Hi there, On Sun, Oct 23, 2011 at 03:21:52PM +0200, Julian Taylor wrote: > Source: myodbc > Version: 5.1.6-2 > Severity: normal > User: debian...@lists.debian.org > Usertags: hardening-format-security hardening
> the package myodbc fails to compile with the new hardened compiler > flags dpkg-buildflag outputs [0]. > The problematic flag is: -Werror=format-security > See the ubuntu buildlog: > https://launchpadlibrarian.net/83077578/buildlog_ubuntu-precise-i386.myodbc_5.1.6-2_FAILEDTOBUILD.txt.gz > Snippet: > gcc -DHAVE_CONFIG_H -I. -I../driver -I.. -I../util -D_FORTIFY_SOURCE=2 > -I/usr/include -O3 -DDBUG_O > FF -I/usr/include/mysql -DBIG_JOINS=1 -fno-strict-aliasing -DUNIV_LINUX > -DUNIV_LINUX -g -O2 -fstack- > protector --param=ssp-buffer-size=4 -Wformat -Wformat-security > -Werror=format-security -c myodbc3i.c > In file included from ../util/../MYODBC_CONF.h:29:0, > from ../util/installer.h:30, > from myodbc3i.c:40: > ... > myodbc3i.c: In function 'main_usage': > myodbc3i.c:146:3: error: format not a string literal and no format > arguments [-Werror=format-security] Right, thanks for pointing this out. > The buildflags are not exported in debian, but can be enabled e.g. by > adding this to debian/rules: > DPKG_EXPORT_BUILDFLAGS = 1 > include /usr/share/dpkg/buildflags.mk A much better way to do this is to just bump the debhelper compat level to 9... http://web.dodds.net/~vorlon/wiki/blog/Debian:_not_stale_just_hardened/ :) > Please fix the issues and maybe also enable the hardened build in debian. Fixed here, will upload shortly. Thanks again! -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: Digital signature
