Sorry for including distinct issues in one report, but it was originally a mail meant for a mailing list, but didn't seem to pass through moderation
Hopefully I am contacting the right place; Jira seems to be down at the
There are two simple patches we use in Fedora for xalan-c to compile
correctly, so I suggest you include them in next release so that also
other packagers can benefit:
1.) Missing header file includes for gcc-4.3: A test build of all Fedora
packages with new gcc branch was done and xalan-c did not build. New C++
compiler headers were cleaned from unnecessary includes, so applications
who did not include ones they use explicitly failed to build and xalan-c
was among them. We use a patch  to fix it.
2.) We pass several flags to the compiler, most notably the stack
protector option and FORTIFY_SOURCE macro definition. The "-z" argument
is being processed by getopt which traditionally uses space as argument
delimeter only and disallows any use of it in arguments. The getopt
utility that comes from util-linux can pass the argument values properly
escaped, so that use of space works. Our patch changes that . Note
that it most likely won't work in non-Linux based systems – another
possible choice is using a environment variable to honor the C compiler
And two more suggestions from the person that did the review of the
package before it made it into Fedora :
> - Might ask upsteam to not ship CVS dirs in their release tar to
> avoid you having to remove them.
Perhaps use "cvs export" instead of "cvs checkout" when making a release
> - The upstream web page confusingly calls this "Xalan-C++", even tho
> the release tar, download dirs and other places call it xalan-c.
> Perhaps ask them which it really should be?
Lubomir Kundrak (Red Hat Security Response Team)