* [gentoo-dev] Enable format-security in the dev profiles
@ 2014-07-20 19:28 Agostino Sarubbo
2014-07-20 23:48 ` Jeroen Roovers
` (2 more replies)
0 siblings, 3 replies; 13+ messages in thread
From: Agostino Sarubbo @ 2014-07-20 19:28 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 251 bytes --]
Hello,
I'd like to enable by default format-security at least in the
dev profiles.
Thought?
References:
https://bugs.gentoo.org/show_bug.cgi?id=259417
https://fedoraproject.org/wiki/Format-Security-FAQ
--
Agostino Sarubbo
Gentoo Linux Developer
[-- Attachment #2: Type: text/html, Size: 2370 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-dev] Enable format-security in the dev profiles
2014-07-20 19:28 [gentoo-dev] Enable format-security in the dev profiles Agostino Sarubbo
@ 2014-07-20 23:48 ` Jeroen Roovers
2014-07-21 0:04 ` Jeroen Roovers
2014-07-21 4:02 ` Samuli Suominen
2014-07-21 9:08 ` Diego Elio Pettenò
2 siblings, 1 reply; 13+ messages in thread
From: Jeroen Roovers @ 2014-07-20 23:48 UTC (permalink / raw
To: gentoo-dev
On Sun, 20 Jul 2014 21:28:31 +0200
Agostino Sarubbo <ago@gentoo.org> wrote:
> Hello,
>
> I'd like to enable by default format-security at least in the
> dev profiles.
>
> Thought?
>
> References:
> https://bugs.gentoo.org/show_bug.cgi?id=259417
Read comment #0. It's been enabled by default for ages. AFAICT a version
with format-security (and other assorted warnings) enabled by
default first went stable just about four years ago (bug #302468).
jer
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-dev] Enable format-security in the dev profiles
2014-07-20 23:48 ` Jeroen Roovers
@ 2014-07-21 0:04 ` Jeroen Roovers
0 siblings, 0 replies; 13+ messages in thread
From: Jeroen Roovers @ 2014-07-21 0:04 UTC (permalink / raw
To: gentoo-dev
On Mon, 21 Jul 2014 01:48:49 +0200
Jeroen Roovers <jer@gentoo.org> wrote:
> On Sun, 20 Jul 2014 21:28:31 +0200
> Agostino Sarubbo <ago@gentoo.org> wrote:
>
> > Hello,
> >
> > I'd like to enable by default format-security at least in the
> > dev profiles.
> >
> > Thought?
> >
> > References:
> > https://bugs.gentoo.org/show_bug.cgi?id=259417
Oh, you meant -Werror=format-security. Bug #259417 is about
-Wformat-security.
jer
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-dev] Enable format-security in the dev profiles
2014-07-20 19:28 [gentoo-dev] Enable format-security in the dev profiles Agostino Sarubbo
2014-07-20 23:48 ` Jeroen Roovers
@ 2014-07-21 4:02 ` Samuli Suominen
2014-07-21 6:52 ` "Paweł Hajdan, Jr."
2014-07-21 9:08 ` Diego Elio Pettenò
2 siblings, 1 reply; 13+ messages in thread
From: Samuli Suominen @ 2014-07-21 4:02 UTC (permalink / raw
To: gentoo-dev
On 20/07/14 22:28, Agostino Sarubbo wrote:
>
> Hello,
>
>
>
> I'd like to enable by default format-security at least in the dev
> profiles.
>
>
>
> Thought?
>
>
>
> References:
>
> https://bugs.gentoo.org/show_bug.cgi?id=259417
>
> https://fedoraproject.org/wiki/Format-Security-FAQ
>
>
>
> --
>
> Agostino Sarubbo
>
> Gentoo Linux Developer
>
Why not generate a Portage QA warning out from the warning
-Wformat-security produces instead?
That way compile wouldn't abort needlessly.
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-dev] Enable format-security in the dev profiles
2014-07-21 4:02 ` Samuli Suominen
@ 2014-07-21 6:52 ` "Paweł Hajdan, Jr."
2014-07-21 15:20 ` Agostino Sarubbo
0 siblings, 1 reply; 13+ messages in thread
From: "Paweł Hajdan, Jr." @ 2014-07-21 6:52 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 248 bytes --]
On 7/21/14, 6:02 AM, Samuli Suominen wrote:
> Why not generate a Portage QA warning out from the warning
> -Wformat-security produces instead?
> That way compile wouldn't abort needlessly.
+1, and then it can be done globally.
Paweł
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 841 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-dev] Enable format-security in the dev profiles
2014-07-20 19:28 [gentoo-dev] Enable format-security in the dev profiles Agostino Sarubbo
2014-07-20 23:48 ` Jeroen Roovers
2014-07-21 4:02 ` Samuli Suominen
@ 2014-07-21 9:08 ` Diego Elio Pettenò
2014-07-21 15:07 ` Agostino Sarubbo
2 siblings, 1 reply; 13+ messages in thread
From: Diego Elio Pettenò @ 2014-07-21 9:08 UTC (permalink / raw
To: gentoo-dev@lists.gentoo.org
[-- Attachment #1: Type: text/plain, Size: 605 bytes --]
Any -Werror=* flag will make random autoconf checks fail for no good
reason, don't use them on profiles, it's silly.
