https://blogs.gentoo.org/ago/2020/07/04/gentoo-tinderbox/ Issue: x11-misc/xscreensaver-6.05-r2 has implicit function declarations in configure logs (HARDENED-SYSTEM). Discovered on: amd64 (internal ref: hardened_tinderbox) NOTE: (HARDENED-SYSTEM) in the summary means that the bug was found on a machine that runs an hardened profile with -D_FORTIFY_SOURCE=3 and -D_GLIBCXX_ASSERTIONS (https://www.gentoo.org/support/news-items/2023-01-01-hardening-fortify-assertions.html) but this bug MAY or MAY NOT BE related to the changes related to hardened.
Created attachment 855152 [details] build.log build log and emerge --info
This is mostly a note to me, as I will ask about this in IRC later. This test in configure.ac is causing this implicit function declaration ############################################################################### # # Check for OpenBSD-style shadow passwords. # It's getpwnam_shadow instead of getpwnam, and it only works as root. # ############################################################################### if test "$with_shadow" = yes ; then AC_CACHE_CHECK([for OpenBSD-style shadow passwords], ac_cv_pwnam_shadow, [AC_TRY_X_COMPILE([#include <stdlib.h> #include <unistd.h> #include <sys/types.h> #include <pwd.h>], [struct spwd *p = getspnam_shadow("nobody"); const char *pw = p->pw_passwd;], [ac_cv_pwnam_shadow=yes], [ac_cv_pwnam_shadow=no])]) if test "$ac_cv_pwnam_shadow" = yes; then have_pwnam_shadow=yes # If we also have PAM, assume that we don't need to be setuid. if test $have_pam != yes; then setuid_auth=yes fi fi fi This is composing a code snippet with the function getspnam_shadow in it. Then it checks if this compiles, if so, system has it, if not system does not. The relevance for Gentoo is questionable but anyway. config.log says exactly this: conftest.c:74:18: error: implicit declaration of function 'getpwnam_shadow' [-Werror=implicit-function-declaration] 74 | struct spwd *p = getpwnam_shadow("nobody"); | ^~~~~~~~~~~~~~~ Shouldn't this be ok then?
Looks like we can set QA_CONFIG_IMPL_DECL_SKIP=( getpwnam_shadow ) in the ebuild if it's an OpenBSD-only thing (or similar).
(In reply to Sam James from comment #3) > Looks like we can set QA_CONFIG_IMPL_DECL_SKIP=( getpwnam_shadow ) in the > ebuild if it's an OpenBSD-only thing (or similar). Weird thing is, this is checking for 'getspnam_shadow("nobody")', yet it seems there is no such thing. For Linux there is getspnam (get Shadow Password Name) analog to getpwnam() for non shadow. And for Open BSD the equivalent seems to be getpwnam_shadow() (https://man.openbsd.org/getpwnam_shadow) and getpwnam() but no getspnam_shadow(). I am not familiar with OpenBSD at all, but this seems to be a bug. In the comment it is even talking about getpwnam_shadow, yet it is checking for getspnam_shadow.
This was fixed in 6.06 already