On Fri, 2008-03-21 at 00:58 +0900, Mamoru Tasaka wrote: > Jason L Tibbitts III wrote, at 03/20/2008 11:57 PM +9:00: > > OK, so one of my packages shows up on this list. But I've verified > > that the compiler is indeed called with the proper flags in all cases, > > there are no instances of implicit declarations of anything (no lines > > matching "implicit" or "declaration" in the build log), as far as I > > can tell, the code does not define the problematic function (sprintf) > > itself, and the hostname in the URL > > http://ovecka.be/~lkundrak/blog/entries/fortify-check.html doesn't > > resolve. > > Also I have no idea about my package qdbm and hyperestraier. Mamoru, thanks for telling me, I'll look at it. Currently I have trouble to find out how did the sprintf symbol get into tibbs' nazghul binary when none of object symbols it is linked from refers to it. So don't worry about your packages, it might be the same case. To others: If you can't find out why is your package on the list, don't worry -- just send me the name. In case the number of the packages will be bigger, then I must have done something wrong when generating the list -- and in that case it won't be smart to send each package name to the list. Feel free to mail me privately or via IRC. Thanks, -- Lubomir Kundrak (Red Hat Security Response Team) -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
