Package: hardening-wrapper
Version: 2.6
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu vivid ubuntu-patch
Dear Maintainer,
hardened-cc was adding the -Wformat-security option even if -Wno-format
was being specified on the compilation command line, which causes
gcc to fail whatever it's compiling with:
'error: -Wformat-security ignored without -Wformat [-Werror=format-security]'
The attached patch disables adding the -Wformat options if any
-Wformat options have been given on the compilation command line,
as it assumes the author knows what they're doing with respect to
format warning options.
Ubuntu-bug:
https://bugs.launchpad.net/ubuntu/+source/hardening-wrapper/+bug/1347257
*** /home/steve/tmp/tmpyeg0Dz/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* hardened-cc: don't set -Wformat options if they are already set
(LP: #1347257)
Thanks for considering the patch.
-- System Information:
Debian Release: jessie/sid
APT prefers utopic-updates
APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500,
'utopic-proposed'), (500, 'utopic'), (500, 'trusty-proposed')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-22-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru hardening-wrapper-2.6/hardened-cc hardening-wrapper-2.6ubuntu1/hardened-cc
--- hardening-wrapper-2.6/hardened-cc 2014-09-24 08:14:54.000000000 -0700
+++ hardening-wrapper-2.6ubuntu1/hardened-cc 2014-10-14 08:45:03.000000000 -0700
@@ -146,6 +146,11 @@
$arg eq "-ffreestanding") {
$force_stack = 0;
}
+ if ($arg eq "-Wno-format" ||
+ $arg =~ /^-Wformat=/ ||
+ $arg eq "-Wno-format-security") {
+ $force_format = 0;
+ }
}
# Enable SSP by default
