The attached patch fixes this issue.
-------- Original Message --------
Subject: [Bug 1037231] New: openmpi FTBFS if "-Werror=format-security" flag is
used
List-Post: devel@lists.open-mpi.org
Date: Tue, 03 Dec 2013 03:26:30 +0000
From: bugzi...@redhat.com
To: or...@cora.nwra.com
https://bugzilla.redhat.com/show_bug.cgi?id=1037231
Bug ID: 1037231
Summary: openmpi FTBFS if "-Werror=format-security" flag is
used
Product: Fedora
Version: rawhide
Component: openmpi
Assignee: dledf...@redhat.com
Reporter: dkho...@redhat.com
QA Contact: extras...@fedoraproject.org
CC: dakin...@gmail.com, dledf...@redhat.com,
fenla...@redhat.com, or...@cora.nwra.com
Description of problem
----------------------
openmpi fails to build if "-Werror=format-security" flag is used.
...
btl_usnic_module.c:829:5: error: format not a string literal and no format
arguments [-Werror=format-security]
...
We are working on a proposal to enable "-Werror=format-security" for all
packages. Once this flag is enabled, GCC will refuse to compile code that could
be vulnerable to a string format security flaw. For more details, please see
https://fedorahosted.org/fesco/ticket/1185 page.
To understand why it is important to fix this, please see
https://fedoraproject.org/wiki/Format-Security-FAQ page.
How to fix this
---------------
The fix for these errors is quite simple. It's a matter of changing a
line like,
printf(foo);
to read,
printf("%s", foo);
That's it.
Please fix this issue in rawhide with a patch (which you should submit
to upstream to merge moving forward). Please do a new build with the
fix in rawhide. Other releases do not need to be directly fixed, but
there should be no harm in pushing out this fix/patch with other needed
changes to those branches.
In the event you don't fix this bug before the next mass rebuild,
provenpackagers may step in and update your package(s) to fix this
issue.
How reproducible
----------------
Build openmpi-1.7.3-1.fc21.src.rpm with "-Werror=format-security" flag to
reproduce the problem.
To make this process easier, you can use a modified "redhat-rpm-config" package
from http://people.fedoraproject.org/~halfie/artifacts/redhat-rpm-config/ URL.
$ sha256sum redhat-rpm-config-9.1.0-56.fc20.*
faad7594b2080fe76497d0ce50808c905a93dd7b41c1defdde5ca57e3833d3d2
redhat-rpm-config-9.1.0-56.fc20.noarch.rpm
5aa9357174305c7285ffdbc92d7ffe1c07a8a95d5459b930461308f5aad75413
redhat-rpm-config-9.1.0-56.fc20.src.rpm
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=g1lCzLGyFI&a=cc_unsubscribe
diff -up openmpi-1.7.3/ompi/mca/btl/usnic/btl_usnic_module.c.format openmpi-1.7.3/ompi/mca/btl/usnic/btl_usnic_module.c
--- openmpi-1.7.3/ompi/mca/btl/usnic/btl_usnic_module.c.format 2013-10-01 16:13:44.000000000 -0600
+++ openmpi-1.7.3/ompi/mca/btl/usnic/btl_usnic_module.c 2013-12-03 16:35:41.206022575 -0700
@@ -826,7 +826,7 @@ static void usnic_stats_callback(int fd,
}
strncat(str, tmp, sizeof(str) - strlen(str) - 1);
- opal_output(0, str);
+ opal_output(0, "%s", str);
if (mca_btl_usnic_component.stats_relative) {
usnic_stats_reset(module);