Diego Elio Pettenò — Flameeyes
flameeyes@flameeyes.eu — http://blog.flameeyes.eu/
On 20 July 2014 20:28, Agostino Sarubbo <ago@gentoo.org> wrote:
> Hello,
>
>
>
> I'd like to enable by default format-security at least in the dev profiles.
>
>
>
> Thought?
>
>
>
> References:
>
> https://bugs.gentoo.org/show_bug.cgi?id=259417
>
> https://fedoraproject.org/wiki/Format-Security-FAQ
>
>
>
> --
>
> Agostino Sarubbo
>
> Gentoo Linux Developer
>
[-- Attachment #2: Type: text/html, Size: 2528 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-dev] Enable format-security in the dev profiles
2014-07-21 9:08 ` Diego Elio Pettenò
@ 2014-07-21 15:07 ` Agostino Sarubbo
2014-07-21 15:11 ` Ian Stakenvicius
2014-07-21 15:22 ` Jeroen Roovers
0 siblings, 2 replies; 13+ messages in thread
From: Agostino Sarubbo @ 2014-07-21 15:07 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 402 bytes --]
On Monday 21 July 2014 10:08:44 Diego Elio Pettenò wrote:
> Any -Werror=* flag will make random autoconf checks fail
for no good
> reason, don't use them on profiles, it's silly.
>
> Diego Elio Pettenò — Flameeyes
> flameeyes@flameeyes.eu — http://blog.flameeyes.eu/
I don't see where I asked about -Werror instead of only -
Wformat.
--
Agostino Sarubbo
Gentoo Linux Developer
[-- Attachment #2: Type: text/html, Size: 2367 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-dev] Enable format-security in the dev profiles
2014-07-21 15:07 ` Agostino Sarubbo
@ 2014-07-21 15:11 ` Ian Stakenvicius
2014-07-21 15:55 ` Samuli Suominen
2014-07-21 15:22 ` Jeroen Roovers
1 sibling, 1 reply; 13+ messages in thread
From: Ian Stakenvicius @ 2014-07-21 15:11 UTC (permalink / raw
To: gentoo-dev
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 21/07/14 11:07 AM, Agostino Sarubbo wrote:
> On Monday 21 July 2014 10:08:44 Diego Elio Pettenò wrote:
>
>> Any -Werror=* flag will make random autoconf checks fail for no
>> good
>
>> reason, don't use them on profiles, it's silly.
>
>>
>
>> Diego Elio Pettenò — Flameeyes
>
>> flameeyes@flameeyes.eu — http://blog.flameeyes.eu/
>
>
>
> I don't see where I asked about -Werror instead of only -Wformat.
>
You didn't, explicitly; jer mentioned -Werror because -Wformat has
been enabled for years already (his words), so the assumption was that
you meant -Werror and Diego is responding to that.
(Diego's post was against the OP, so out-of-order, is all)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iF4EAREIAAYFAlPNLZ4ACgkQ2ugaI38ACPC40wEAhd7g3fuOewsbszeQhXb7F9t3
XHdhEB79CMhZ7eIIT3MA/iAJfDPxAVVkOQE3GoOQ8sUQMvFG+jY+3lmB6vzzjMQs
=Q+Re
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-dev] Enable format-security in the dev profiles
2014-07-21 6:52 ` "Paweł Hajdan, Jr."
@ 2014-07-21 15:20 ` Agostino Sarubbo
0 siblings, 0 replies; 13+ messages in thread
From: Agostino Sarubbo @ 2014-07-21 15:20 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 396 bytes --]
On Monday 21 July 2014 08:52:51 Paweł Hajdan, Jr. wrote:
> On 7/21/14, 6:02 AM, Samuli Suominen wrote:
> > Why not generate a Portage QA warning out from the warning
> > -Wformat-security produces instead?
> > That way compile wouldn't abort needlessly.
>
> +1, and then it can be done globally.
>
> Paweł
This is fine for me too.
--
Agostino Sarubbo
Gentoo Linux Developer
[-- Attachment #2: Type: text/html, Size: 2806 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-dev] Enable format-security in the dev profiles
2014-07-21 15:07 ` Agostino Sarubbo
2014-07-21 15:11 ` Ian Stakenvicius
@ 2014-07-21 15:22 ` Jeroen Roovers
2014-07-21 16:29 ` Pacho Ramos
1 sibling, 1 reply; 13+ messages in thread
From: Jeroen Roovers @ 2014-07-21 15:22 UTC (permalink / raw
To: gentoo-dev
On Mon, 21 Jul 2014 17:07:24 +0200
Agostino Sarubbo <ago@gentoo.org> wrote:
> I don't see where I asked about -Werror instead of only -
> Wformat.
