Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 556444 - net-libs/gnutls-3.3.15 fails to compile with -Werror=format-security
Summary: net-libs/gnutls-3.3.15 fails to compile with -Werror=format-security
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Library (show other bugs)
Hardware: AMD64 Linux
: Normal normal (vote)
Assignee: Crypto team [DISABLED]
Keywords: PATCH
Depends on:
Blocks: fortify-source
  Show dependency tree
Reported: 2015-08-01 13:21 UTC by René Rhéaume
Modified: 2015-09-07 16:05 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

gnutls-3.3.15-format-security.patch (gnutls-3.3.15-format-security.patch,1.45 KB, patch)
2015-08-01 13:22 UTC, René Rhéaume
Details | Diff
gnutls-3.3.15.ebuild.patch (gnutls-3.3.15.ebuild.patch,329 bytes, patch)
2015-08-01 13:25 UTC, René Rhéaume
Details | Diff
gnutls- (gnutls-,646 bytes, patch)
2015-09-07 15:59 UTC, René Rhéaume
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description René Rhéaume 2015-08-01 13:21:00 UTC
GnuTLS, a crypto library, has a few format security issues, which should be fixed in this time of smashing the design and implementations of SSL and TLS.

I provide a self-made patch to correct this. Please review.

Reproducible: Always

Steps to Reproduce:
1. echo 'CFLAGS=${CFLAGS} -Werror=format-security' >> /etc/portage/make.conf
2. emerge -1 gnutls
Actual Results:  
emerge failed (compile phase)

Expected Results:  
GnuTLS installed on system
Comment 1 René Rhéaume 2015-08-01 13:22:11 UTC
Created attachment 408108 [details, diff]
Comment 2 René Rhéaume 2015-08-01 13:25:23 UTC
Created attachment 408110 [details, diff]

You might add this bug as a dependency of bug #259417
Comment 3 Alon Bar-Lev (RETIRED) gentoo-dev 2015-08-03 13:46:20 UTC
Can you please work in order to push it into upstream? It is not gentoo specific nor I think it is correct to have "%s", _("xxx %d"), n

I am also unsure that this is valid warning in the case of gettext as it is expected to have template within gettext to inject values, so probably these should be ignored.
Comment 4 Alon Bar-Lev (RETIRED) gentoo-dev 2015-08-19 08:51:44 UTC
Upstream is the proper place to push these efforts.
Comment 5 René Rhéaume 2015-09-07 15:59:05 UTC
Created attachment 411278 [details, diff]

Patch for version Should be cleaner as upstream did some fixes. The existing ebuild patch can also be used.
Comment 6 René Rhéaume 2015-09-07 16:05:41 UTC
Submitted upstream as