888751 – [guru] net-mail/dovecot-fts-xapian-1.5.5 overwrites CFLAGS/CXXFLAGS or adds uncommon ones

Bug 888751 - [guru] net-mail/dovecot-fts-xapian-1.5.5 overwrites CFLAGS/CXXFLAGS or adds uncommon ones

Summary: [guru] net-mail/dovecot-fts-xapian-1.5.5 overwrites CFLAGS/CXXFLAGS or adds u...

Status:	RESOLVED TEST-REQUEST

Alias:	None

Product:	GURU
Classification:	Unclassified
Component:	Package issues (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Philippe Chaintreuil

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	qa-guru
	Show dependency tree

Reported:	2022-12-28 15:10 UTC by Agostino Sarubbo
Modified:	2023-01-24 13:46 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
build.log (build.log,58.95 KB, text/plain) 2022-12-28 15:10 UTC, Agostino Sarubbo	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2022-12-28 15:10:11 UTC

https://blogs.gentoo.org/ago/2020/07/04/gentoo-tinderbox/

Issue: net-mail/dovecot-fts-xapian-1.5.5 overwrites CFLAGS/CXXFLAGS or adds uncommon ones.
Discovered on: amd64 (internal ref: guru_ci)

NOTE:
This QA check is tinderbox-only, there is the list of the flags that should be dropped out, if you think it is a false positive please let me know..

Comment 1 Agostino Sarubbo gentoo-dev

2022-12-28 15:10:14 UTC

Created attachment 845463 [details]
build.log

build log and emerge --info

Comment 2 Philippe Chaintreuil 2022-12-28 17:25:55 UTC

I'm confused.  It appears that the added flags (eg: -fstack-protector-strong) are added by upstream's  scripts as part of the --enable-hardening configure flag, which is enabled by default.[1][2]  

However, this code looks identical to scripts in net-mail/dovecot[3][4], however I don't see a bug for that package (nor any addressing of the issue in the ebuild).

In fact, I don't really see any bugs with "overwrites CFLAGS/CXXFLAGS or adds uncommon ones" in Gentoo's Bugzilla that have fixes besides one that claims upstream fixed it.

(A) I'm not sure how to fix it, (B) I'm not sure that I should fix it, (C) I'm not sure how I suppress it.

I could add a "hardended" use flag, but it's not clear if that's an acceptable fix or not.  Or if it'll just make a new bug that flags are added when that use flag is on.

It seems weird to disable hardening if upstream thinks it should be on by default.  (And may even depend upon it in some of their assumptions.)



[1] https://github.com/grosjo/fts-xapian/blob/master/m4/dovecot.m4#L172
[2] https://github.com/grosjo/fts-xapian/blob/master/m4/dovecot.m4#L274
[3] https://github.com/dovecot/core/blob/main/m4/dovecot.m4#L233
[4] https://github.com/dovecot/core/blob/main/m4/dovecot.m4#L292

Comment 3 Agostino Sarubbo gentoo-dev

2022-12-28 22:56:05 UTC

Hi, that's a it simply than you explained. The goal is that I want to compile with -fno-stack-protector it should work.

Comment 4 Larry the Git Cow gentoo-dev

2023-01-24 09:10:53 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=f743509f25ab724e24cd8c83ad49109a52fc98ac

commit f743509f25ab724e24cd8c83ad49109a52fc98ac
Author:     Philippe Chaintreuil <gentoo_bugs_peep@parallaxshift.com>
AuthorDate: 2023-01-23 23:47:34 +0000
Commit:     Philippe Chaintreuil <gentoo_bugs_peep@parallaxshift.com>
CommitDate: 2023-01-23 23:49:32 +0000

    net-mail/dovecot-fts-xapian: Disable hardening by default
    
    Bug: https://bugs.gentoo.org/888751
    Signed-off-by: Philippe Chaintreuil <gentoo_bugs_peep@parallaxshift.com>

 net-mail/dovecot-fts-xapian/dovecot-fts-xapian-1.5.5.ebuild | 3 +++
 net-mail/dovecot-fts-xapian/dovecot-fts-xapian-9999.ebuild  | 3 +++
 2 files changed, 6 insertions(+)