1r14hd, cardoe, sam, tb |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 713576, 259417 | ||
Attachments: | numad-0.5-r1:20140820-103146.log |
Description
Agostino Sarubbo
2014-08-20 10:35:08 UTC
Created attachment 383180 [details]
numad-0.5-r1:20140820-103146.log
build log
Ago, you're doing this wrong. If you set your CFLAGS to /warn/ about format security, you catch all of them at once, while right now you're just catching the first one and then the build fails. (In reply to Jeroen Roovers from comment #2) > Ago, you're doing this wrong. If you set your CFLAGS to /warn/ about format > security, you catch all of them at once, while right now you're just > catching the first one and then the build fails. You are right, but I hope that the maintainer will recompile with format-security to check his fix and if there are more issues, he's able to see them I'm inclined to remove this package from the tree. Upstream is pretty crummy. They do random code drops into git but develop this package outside of git. https://git.fedorahosted.org/cgit/numad.git/ -Werror=format-security bugs generally should go upstream, but they shouldn't impact a package on our side. these auto-filed bugs aren't generally useful. (In reply to SpanKY from comment #5) > -Werror=format-security bugs generally should go upstream, but they > shouldn't impact a package on our side. these auto-filed bugs aren't > generally useful. So a follow up from the guy that does the commits into that package repo. He says he's not the developer or maintainer. The people that maintain numad refuse to use git and he's just the Fedora packager and he's committing into git the source as he gets it from the maintainers and he can't provide contain info for the actual maintainers. (In reply to Doug Goldstein from comment #6) i vaguely recall the redhat guys also track format-security bugs. maybe file the bug in their bugzilla and see if that helps ? :) in Fedora and Debian they are using a newer git snapshot from 20150602, maybe that could help, for them it fixes this bug (and others) This is still an ongoing issue. Should this issue not be re-opened and set to block bug #713576, so that it correctly shows up as a blocker in the current format-security tracking bug? The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e3b9beabb52e2163a358da546e33b4634617fdd commit 4e3b9beabb52e2163a358da546e33b4634617fdd Author: Sam James <sam@gentoo.org> AuthorDate: 2022-06-20 03:20:37 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-06-20 05:03:49 +0000 sys-process/numad: fix -Wformat-security Closes: https://bugs.gentoo.org/520308 Signed-off-by: Sam James <sam@gentoo.org> .../numad/files/numad-0.5-wformat-security.patch | 19 ++++++++ sys-process/numad/numad-0.5-r4.ebuild | 53 ++++++++++++++++++++++ 2 files changed, 72 insertions(+) |