'Twas brillig, and Ander Conselvan de Oliveira at 23/12/08 18:10 did gyre and gimble: > Em Tuesday 23 December 2008 15:43:26 Eric Anholt escreveu: >> On Tue, 2008-12-23 at 13:25 -0200, Ander Conselvan de Oliveira wrote: >>> The attached patch fix the sis driver to compile with >>> -Werror=format-security. >> Some of those strings are predefined and visible in the patch you posted >> (not a security issue). I certainly wouldn't apply this patch. > > To be honest, I was not concerned with the security issues this might have > but > with the fact that is does not compile. Mandriva's build system sets this > flag by default and this might be the case for other distros.
Well we are doing it based on inspiration from other distros: http://wiki.mandriva.com/en/Development/Packaging/Problems#format_not_a_string_literal_and_no_format_arguments http://wiki.debian.org/Hardening https://wiki.ubuntu.com/CompilerFlags So I think it would be beneficial to get this fix into the official repos. I posted a similar fix for xserver a few days back which ajax applied. While the "fix" is arguably unnecessary, they are also trivial so I wouldn't have thought they would be overly controversial, considering the potential issues that could be caught. Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mandriva Linux Contributor [http://www.mandriva.com/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/] _______________________________________________ xorg mailing list xorg@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/xorg