Issue in 0003-buildflags.rst (-Werror=format-security)
Sorry if I not follow how the RFC system works, but I don't know where to report it instead.
0003-buildflags.rst
actually has an issue.
Proposed flags are:
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
-Wp,-D_FORTIFY_SOURCE=2,-D_GLIBCXX_ASSERTIONS -Werror=format-security \
-fstack-clash-protection -fcf-protection"
And there is a catch. -Werror=format-security
should not be used without -Wformat
. If you read GCC manual:
-Wformat-security
If
-Wformat
is specified, also warn about uses of format functions that represent possible security problems.
GCC actually fails with an error if -Wformat
is not specified. And it actually breaks some packages.
E.g. try to build mold
/mold-git
with proposed flags, it fails:
cc1: error: ‘-Wformat-security’ ignored without ‘-Wformat’ [-Werror=format-security]
Comparing proposed flags with current stable makepkg flags, you will see the difference:
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
-Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \
-fstack-clash-protection -fcf-protection"
It actually has -Wformat -Werror=format-security
and works as intended.
So I think -Wformat
was omitted by a mistake or simply forgotten.