Building tar-1.26 on OS X 10.6, gcc gives a bunch of "format not a string
literal and no format arguments" warnings. They arise from various functions
and macro calls and such, but the key trigger is that anything similar to:
printf(foo);
is considered a potential security risk if foo is a variable rather than a
simple quoted string. The solution is to do:
printf("%s", foo);
I don't know anything about tar's internals to know if the cases here are just
several layers of wrapper functions that actually do things safely (but confuse
the compiler) but I could do a naive patch to get started clearing them if it
would be useful.
dan
--
Daniel Macks
[email protected]
