- (djm) [configure.ac] Add -Wformat-security to CFLAGS for gcc 3.x and 4.x

2 files changed, 6 insertions, 5 deletions

diff --git a/ChangeLog b/ChangeLog
index acb39902..ca66ddad 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,7 @@
    account check failure path. The vulnerable format buffer is supplied
    from PAM and should not contain attacker-supplied data.
  - (djm) [auth.c] Missing unistd.h for close()
+ - (djm) [configure.ac] Add -Wformat-security to CFLAGS for gcc 3.x and 4.x
 
 20080705
  - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed
@@ -4602,4 +4603,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.5068 2008/07/09 10:54:37 djm Exp $
+$Id: ChangeLog,v 1.5069 2008/07/09 11:07:19 djm Exp $
diff --git a/configure.ac b/configure.ac
index 33e138ab..fcf7e416 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.408 2008/07/04 23:52:03 djm Exp $
+# $Id: configure.ac,v 1.409 2008/07/09 11:07:19 djm Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.408 $)
+AC_REVISION($Revision: 1.409 $)
 AC_CONFIG_SRCDIR([ssh.c])
 
 AC_CONFIG_HEADER(config.h)
@@ -107,8 +107,8 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
 		     no_attrib_nonnull=1
 		     ;;
 		2.*) no_attrib_nonnull=1 ;;
-		3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
-		4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
+		3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
+		4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
 		*) ;;
 	esac