@@ -7,6 +7,7 @@ GNU M4 also has built-in functions for including files, running shell commands,
inherit autotools texinfo ptest gettext
SRC_URI = "${GNU_MIRROR}/m4/m4-${PV}.tar.gz \
+ file://0001-gettext-h-Avoid-gcc-Wformat-security-warnings-with-d.patch \
"
SRC_URI:append:class-target = " file://run-ptest \
file://serial-tests-config.patch \
new file mode 100644
@@ -0,0 +1,133 @@
+From c4dc0ab4424fca31635b7837b1c180f7d3df8ede Mon Sep 17 00:00:00 2001
+From: Bruno Haible <bruno@clisp.org>
+Date: Wed, 28 May 2025 15:14:07 +0200
+Subject: [PATCH] gettext-h: Avoid gcc -Wformat-security warnings with
+ --disable-nls.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reported by Holger Hoffstätte <holger@applied-asynchrony.com> in
+<https://lists.gnu.org/archive/html/bug-gnulib/2025-05/msg00225.html>.
+
+* lib/gettext.h (gettext, dgettext, dcgettext): With gcc in C mode,
+define these as inline functions.
+* lib/sigpipe-die.c (sigpipe_die): Use translated string as a format
+string, relying on the format string checking done by 'msgfmt -c'.
+* lib/xmemcoll.c (collate_error): Revert commit from 2025-01-17.
+* lib/xprintf.c (xvprintf, xvfprintf): Likewise.
+* lib/openat-die.c (openat_save_fail, openat_restore_fail): Revert
+commit from 2024-12-10.
+
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/gnulib.git/commit/?id=6e5015dd557b20ae4a0829c4bf78480ce2f4cb04]
+Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
+---
+ lib/gettext.h | 49 ++++++++++++++++++++++++++++++++++++------------
+ lib/openat-die.c | 4 ++--
+ lib/xprintf.c | 4 ++--
+ 3 files changed, 41 insertions(+), 16 deletions(-)
+
+diff --git a/lib/gettext.h b/lib/gettext.h
+index ea0c27e..bb3d975 100644
+--- a/lib/gettext.h
++++ b/lib/gettext.h
+@@ -59,18 +59,43 @@
+ # endif
+ # endif
+
+-/* Disabled NLS.
+- The casts to 'const char *' serve the purpose of producing warnings
+- for invalid uses of the value returned from these functions.
+- On pre-ANSI systems without 'const', the config.h file is supposed to
+- contain "#define const". */
+-# undef gettext
+-# define gettext(Msgid) ((const char *) (Msgid))
+-# undef dgettext
+-# define dgettext(Domainname, Msgid) ((void) (Domainname), gettext (Msgid))
+-# undef dcgettext
+-# define dcgettext(Domainname, Msgid, Category) \
+- ((void) (Category), dgettext (Domainname, Msgid))
++/* Disabled NLS. */
++# if defined __GNUC__ && !defined __clang__ && !defined __cplusplus
++/* Use inline functions, to avoid warnings
++ warning: format not a string literal and no format arguments
++ that don't occur with enabled NLS. */
++__attribute__ ((__always_inline__, __gnu_inline__)) extern inline
++const char *
++gettext (const char *msgid)
++{
++ return msgid;
++}
++__attribute__ ((__always_inline__, __gnu_inline__)) extern inline
++const char *
++dgettext (const char *domain, const char *msgid)
++{
++ (void) domain;
++ return msgid;
++}
++__attribute__ ((__always_inline__, __gnu_inline__)) extern inline
++const char *
++dcgettext (const char *domain, const char *msgid, int category)
++{
++ (void) domain;
++ (void) category;
++ return msgid;
++}
++# else
++/* The casts to 'const char *' serve the purpose of producing warnings
++ for invalid uses of the value returned from these functions. */
++# undef gettext
++# define gettext(Msgid) ((const char *) (Msgid))
++# undef dgettext
++# define dgettext(Domainname, Msgid) ((void) (Domainname), gettext (Msgid))
++# undef dcgettext
++# define dcgettext(Domainname, Msgid, Category) \
++ ((void) (Category), dgettext (Domainname, Msgid))
++# endif
+ # undef ngettext
+ # define ngettext(Msgid1, Msgid2, N) \
+ ((N) == 1 \
+diff --git a/lib/openat-die.c b/lib/openat-die.c
+index 3fbb5d8..79a5b23 100644
+--- a/lib/openat-die.c
++++ b/lib/openat-die.c
+@@ -34,7 +34,7 @@ _Noreturn void
+ openat_save_fail (int errnum)
+ {
+ #ifndef GNULIB_LIBPOSIX
+- error (exit_failure, errnum, "%s",
++ error (exit_failure, errnum,
+ _("unable to record current working directory"));
+ #endif
+ /* _Noreturn cannot be applied to error, since it returns
+@@ -53,7 +53,7 @@ _Noreturn void
+ openat_restore_fail (int errnum)
+ {
+ #ifndef GNULIB_LIBPOSIX
+- error (exit_failure, errnum, "%s",
++ error (exit_failure, errnum,
+ _("failed to return to initial working directory"));
+ #endif
+
+diff --git a/lib/xprintf.c b/lib/xprintf.c
+index 4d9a3e5..790af53 100644
+--- a/lib/xprintf.c
++++ b/lib/xprintf.c
+@@ -45,7 +45,7 @@ xvprintf (char const *restrict format, va_list args)
+ {
+ off64_t retval = vzprintf (format, args);
+ if (retval < 0 && ! ferror (stdout))
+- error (exit_failure, errno, "%s", _("cannot perform formatted output"));
++ error (exit_failure, errno, _("cannot perform formatted output"));
+
+ return retval;
+ }
+@@ -67,7 +67,7 @@ xvfprintf (FILE *restrict stream, char const *restrict format, va_list args)
+ {
+ off64_t retval = vfzprintf (stream, format, args);
+ if (retval < 0 && ! ferror (stream))
+- error (exit_failure, errno, "%s", _("cannot perform formatted output"));
++ error (exit_failure, errno, _("cannot perform formatted output"));
+
+ return retval;
+ }
Building with USE_NLS = "no" results in the following errors: lib/spawn-pipe.c: In function 'create_pipe': lib/spawn-pipe.c:218:7: error: format not a string literal and no format arguments [-Werror=format-security] 218 | error (EXIT_FAILURE, errno, _("cannot create pipe")); | ^~~~~ lib/spawn-pipe.c:221:7: error: format not a string literal and no format arguments [-Werror=format-security] 221 | error (EXIT_FAILURE, errno, _("cannot create pipe")); | ^~~~~ lib/clean-temp.c: In function 'create_temp_dir': lib/clean-temp.c:234:7: error: format not a string literal and no format arguments [-Werror=format-security] 234 | error (0, errno, | ^~~~~ Backport a patch from gnulib to avoid the problem. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> --- meta/recipes-devtools/m4/m4-1.4.20.inc | 1 + ...gcc-Wformat-security-warnings-with-d.patch | 133 ++++++++++++++++++ 2 files changed, 134 insertions(+) create mode 100644 meta/recipes-devtools/m4/m4/0001-gettext-h-Avoid-gcc-Wformat-security-warnings-with-d.patch