Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 556444

Summary: net-libs/gnutls-3.3.15 fails to compile with -Werror=format-security
Product: Gentoo Linux Reporter: René Rhéaume <rene.rheaume>
Component: [OLD] LibraryAssignee: Crypto team [DISABLED] <crypto+disabled>
Status: RESOLVED UPSTREAM    
Severity: normal CC: alonbl
Priority: Normal Keywords: PATCH
Version: unspecified   
Hardware: AMD64   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 259417    
Attachments: gnutls-3.3.15-format-security.patch
gnutls-3.3.15.ebuild.patch
gnutls-3.3.17.1-format-security.patch

Description René Rhéaume 2015-08-01 13:21:00 UTC
GnuTLS, a crypto library, has a few format security issues, which should be fixed in this time of smashing the design and implementations of SSL and TLS.

I provide a self-made patch to correct this. Please review.

Reproducible: Always

Steps to Reproduce:
1. echo 'CFLAGS=${CFLAGS} -Werror=format-security' >> /etc/portage/make.conf
2. emerge -1 gnutls
3.
Actual Results:  
emerge failed (compile phase)

Expected Results:  
GnuTLS installed on system
Comment 1 René Rhéaume 2015-08-01 13:22:11 UTC
Created attachment 408108 [details, diff]
gnutls-3.3.15-format-security.patch
Comment 2 René Rhéaume 2015-08-01 13:25:23 UTC
Created attachment 408110 [details, diff]
gnutls-3.3.15.ebuild.patch

You might add this bug as a dependency of bug #259417
Comment 3 Alon Bar-Lev (RETIRED) gentoo-dev 2015-08-03 13:46:20 UTC
Can you please work in order to push it into upstream? It is not gentoo specific nor I think it is correct to have "%s", _("xxx %d"), n

I am also unsure that this is valid warning in the case of gettext as it is expected to have template within gettext to inject values, so probably these should be ignored.
Comment 4 Alon Bar-Lev (RETIRED) gentoo-dev 2015-08-19 08:51:44 UTC
Upstream is the proper place to push these efforts.
Comment 5 René Rhéaume 2015-09-07 15:59:05 UTC
Created attachment 411278 [details, diff]
gnutls-3.3.17.1-format-security.patch

Patch for version 3.3.17.1. Should be cleaner as upstream did some fixes. The existing ebuild patch can also be used.
Comment 6 René Rhéaume 2015-09-07 16:05:41 UTC
Submitted upstream as https://gitlab.com/gnutls/gnutls/issues/35