On Thu, Nov 21, 2013 at 2:04 AM, Florian Weimer wrote:
> On 11/20/2013 06:45 PM, Przemek Klosowski wrote:
>> Well, the code is inelegant:
>>
>> sprintf(path + len, formatted_name);
>>
>> looks better and avoids the warning if you write it as
>>
>> sprintf(&(path[len]), "%s", formatted_name);
>
- Original Message -
> Hi,
>
> We are working on a proposal to enable "-Werror=format-security"
> compilation flag for all packages in Fedora.
Hi!
FESCo on yesterdays meeting agreed to ask you for a formal proposal
as a Change page [1] - for more details see [2]. Don't hesitate to ask
any
On 11/20/2013 06:45 PM, Przemek Klosowski wrote:
On 11/20/2013 11:13 AM, Jerry James wrote:
path_sprintf(), which is static in Game.c. All callers of that
function are visible in the same file, and all pass constant strings
into the function, which passes those constant strings to sprintf().
The
On Wed, 20 Nov 2013, Dhiru Kholia wrote:
Hi,
We are working on a proposal to enable "-Werror=format-security"
compilation flag for all packages in Fedora.
Once this flag is enabled, GCC will refuse to compile code that could be
vulnerable to a string format security flaw. For more details, plea
On 11/20/2013 11:13 AM, Jerry James wrote:
And the very first package I maintain that appears on that list, abe,
is an interesting one. The game has an internal function,
path_sprintf(), which is static in Game.c. All callers of that
function are visible in the same file, and all pass constant
On Wed, 2013-11-20 at 23:15 +0530, Dhiru Kholia wrote:
> On 11/20/13 at 11:16am, David Smith wrote:
> > > On 11/20/13 at 09:27pm, Dhiru Kholia wrote:
> > > A list of packages which FTBFS is available at,
> > >
> > > http://people.fedoraproject.org/~halfie/rebuild-logs.txt
> >
> > Looking at the lis
On 11/20/13 at 11:16am, David Smith wrote:
> > On 11/20/13 at 09:27pm, Dhiru Kholia wrote:
> > A list of packages which FTBFS is available at,
> >
> > http://people.fedoraproject.org/~halfie/rebuild-logs.txt
>
> Looking at the list, I see several (~17) packages with errors of the form:
>
> error: -
On 11/20/2013 11:13 AM, Jerry James wrote:
path_sprintf(), which is static in Game.c. All callers of that
function are visible in the same file, and all pass constant strings
into the function, which passes those constant strings to sprintf().
The function's purpose is to produce a pathname for
On Wed, Nov 20, 2013 at 10:21:10PM +0530, Dhiru Kholia wrote:
> On 11/20/13 at 09:27pm, Dhiru Kholia wrote:
> > We are working on a proposal to enable "-Werror=format-security"
> > compilation flag for all packages in Fedora.
> >
> > Currently, around 400 packages FTBFS if this flag is enabled.
>
On 11/20/2013 10:51 AM, Dhiru Kholia wrote:
> On 11/20/13 at 09:27pm, Dhiru Kholia wrote:
>> We are working on a proposal to enable "-Werror=format-security"
>> compilation flag for all packages in Fedora.
>>
>> Currently, around 400 packages FTBFS if this flag is enabled.
>
> A list of packages w
On Wed, 2013-11-20 at 09:13 -0700, Jerry James wrote:
> On Wed, Nov 20, 2013 at 8:57 AM, Dhiru Kholia wrote:
> > Currently, around 400 packages FTBFS if this flag is enabled. I am all
> > set to start filing the bugs (once given the green signal). In addition,
> > I am willing to help in patching
On 11/20/13 at 09:27pm, Dhiru Kholia wrote:
> We are working on a proposal to enable "-Werror=format-security"
> compilation flag for all packages in Fedora.
>
> Currently, around 400 packages FTBFS if this flag is enabled.
A list of packages which FTBFS is available at,
http://people.fedoraproje
On 20 November 2013 17:25, Kevin Fenzi wrote:
> First... I'd suggest posting the list of packages and give maintainers
> a week or two to just fix them. Then before filing anything you can run
> a quick check to see which packages are still needing fixing.
>
Yes please, sometimes the automated b
On Wed, 20 Nov 2013 21:27:39 +0530
Dhiru Kholia wrote:
> Hi,
>
> We are working on a proposal to enable "-Werror=format-security"
> compilation flag for all packages in Fedora.
>
> Once this flag is enabled, GCC will refuse to compile code that could
> be vulnerable to a string format security
>
> And the very first package I maintain that appears on that list, abe,
> is an interesting one. The game has an internal function,
> path_sprintf(), which is static in Game.c. All callers of that
> function are visible in the same file, and all pass constant strings
> into the function, which
On Wed, Nov 20, 2013 at 8:57 AM, Dhiru Kholia wrote:
> Currently, around 400 packages FTBFS if this flag is enabled. I am all
> set to start filing the bugs (once given the green signal). In addition,
> I am willing to help in patching these packages. I believe that this
> work is important and wi
Hi,
We are working on a proposal to enable "-Werror=format-security"
compilation flag for all packages in Fedora.
Once this flag is enabled, GCC will refuse to compile code that could be
vulnerable to a string format security flaw. For more details, please
see https://fedorahosted.org/fesco/ticke
17 matches
Mail list logo
