On 11/20/2013 06:45 PM, Przemek Klosowski wrote:
On 11/20/2013 11:13 AM, Jerry James wrote:
path_sprintf(), which is static in Game.c. All callers of that
function are visible in the same file, and all pass constant strings
into the function, which passes those constant strings to sprintf().
- Original Message -
Hi,
We are working on a proposal to enable -Werror=format-security
compilation flag for all packages in Fedora.
Hi!
FESCo on yesterdays meeting agreed to ask you for a formal proposal
as a Change page [1] - for more details see [2]. Don't hesitate to ask
any
On Thu, Nov 21, 2013 at 2:04 AM, Florian Weimer fwei...@redhat.com wrote:
On 11/20/2013 06:45 PM, Przemek Klosowski wrote:
Well, the code is inelegant:
sprintf(path + len, formatted_name);
looks better and avoids the warning if you write it as
sprintf((path[len]), %s, formatted_name);
Hi,
We are working on a proposal to enable -Werror=format-security
compilation flag for all packages in Fedora.
Once this flag is enabled, GCC will refuse to compile code that could be
vulnerable to a string format security flaw. For more details, please
see
On Wed, Nov 20, 2013 at 8:57 AM, Dhiru Kholia dhiru.kho...@gmail.com wrote:
Currently, around 400 packages FTBFS if this flag is enabled. I am all
set to start filing the bugs (once given the green signal). In addition,
I am willing to help in patching these packages. I believe that this
work
And the very first package I maintain that appears on that list, abe,
is an interesting one. The game has an internal function,
path_sprintf(), which is static in Game.c. All callers of that
function are visible in the same file, and all pass constant strings
into the function, which
On Wed, 20 Nov 2013 21:27:39 +0530
Dhiru Kholia dhiru.kho...@gmail.com wrote:
Hi,
We are working on a proposal to enable -Werror=format-security
compilation flag for all packages in Fedora.
Once this flag is enabled, GCC will refuse to compile code that could
be vulnerable to a string
On 20 November 2013 17:25, Kevin Fenzi ke...@scrye.com wrote:
First... I'd suggest posting the list of packages and give maintainers
a week or two to just fix them. Then before filing anything you can run
a quick check to see which packages are still needing fixing.
Yes please, sometimes the
On 11/20/13 at 09:27pm, Dhiru Kholia wrote:
We are working on a proposal to enable -Werror=format-security
compilation flag for all packages in Fedora.
Currently, around 400 packages FTBFS if this flag is enabled.
A list of packages which FTBFS is available at,
On Wed, 2013-11-20 at 09:13 -0700, Jerry James wrote:
On Wed, Nov 20, 2013 at 8:57 AM, Dhiru Kholia dhiru.kho...@gmail.com wrote:
Currently, around 400 packages FTBFS if this flag is enabled. I am all
set to start filing the bugs (once given the green signal). In addition,
I am willing to
On 11/20/2013 10:51 AM, Dhiru Kholia wrote:
On 11/20/13 at 09:27pm, Dhiru Kholia wrote:
We are working on a proposal to enable -Werror=format-security
compilation flag for all packages in Fedora.
Currently, around 400 packages FTBFS if this flag is enabled.
A list of packages which FTBFS
On Wed, Nov 20, 2013 at 10:21:10PM +0530, Dhiru Kholia wrote:
On 11/20/13 at 09:27pm, Dhiru Kholia wrote:
We are working on a proposal to enable -Werror=format-security
compilation flag for all packages in Fedora.
Currently, around 400 packages FTBFS if this flag is enabled.
A list of
On 11/20/2013 11:13 AM, Jerry James wrote:
path_sprintf(), which is static in Game.c. All callers of that
function are visible in the same file, and all pass constant strings
into the function, which passes those constant strings to sprintf().
The function's purpose is to produce a pathname
On 11/20/13 at 11:16am, David Smith wrote:
On 11/20/13 at 09:27pm, Dhiru Kholia wrote:
A list of packages which FTBFS is available at,
http://people.fedoraproject.org/~halfie/rebuild-logs.txt
Looking at the list, I see several (~17) packages with errors of the form:
error:
On Wed, 2013-11-20 at 23:15 +0530, Dhiru Kholia wrote:
On 11/20/13 at 11:16am, David Smith wrote:
On 11/20/13 at 09:27pm, Dhiru Kholia wrote:
A list of packages which FTBFS is available at,
http://people.fedoraproject.org/~halfie/rebuild-logs.txt
Looking at the list, I see several
On 11/20/2013 11:13 AM, Jerry James wrote:
And the very first package I maintain that appears on that list, abe,
is an interesting one. The game has an internal function,
path_sprintf(), which is static in Game.c. All callers of that
function are visible in the same file, and all pass constant
On Wed, 20 Nov 2013, Dhiru Kholia wrote:
Hi,
We are working on a proposal to enable -Werror=format-security
compilation flag for all packages in Fedora.
Once this flag is enabled, GCC will refuse to compile code that could be
vulnerable to a string format security flaw. For more details,
17 matches
Mail list logo
