There's an unchecked syslog call inside of libssp/ssp.c /usr/src/gnu/lib/libssp/../../../contrib/gcclibs/libssp/ssp.c:137:23: warning: format string is not a string literal (potentially insecure) [-Wformat-security] syslog (LOG_CRIT, msg1); ^~~~ 1 warning generated. /usr/src/gnu/lib/libssp/../../../contrib/gcclibs/libssp/ssp.c:137:23: warning: format string is not a string literal (potentially insecure) [-Wformat-security] syslog (LOG_CRIT, msg1); I propose the following change: Index: contrib/gcclibs/libssp/ssp.c =================================================================== --- contrib/gcclibs/libssp/ssp.c (revision 256712) +++ contrib/gcclibs/libssp/ssp.c (working copy) #ifdef HAVE_SYSLOG_H /* Only send the error to syslog if there was no tty available. */ else - syslog (LOG_CRIT, msg3); + syslog (LOG_CRIT, "%s", msg3); #endif /* HAVE_SYSLOG_H */
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:43 UTC