When compiling bash-4.2.20 with CFLAGS +=-Werror=format-security, there is a warning easy to fix : print_cmd.c: In function 'indent': print_cmd.c:1397: warning: format not a string literal and no format arguments
Debian has a patch for this since bash-4.1. I haven't seen the patch
reported so here it is.
Author: Pierre Chifflier
Description: Fix build error with -Werror=format-security hardening flag.
diff -ruN bash-4.1.orig/print_cmd.c bash-4.1/print_cmd.c
--- a/bash/print_cmd.c 2009-09-16 21:32:26.000000000 +0200
+++ b/bash/print_cmd.c 2011-09-16 11:38:40.000000000 +0200
@@ -1374,7 +1374,7 @@
for (i = 0; amount > 0; amount--)
indentation_string[i++] = ' ';
indentation_string[i] = '\0';
- cprintf (indentation_string);
+ cprintf ("%s", indentation_string);
}
static void
Patch attached too as I am unsure mailer will not break it.
Gilles
bash-4.1_hardening-formatstring.patch
Description: Binary data
