[Debian-med-packaging] Trying to disable error=format-security for clapack
Gianfranco Costamagna
costamagnagianfranco at yahoo.it
Sun May 22 06:48:36 UTC 2016
Hi,
>after the build issues in clapack[1] were solved and I was even able to
>create shared libraries I wonder how I can properly set a sensible
>SONAME. I tried to do this via SET_TARGET_PROPERTIES but failed.
this is what I did on ettercap
https://sources.debian.net/src/ettercap/1:0.8.2-2/src/CMakeLists.txt/#L213
it works, as long as you create the library with add_library I guess
>Another question is how I could link against the Debian packaged f2c
>rather than building the one that comes with clapack upstream.
I would say: remove the add_subdirectory (line 21)
and then:
1) create a "FindF2C.cmake" file and use it as helper
(that would be the best and upstreamable choice
you can find some examples in "ettercap/cmake/Modules/Find*"
2) just include_directories for helping it to find the .h file (if not in standard directory)
and target_link_libraries of the .so file.
G.
[1] https://anonscm.debian.org/git/debian-science/packages/clapack.git
On Mon, May 16, 2016 at 12:21:06PM +0200, Gert Wollny wrote:
> Am Montag, den 16.05.2016, 10:16 +0000 schrieb Gianfranco Costamagna:
> > Hi Gert!
> >
> > >
> > > I think, since in this case the (empty) format string passed to the
> > > printf call is not user generated there is no security problem to
> > > be exploited.
> >
> > yes, sure, but disabling this flag has a nasty side-effect, it is
> > disabled in the *whole* build, possibly
> > hiding more serious issues somewhere else.
>
> Of course, that's why I gave the #pragma based disabling that can be
> fitted tightly to the offending code.
>
> Best,
> Gert
>
>
>
--
http://fam-tille.de
More information about the Debian-med-packaging
mailing list