GnuTLS, a crypto library, has a few format security issues, which should be fixed in this time of smashing the design and implementations of SSL and TLS. I provide a self-made patch to correct this. Please review. Reproducible: Always Steps to Reproduce: 1. echo 'CFLAGS=${CFLAGS} -Werror=format-security' >> /etc/portage/make.conf 2. emerge -1 gnutls 3. Actual Results: emerge failed (compile phase) Expected Results: GnuTLS installed on system
Created attachment 408108 [details, diff] gnutls-3.3.15-format-security.patch
Created attachment 408110 [details, diff] gnutls-3.3.15.ebuild.patch You might add this bug as a dependency of bug #259417
Can you please work in order to push it into upstream? It is not gentoo specific nor I think it is correct to have "%s", _("xxx %d"), n I am also unsure that this is valid warning in the case of gettext as it is expected to have template within gettext to inject values, so probably these should be ignored.
Upstream is the proper place to push these efforts.
Created attachment 411278 [details, diff] gnutls-3.3.17.1-format-security.patch Patch for version 3.3.17.1. Should be cleaner as upstream did some fixes. The existing ebuild patch can also be used.
Submitted upstream as https://gitlab.com/gnutls/gnutls/issues/35