libxcrypt: Fails to build with fortify source due to `-Werror=format-nonliteral`; [PATCH] workaround is `PKG_FORTIFY_SOURCE:=0`, in 22.03.

[dreirund]

Maintainer:

@tripolar

Environment:

• Building for Xunlog OrangePi Plus (sun8i):
  grep ^CONFIG_TARGET .config:

  CONFIG_TARGET_sunxi=y
  CONFIG_TARGET_sunxi_cortexa7=y
  CONFIG_TARGET_sunxi_cortexa7_DEVICE_xunlong_orangepi-plus=y
  CONFIG_TARGET_BOARD="sunxi"
  CONFIG_TARGET_SUBTARGET="cortexa7"
  CONFIG_TARGET_PROFILE="DEVICE_xunlong_orangepi-plus"
  CONFIG_TARGET_ARCH_PACKAGES="arm_cortex-a7_neon-vfpv4"
  [...]

• OpenWrt version:
  • Git branch openwrt-22.03 from git://git.openwrt.org/openwrt/openwrt.git,
  • initially checked out on 2022-07-05,
  • latest git pull and ./scripts/feeds update -a && ./scripts/feeds update -a on 2022-07-20, ca. 08:15 UTC
    (I give up on posting latest commit date and hash, since git log gives me some old dates, and I don't know how I can make git log printing out the last operation. I don't know much about git.)
• Building on GNU/Linux on x86_64-architecture (Distribution: Artix Linux).
• OpenWrt configuration: config.libxcrypt-compileerror.txt.
• grep -i fortify .config:

  # CONFIG_PKG_FORTIFY_SOURCE_NONE is not set
  CONFIG_PKG_FORTIFY_SOURCE_1=y
  # CONFIG_PKG_FORTIFY_SOURCE_2 is not set

Description:

After a make clean, a make -j6 fails in above configuration on package/feeds/packages/libxcrypt when fortify source is selected. An explicit run of
make -j1 V=sc package/feeds/packages/libxcrypt/compile
fails with staging_dir/toolchain-arm_cortex-a7+neon-vfpv4_gcc-11.2.0_musl_eabi/include/fortify/stdio.h:101:9: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]:

[...]
OpenWrt-libtool: compile:  ccache_cc -DHAVE_CONFIG_H -I. -I./lib -DIN_LIBCRYPT -I/[...]/openwrt-22.03/staging_dir/toolchain-arm_cortex-a7+neon-vfpv4_gcc-11.2.0_musl_eabi/usr/include -I/[...]/openwrt-22.03/staging_dir/toolchain-arm_cortex-a7+neon-vfpv4_gcc-11.2.0_musl_eabi/include/fortify -I/[...]/openwrt-22.03/staging_dir/toolchain-arm_cortex-a7+neon-vfpv4_gcc-11.2.0_musl_eabi/include -Wall -Wextra -Walloc-zero -Walloca -Wbad-function-cast -Wcast-align -Wcast-qual -Wconversion -Wformat=2 -Wformat-overflow=2 -Wformat-signedness -Wformat-truncation=1 -Wlogical-op -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Wnull-dereference -Wold-style-definition -Wpointer-arith -Wrestrict -Wshadow -Wstrict-overflow=2 -Wstrict-prototypes -Wundef -Wvla -Wwrite-strings -Wpedantic -Werror -fno-plt -O3 -pipe -g0 -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -ffile-prefix-map=/[...]/openwrt-22.03/build_dir/target-arm_cortex-a7+neon-vfpv4_musl_eabi/libxcrypt-4.4.17=libxcrypt-4.4.17 -DPIC -fpic -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -MT lib/libcrypt_la-crypt-bcrypt.lo -MD -MP -MF lib/.deps/libcrypt_la-crypt-bcrypt.Tpo -c lib/crypt-bcrypt.c -o lib/libcrypt_la-crypt-bcrypt.o
In file included from lib/crypt-bcrypt.c:50:
../../../staging_dir/toolchain-arm_cortex-a7+neon-vfpv4_gcc-11.2.0_musl_eabi/include/fortify/stdio.h: In function 'snprintf':
../../../staging_dir/toolchain-arm_cortex-a7+neon-vfpv4_gcc-11.2.0_musl_eabi/include/fortify/stdio.h:101:9: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
  101 |         return __orig_snprintf(__s, __n, __f, __builtin_va_arg_pack());
      |         ^~~~~~
../../../staging_dir/toolchain-arm_cortex-a7+neon-vfpv4_gcc-11.2.0_musl_eabi/include/fortify/stdio.h: In function 'sprintf':
../../../staging_dir/toolchain-arm_cortex-a7+neon-vfpv4_gcc-11.2.0_musl_eabi/include/fortify/stdio.h:110:17: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
  110 |                 __r = __orig_snprintf(__s, __b, __f, __builtin_va_arg_pack());
      |                 ^~~
../../../staging_dir/toolchain-arm_cortex-a7+neon-vfpv4_gcc-11.2.0_musl_eabi/include/fortify/stdio.h:114:17: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
  114 |                 __r = __orig_sprintf(__s, __f, __builtin_va_arg_pack());
      |                 ^~~
cc1: all warnings being treated as errors
make[4]: *** [Makefile:1867: lib/libcrypt_la-crypt-bcrypt.lo] Error 1
make[4]: Leaving directory '/[...]/openwrt-22.03/build_dir/target-arm_cortex-a7+neon-vfpv4_musl_eabi/libxcrypt-4.4.17'
make[3]: *** [Makefile:1211: all] Error 2
make[3]: Leaving directory '/[...]/openwrt-22.03/build_dir/target-arm_cortex-a7+neon-vfpv4_musl_eabi/libxcrypt-4.4.17'
make[2]: *** [Makefile:58: /[...]/openwrt-22.03/build_dir/target-arm_cortex-a7+neon-vfpv4_musl_eabi/libxcrypt-4.4.17/.built] Error 2
make[2]: Leaving directory '/[...]/openwrt-22.03/feeds/packages/libs/libxcrypt'
time: package/feeds/packages/libxcrypt/compile#23.51#3.16#27.49
    ERROR: package/feeds/packages/libxcrypt failed to build.
[...]

Full output of the make command: libxcrypt-compile.with-fortify-source.log

Inspired by issue #18884 I tried to add PKG_FORTIFY_SOURCE:=0 to package/feeds/packages/libxcrypt/Makefile, and having done so libxcrypt builds. Patch.

I think the cleaner solution would be to switch off that the warning triggers an error, but I don't know how to do that specifically for that package.

[dreirund]

Problem is still present in up to date 22.03 branch.

[dreirund]

This should fix the issue. Please check.