Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 259417 (fortify-source) - [Tracker] >=sys-devel/gcc-4.3.3 -D_FORTIFY_SOURCE=2 and -Wformat-security porting
Summary: [Tracker] >=sys-devel/gcc-4.3.3 -D_FORTIFY_SOURCE=2 and -Wformat-security por...
Status: CONFIRMED
Alias: fortify-source
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Toolchain Maintainers
URL: http://archives.gentoo.org/gentoo-dev...
Whiteboard:
Keywords: Tracker
: gcc-4.3.3 (view as bug list)
Depends on: 336887 363453 363533 363565 421809 430616 431114 435012 443718 451006 454850 454922 511478 512392 512398 512400 512406 512408 517524 517526 517578 517582 517588 520308 520474 520494 520504 520526 520574 520586 520960 520964 520974 520994 521002 521026 521032 521034 521068 521082 521098 521128 521248 521250 521262 521266 521272 521282 521360 528106 530630 539320 541722 542002 542004 542006 542128 542130 542244 542272 542280 542672 544374 545978 546528 550044 550524 550534 551786 553340 554636 557140 559692 560032 560840 576590 578554 578968 583534 587222 632628 634994 213833 218567 232079 232081 232084 232100 232102 232968 233001 238060 253786 256638 256660 256668 256782 256914 256955 257016 257047 257139 257177 257265 257290 257340 257506 257823 257963 257968 258075 258295 258382 258487 258752 259013 259045 259305 259340 259699 260070 260074 260081 260180 260183 260185 260186 260451 260539 260674 260717 260817 260840 260847 260849 260873 260886 260925 260941 260983 260985 261099 261100 261144 261145 261147 261187 261276 261283 261299 261320 261438 261676 264094 264112 264286 264395 267013 268531 272540 273170 273176 274119 274308 274379 276730 276872 277158 277459 278986 284155 285374 287746 294824 296618 301795 301879 310847 317695 319789 320785 321983 323057 325281 329039 329043 329049 329051 332255 335115 336599 336601 336603 336604 336605 336606 336607 336609 336611 336754 336755 336855 336941 336988 337020 337059 337087 337090 337181 337188 337224 337233 337239 337314 337363 337365 337366 337410 337415 337422 337436 337444 337446 337478 337520 337527 337565 337676 337745 337775 337779 337849 337851 337867 337874 337889 337897 337903 338147 338151 338163 338179 338180 338619 338730 338819 338823 338863 338905 338936 338971 339004 339107 339109 339122 339196 339242 339248 339259 339355 339360 339364 339405 339451 339455 339456 339481 339539 339541 339545 339652 339702 339706 339746 339750 339808 339842 339898 339900 339901 339917 340085 340141 340143 340145 340147 340148 340149 340166 340167 340196 340249 340251 340253 340255 340357 340439 340441 340579 340665 340671 340789 340829 340833 340901 340905 340909 340911 340969 341089 341103 341115 341185 341223 341525 341715 342307 342309 342799 342857 342907 343133 343341 343575 343577 343587 349464 349786 350999 351013 351290 351452 351478 351689 351996 354337 354493 356635 357127 358195 358569 359779 361951 362325 362327 362737 363357 363537 363543 364683 365681 369007 370949 378115 387557 389835 418161 421383 421717 421843 423061 423619 423673 423941 424962 424976 428734 430030 430248 430704 431258 431800 432500 432702 434198 434220 434264 434418 438206 438420 439524 442286 443144 449868 450990 452110 454662 456348 458046 458458 464708 465748 475190 477586 486480 488794 PR61164 512390 512394 512396 512402 512404 512410 512412 512414 512426 517576 517584 517586 517608 517610 517612 517614 517622 517662 517664 518840 520306 520470 520472 520476 520478 520492 520498 520502 520506 520508 520518 520520 520524 520556 520560 520562 520564 520568 520578 520580 520588 520590 520596 520602 520620 520628 520956 520962 520966 520970 520972 520978 520984 520986 520988 520992 520996 520998 521000 521004 521006 521008 521010 521012 521014 521016 521018 521020 521022 521024 521028 521030 521038 521054 521056 521062 521066 521076 521078 521080 521084 521086 521088 521090 521096 521100 521104 521108 521110 521112 521114 521116 521118 521120 521122 521124 521242 521246 521252 521256 521258 521260 521264 521268 521270 521326 524810 524934 528110 528678 530636 530638 531702 533690 533694 536114 536116 536118 536120 536122 536136 537226 538342 539102 539104 539228 539230 539232 540466 540470 540636 541212 541724 541984 541986 541988 541992 541994 541996 541998 542000 542104 542122 542124 542132 542134 542138 542140 542274 542276 542278 542666 543014 543016 543018 543032 544316 544352 544354 544356 544358 544362 544364 544366 544370 544644 544670 545316 545966 546406 546408 546546 547082 547084 549250 550456 550628 551790 551794 553314 556444 556568 556806 556830 556846 557120 557132 557144 557410 558326 560838 563490 565140 568970 569720 570696 571894 572702 573510 577430 579428 579442 582916 582928 585530 585878 593658 595168 596496 606498 657668
Blocks:
  Show dependency tree
 