It's been enabled in stable GCC for four years and in unstable and the
hardened profiles for much longer so asking about setting it in any
profiles makes no sense.
In trying to make sense of what you were asking, I thought it might be
helpful to make mention of the -Werror=format-security that /you/ use
in your new bug reports that block bug #259417 now.
jer
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-dev] Enable format-security in the dev profiles
2014-07-21 15:11 ` Ian Stakenvicius
@ 2014-07-21 15:55 ` Samuli Suominen
2014-07-21 16:15 ` Jeroen Roovers
0 siblings, 1 reply; 13+ messages in thread
From: Samuli Suominen @ 2014-07-21 15:55 UTC (permalink / raw
To: gentoo-dev
On 21/07/14 18:11, Ian Stakenvicius wrote:
> On 21/07/14 11:07 AM, Agostino Sarubbo wrote:
> > On Monday 21 July 2014 10:08:44 Diego Elio Pettenò wrote:
>
> >> Any -Werror=* flag will make random autoconf checks fail for no
> >> good
>
> >> reason, don't use them on profiles, it's silly.
>
> >>
>
> >> Diego Elio Pettenò — Flameeyes
>
> >> flameeyes@flameeyes.eu — http://blog.flameeyes.eu/
>
>
>
> > I don't see where I asked about -Werror instead of only -Wformat.
>
>
> You didn't, explicitly; jer mentioned -Werror because -Wformat has
> been enabled for years already (his words), so the assumption was that
> you meant -Werror and Diego is responding to that.
>
> (Diego's post was against the OP, so out-of-order, is all)
>
>
>
But only -Wformat=2 has -Wformat-security. Do we enable -Wformat with 1
or 2?
I'm asking, I really don't know (and can't check immediately)
- Samuli
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-dev] Enable format-security in the dev profiles
2014-07-21 15:55 ` Samuli Suominen
@ 2014-07-21 16:15 ` Jeroen Roovers
0 siblings, 0 replies; 13+ messages in thread
From: Jeroen Roovers @ 2014-07-21 16:15 UTC (permalink / raw
To: gentoo-dev
On Mon, 21 Jul 2014 18:55:25 +0300
Samuli Suominen <ssuominen@gentoo.org> wrote:
> But only -Wformat=2 has -Wformat-security. Do we enable -Wformat with
> 1 or 2?
The gcc info pages say:
`-Wformat'
[...]
In Gentoo, this option is enabled by default for [...]
`-Wformat-security'
[...]
In Gentoo, this option is enabled by default for [...]
The relevant patches are found in cvs/gentoo/src/patchsets/gcc/*/gentoo/
and are generally named
10_all_default-fortify-source.patch
11_all_default-warn-format-security.patch
jer
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [gentoo-dev] Enable format-security in the dev profiles
2014-07-21 15:22 ` Jeroen Roovers
@ 2014-07-21 16:29 ` Pacho Ramos
0 siblings, 0 replies; 13+ messages in thread
From: Pacho Ramos @ 2014-07-21 16:29 UTC (permalink / raw
To: gentoo-dev
El lun, 21-07-2014 a las 17:22 +0200, Jeroen Roovers escribió:
> On Mon, 21 Jul 2014 17:07:24 +0200
> Agostino Sarubbo <ago@gentoo.org> wrote:
>
> > I don't see where I asked about -Werror instead of only -
> > Wformat.
>
> It's been enabled in stable GCC for four years and in unstable and the
> hardened profiles for much longer so asking about setting it in any
> profiles makes no sense.
>
> In trying to make sense of what you were asking, I thought it might be
> helpful to make mention of the -Werror=format-security that /you/ use
> in your new bug reports that block bug #259417 now.
>
>
> jer
>
Is -Werror=format-security so prone to give false warnings currently? I
think Fedora and Ubuntu enabled it by default recently:
https://fedorahosted.org/fesco/ticket/1185
https://wiki.ubuntu.com/ToolChain/CompilerFlags#A-Wformat_-Wformat-security
https://bugzilla.redhat.com/show_bug.cgi?id=1043495
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2014-07-21 16:29 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-07-20 19:28 [gentoo-dev] Enable format-security in the dev profiles Agostino Sarubbo
2014-07-20 23:48 ` Jeroen Roovers
2014-07-21 0:04 ` Jeroen Roovers
2014-07-21 4:02 ` Samuli Suominen
2014-07-21 6:52 ` "Paweł Hajdan, Jr."
2014-07-21 15:20 ` Agostino Sarubbo
2014-07-21 9:08 ` Diego Elio Pettenò
2014-07-21 15:07 ` Agostino Sarubbo
2014-07-21 15:11 ` Ian Stakenvicius
2014-07-21 15:55 ` Samuli Suominen
2014-07-21 16:15 ` Jeroen Roovers
2014-07-21 15:22 ` Jeroen Roovers
2014-07-21 16:29 ` Pacho Ramos
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox