Source: groff Version: 1.23.0-9 Severity: important Justification: undeclared vendor copy Tags: ftbfs fixed-upstream User: [email protected] Usertags: rebootstrap
groff fails to cross build from source for musl-linux-any. I think this is a real native failure as well. The problem arises in src/lib/libgroff/getopt.c. https://sources.debian.org/src/groff/1.23.0-10/src/libs/libgroff/getopt.c#L125 | #ifndef __GNU_LIBRARY__ | | /* Avoid depending on library functions or files | whose names are inconsistent. */ | | #ifndef getenv | extern char *getenv (); | #endif | | #endif /* not __GNU_LIBRARY__ */ This section of code is being triggered, because musl does not define __GNU_LIBRARY__. musl also does not #define getenv. Therefore, the forward declaration is parsed. Unfortunately, it lacks function arguments and that ends up tripping the newer language standard that gcc-15 and later defaults to as musl provides its own and different declaration. A simple workaround is passing -std=gnu17 here. The file in question is a vendored copy from gnulib. If you look into groff's upstream git, it no longer vendors this file. Instead an external gnulib is expected. The vendor copy is not tracked via https://salsa.debian.org/security-tracker-team/security-tracker/-/blob/master/data/embedded-code-copies and I think that the lack of such tracking is an important bug as we need this tracking for proper security support. The risk of groff being exploited via gnulib otherwise is relatively low. Therefore, I suggest waiting for the next upstream release at which point the file is no longer vendored and the compilation problem becomes gnulib's problem (and it's actually fixed there). This bug mainly documents the problem and lets me track when it is being fixed. Helmut
