gnome_mplayer fails with format string build warning

[jpdoyle]

Issue description

gnome_mplayer fails to build with a warning about a pretty bad-looking format string vulnerability:
gnome-mplayer-fail.txt

Steps to reproduce

Install gnome_mplayer.

Technical details

• System: (NixOS: 16.09.1836.067e66a (Flounder))
• Nix version: 16.09.1836.067e66a (Flounder)
• Nixpkgs version: "16.09.1836.067e66a"

[joachifm]

Looks to have been fixed by 4e2f802

[Mic92]

Is this commit already in stable?

[globin]

Only in 17.03

[jpdoyle]

@joachifm That commit is concerning to me from a security standpoint. Doesn't a format-string warning warrant a patch instead of warning suppression?

[globin]

It should be eventually fixed by a proper patch, but most occurrences are completely harmless and don't necessarily mean it is a security issue. Also that is the only hardening option that does not give us further runtime guarantees for security so it is mostly harmless to turn it off if it is still more preferable to make the build succeed at all.

But definitely feel free to grep for hardeningDisable.*format and write patches, especially for upstream, I'd appreciate this a lot but I myself sadly don't have the time.

Edit: pushed to release-16.09, too.