Hi Gert! >I think, since in this case the (empty) format string passed to the printf >call is not user generated there is no security problem to be exploited.
yes, sure, but disabling this flag has a nasty side-effect, it is disabled in the *whole* build, possibly hiding more serious issues somewhere else. I would prefer disabling that test, rather than disabling a security feature in the whole package. BTW fedora packaged "F2CLIBS" separately from clapack, I'm not sure if worth a try or not, but it should be at least considered. cheers, G.
