Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 512398 - sys-devel/gettext: bundled libcroco fails to compile with format-security
Summary: sys-devel/gettext: bundled libcroco fails to compile with format-security
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo's Team for Core System packages
Keywords: PATCH
: 585878 (view as bug list)
Depends on:
Blocks: bundled-libs format-security fortify-source
  Show dependency tree
Reported: 2014-06-04 15:15 UTC by Agostino Sarubbo
Modified: 2022-06-21 05:12 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

gettext- (gettext-,544.95 KB, text/plain)
2014-06-04 15:15 UTC, Agostino Sarubbo
gettext-0.19.4-format-security.patch (gettext-0.19.4-format-security.patch,1.75 KB, patch)
2015-08-15 20:22 UTC, René Rhéaume
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-06-04 15:15:28 UTC
This is an auto-filled bug because this package fails to compile with format-security. To reproduce use CFLAGS -Werror=format-security.

Portage 2.2.8-r1 (default/linux/amd64/13.0, gcc-4.7.3, glibc-2.17, 3.2.55-hardened-r7-xxxx-std-ipv6-64 x86_64)
System uname: Linux-3.2.55-hardened-r7-xxxx-std-ipv6-64-x86_64-Intel-R-_Xeon-R-_CPU_E3-1245_V2_@_3.40GHz-with-gentoo-2.2
KiB Mem:    32857344 total,   7652148 free
KiB Swap:   10239996 total,  10239996 free
ld ld di GNU (GNU Binutils) 2.23.2
app-shells/bash:          4.2_p45
dev-java/java-config:     2.2.0
dev-lang/python:          2.7.6, 3.3.3
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.12.4
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.11.6, 1.13.4
sys-devel/binutils:       2.23.2                                                                                                                                                    
sys-devel/gcc:            4.7.3-r1, 4.8.2-r1, 4.9.0                                                                                                                                 
sys-devel/gcc-config:     1.7.3                                                                                                                                                     
sys-devel/libtool:        2.4.2                                                                                                                                                     
sys-devel/make:           3.82-r4                                                                                                                                                   
sys-kernel/linux-headers: 3.9 (virtual/os-headers)                                                                                                                                  
sys-libs/glibc:           2.17                                                                                                                                                      
Repositories: gentoo                                                                                                                                                                
CFLAGS="-march=native -Werror=format-security -g0 -O2"                                                                                                                              
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt"                                                                                                              
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.4/ext-active/ 
/etc/php/apache2-php5.5/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/php/cli-php5.5/ext-active/ 
/etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"                                                                                
CXXFLAGS="-march=native -Werror=format-security -g0 -O2"                                                                                                                            
EMERGE_DEFAULT_OPTS="--with-bdeps y --keep-going y -1"                                                                                                                              
FCFLAGS="-O2 -pipe"                                                                                                                                                                 
FEATURES="assume-digests binpkg-logs collision-protect config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch 
preserve-libs protect-owned sandbox sfperms sign split-log strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"                                        
FFLAGS="-O2 -pipe"                                                                                                                                                                  
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu"                                                                                                                              
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 
--exclude=/distfiles --exclude=/local --exclude=/packages"
USE="X acl amd64 berkdb bzip2 cairo cli consolekit cracklib crypt cxx dbus dri fortran gdbm gudev hwdb iconv icu ipv6 jpeg minizip mmx modules multilib ncurses nls nptl ogg 
openmp pam pax_kernel pcre png policykit python qt3support qt4 readline session sse sse2 ssl tcpd unicode vorbis zlib" ABI_X86="64" ELIBC="glibc" KERNEL="linux" 
LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="am fil zh af ca cs da de el es et gl hu nb nl pl pt ro ru sk sl sv uk bg cy en eo fo ga he id ku lt 
lv mk ms nn sw tn zu ja zh_TW en_GB pt_BR ko zh_CN ar en_CA fi kk oc sr tr fa wa nds as be bn bn_BD bn_IN en_US es_AR es_CL es_ES es_MX eu fy fy_NL ga_IE gu gu_IN hi hi_IN 
is ka kn ml mr nn_NO or pa pa_IN pt_PT rm si sq sv_SE ta ta_LK te th vi ast dz km my om sh ug uz ca@valencia sr@ijekavian sr@ijekavianlatin sr@latin csb hne mai se es_LA 
fr_CA zh_HK br la no es_CR et_EE sr_CS bo hsb hy mn sr@Latn lb ne bs tg uz@cyrillic xh be_BY brx ca_XV dgo en_ZA gd kok ks ky lo mni nr ns pap ps rw sa_IN sat sd ss st 
sw_TZ ti ts ve mt ia az me tl ak hy_AM lg nso son ur_PK it fr nb nb_NO hr nan ur tk cs_CZ da_DK de_1901 de_CH en_AU lt_LT pl_PL sa sk_SK th_TH ta_IN tt sco ha mi ven ar_SY 
el_GR ro_RO ru_RU sl_SI uk_UA vi_VN ar_SY te_IN de_DE es_VE fa_IR fr_FR hu_HU id_ID it_IT ja_JP ka_GE nl_NL sr_BA sr_RS ca_ES fi_FI he_IL jv ru_gold yi eu_ES" 
NGINX_MODULES_HTTP="access auth_basic autoindex browser charset empty_gif fastcgi geo gzip limit_conn limit_req map memcached proxy referer rewrite scgi split_clients ssi 
upstream_ip_hash userid uwsgi addition auth_pam cache_purge dav dav_ext degradation echo fancyindex flv geoip gunzip gzip_static headers_more image_filter lua metrics mp4 
naxsi perl push push_stream random_index realip secure_link security slowfs_cache spdy stub_status sub upload_progress upstream_check xslt" NGINX_MODULES_MAIL="imap pop3 
smtp" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-4 php5-5" PYTHON_SINGLE_TARGET="python2_7 python3_3" PYTHON_TARGETS="python2_7 python3_3" RUBY_TARGETS="ruby19 
ruby20" USERLAND="GNU"
USE_PYTHON="2.7 3.3"
Comment 1 Agostino Sarubbo gentoo-dev 2014-06-04 15:15:29 UTC
Created attachment 378244 [details]

