Source: mimedefang Version: 2.71-2 Severity: normal User: [email protected] Usertags: hardening-format-security hardening
the package mimedefang fails to compile with the new hardened compiler flags dpkg-buildflag outputs [0]. The problematic flag is: -Werror=format-security See the ubuntu buildlog: https://launchpadlibrarian.net/83073831/buildlog_ubuntu-precise-i386.mimedefang_2.71-2_FAILEDTOBUILD.txt.gz Snippet: x86_64-linux-gnu-gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -Wall -Wstrict-prototypes -D_POSIX_PTHREAD_SEMANTICS -DEMBED_PERL -DSAFE_EMBED_PERL -DPERL_PATH=\"/usr/bin/perl\" -DMIMEDEFANG_PL=\"/usr/bin/mimedefang.pl\" -DRM=\"/bin/rm\" -DVERSION=\"2.71\" -DSPOOLDIR=\"/var/spool/MIMEDefang\" -DQDIR=\"/var/spool/MIMEDefang\" -DCONFDIR=\"/etc\" -c -o mimedefang-multiplexor.o ./mimedefang-multiplexor.c ./mimedefang-multiplexor.c: In function 'doStatusLog': ./mimedefang-multiplexor.c:3005:5: error: format not a string literal and no format arguments [-Werror=format-security] The buildflags are not exported in debian, but can be enabled e.g. by adding this to debian/rules: DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk Please fix the issues and maybe also enable the hardened build in debian. [0] http://lists.debian.org/debian-devel-announce/2011/09/msg00001.html
signature.asc
Description: OpenPGP digital signature