Reported: 2009-02-17 21:58 UTC by Peter Alfredsen (RETIRED)
Modified: 2018-06-09 19:27 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Alfredsen (RETIRED) gentoo-dev 2009-02-17 21:58:51 UTC
In gcc-4.3.3, -D_FORTIFY_SOURCE=2 and -Wformat-is added automagically to C[XX]FLAGS
  - Please file a NEW bug for each package affected by this change and make it BLOCK this one.
  - Do NOT use this bug for issues with >=GCC 4.3.3 itself.  File a new bug and
assign it to toolchain.

Hardened has already done this for some time, so a few bugs have been moved from the gcc-4.3 tracker to this one to keep better track of things.
Comment 1 SpanKY gentoo-dev 2009-02-24 07:29:54 UTC
any package broken by -Wformat-security is broken regardless ... no package should be building with -Werror and afaik, that's the only way to trigger a failure with that
Comment 2 Peter Alfredsen (RETIRED) gentoo-dev 2009-02-25 11:28:16 UTC
*** Bug 260236 has been marked as a duplicate of this bug. ***
Comment 3 Jeroen Roovers gentoo-dev 2010-11-30 19:18:16 UTC
*** Bug 347267 has been marked as a duplicate of this bug. ***
Comment 4 SpanKY gentoo-dev 2014-09-11 05:31:55 UTC
i don't think any of these format-security bugs are useful.  if you want to convince upstream to make their code base nice, then that'd be great.  but i see no real value in Gentoo carrying patches, and i'm inclined to start closing them as UPSTREAM.
Comment 5 Anthony Basile gentoo-dev 2014-10-17 11:44:33 UTC
(In reply to SpanKY from comment #4)
> i don't think any of these format-security bugs are useful.  if you want to
> convince upstream to make their code base nice, then that'd be great.  but i
> see no real value in Gentoo carrying patches, and i'm inclined to start
> closing them as UPSTREAM.

I didn't even know this tracker was here.  As Peter said, hardened has lived with this a long time without too much difficulty and I really don't want to see a bunch of patches causing an unnecessary maintenance burndon.

I say, let's close these upstream and suggest using append-cppflags if necessary to change the -D_FORTIFY_SOURCE=2.  As already stated -Wformat-security will just warn.
Comment 6 Mr. Bones. (RETIRED) gentoo-dev 2015-03-24 16:59:48 UTC
(In reply to SpanKY from comment #4)
>  i'm inclined to start closing them as UPSTREAM.

Please go ahead.  The bugspam is getting excessive and will continue as long as this bug is open.
Comment 7 Ryan Hill (RETIRED) gentoo-dev 2015-08-05 06:08:30 UTC
We could add -Wformat-security to portage's post-build qa checks.  This would both raise its visibility and tell people that upstream is the proper place to report any warnings to.