Package: hardening-wrapper Version: 2.6 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu vivid ubuntu-patch
Dear Maintainer, hardened-cc was adding the -Wformat-security option even if -Wno-format was being specified on the compilation command line, which causes gcc to fail whatever it's compiling with: 'error: -Wformat-security ignored without -Wformat [-Werror=format-security]' The attached patch disables adding the -Wformat options if any -Wformat options have been given on the compilation command line, as it assumes the author knows what they're doing with respect to format warning options. Ubuntu-bug: https://bugs.launchpad.net/ubuntu/+source/hardening-wrapper/+bug/1347257 *** /home/steve/tmp/tmpyeg0Dz/bug_body In Ubuntu, the attached patch was applied to achieve the following: * hardened-cc: don't set -Wformat options if they are already set (LP: #1347257) Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers utopic-updates APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 'utopic-proposed'), (500, 'utopic'), (500, 'trusty-proposed') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-22-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -Nru hardening-wrapper-2.6/hardened-cc hardening-wrapper-2.6ubuntu1/hardened-cc --- hardening-wrapper-2.6/hardened-cc 2014-09-24 08:14:54.000000000 -0700 +++ hardening-wrapper-2.6ubuntu1/hardened-cc 2014-10-14 08:45:03.000000000 -0700 @@ -146,6 +146,11 @@ $arg eq "-ffreestanding") { $force_stack = 0; } + if ($arg eq "-Wno-format" || + $arg =~ /^-Wformat=/ || + $arg eq "-Wno-format-security") { + $force_format = 0; + } } # Enable SSP by default