3.6% of heads up: Please correct your #includes or optflags use
Jason L Tibbitts III
tibbs at math.uh.edu
Thu Mar 20 14:57:17 UTC 2008
OK, so one of my packages shows up on this list. But I've verified
that the compiler is indeed called with the proper flags in all cases,
there are no instances of implicit declarations of anything (no lines
matching "implicit" or "declaration" in the build log), as far as I
can tell, the code does not define the problematic function (sprintf)
itself, and the hostname in the URL
http://ovecka.be/~lkundrak/blog/entries/fortify-check.html doesn't
resolve.
So what's to be done? My understanding was that we'd try to pass
these flags at all times but that there's no strict guarantee that
they will actually function on any particular piece of code and that
we shouldn't go rewriting upstream code to make them work when there
is no security exposure (as in the case of my package).
- J<
More information about the fedora-devel-list
mailing list