[Bug 1644048] Re: 4.3-7ubuntu1.6 FTBFS on arm64 only with format-security error

Julian Andres Klode julian.klode at gmail.com
Wed Nov 23 19:32:47 UTC 2016 

** Description changed:

- This weirdly only fails on arm64.
+ [Impact]
+ Breaks build on arm64 in trusty:
  
  ../.././builtins/../.././builtins/help.def:130:7: error: format not a
  string literal and no format arguments [-Werror=format-security]
  
- The attached debdiff will be uploaded to trusty-proposed soon.
+ [Test case]
+ Check it builds
+ 
+ [Regression potential]
+ Indefinitely low.
+ 
+ [Other info]
+ The same code works fine on all other architectures and newer releases, but it seems broken anyway: We are passing the return value of ngettext() to printf() as the format string, which is unsafe.
+ 
+ We should evaluate why that works elsewhere and probably also do the
+ same fix in other branches, but I'll leave that to someone else to
+ decide. My intention here is to just get the trusty SRU for bug 1644048
+ building on all platforms.

** Changed in: bash (Ubuntu Trusty)
       Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1644048

Title:
  4.3-7ubuntu1.6 FTBFS on arm64 only with format-security error

Status in bash package in Ubuntu:
  Confirmed
Status in bash source package in Trusty:
  In Progress

Bug description:
  [Impact]
  Breaks build on arm64 in trusty:

  ../.././builtins/../.././builtins/help.def:130:7: error: format not a
  string literal and no format arguments [-Werror=format-security]

  [Test case]
  Check it builds

  [Regression potential]
  Indefinitely low.

  [Other info]
  The same code works fine on all other architectures and newer releases, but it seems broken anyway: We are passing the return value of ngettext() to printf() as the format string, which is unsafe.

  We should evaluate why that works elsewhere and probably also do the
  same fix in other branches, but I'll leave that to someone else to
  decide. My intention here is to just get the trusty SRU for bug
  1644048 building on all platforms.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1644048/+subscriptions

More information about the foundations-bugs mailing list