build log
Comment 2 René Rhéaume 2015-08-15 20:22:02 UTC
Created attachment 409096 [details, diff]
Comment 3 SpanKY gentoo-dev 2015-08-16 14:10:35 UTC
(In reply to René Rhéaume from comment #2)

should really be sent to upstream gettext mailing list
Comment 4 SpanKY gentoo-dev 2016-02-14 20:00:37 UTC
(In reply to SpanKY from comment #3)

hmm, on a 2nd look, it shouldn't.  that's an error in libcroco which gettext bundles.
Comment 5 SpanKY gentoo-dev 2016-06-27 02:26:29 UTC
*** Bug 585878 has been marked as a duplicate of this bug. ***
Comment 6 René Rhéaume 2016-07-02 11:14:17 UTC
(In reply to SpanKY from comment #4)
> (In reply to SpanKY from comment #3)
> hmm, on a 2nd look, it shouldn't.  that's an error in libcroco which gettext
> bundles.

Is there a circular dependency between libcroco and gettext or is it possible to get rid of the bundled library?

Also, is it possible to put a bug as blocking *two* other bugs with Bugzilla?
Comment 7 SpanKY gentoo-dev 2016-07-04 01:58:47 UTC
(In reply to René Rhéaume from comment #6)

it's an ugly circular loop :(.  from the ebuild:
        # glib depends on us so avoid circular deps
        # libcroco depends on glib which ... ^^^

a single bug can block as many other bugs as you like
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-06-21 05:12:22 UTC
commit 1f2bebec8775c96d1e2e76cbad71a84e789d1048
Author: Thomas Deutschmann <>
Date:   Sun Dec 3 01:23:41 2017 +0100

    sys-devel/gettext: Fix compilation with format-security

    Package-Manager: Portage-2.3.16, Repoman-2.3.6