[Bug 2119335] [NEW] symfony 6.4.21+dfsg-2 FTBFS on questing-proposed

Renan Rodrigo 2119335 at bugs.launchpad.net
Fri Aug 1 18:52:24 UTC 2025 

Public bug reported:

Trying to build the current version of symfony in the archive
(6.4.21+dfsg-2) using questing-proposed causes it to FTBFS.

One of the steps in building symfony includes checking licenses of the images. This is done through evaluating debian/copyright and it's done by the debian/licensing/bin/check_image_licenes script.
This script uses base64 + sha256 to calculate checksums to be validated.

The problem at hand is caused because the `grep` call which searches for
png/gif/svg images in the code is returning some false positives - like
test files which use invalid base64 strings to describe images. For
example,
src/Symfony/Component/AssetMapper/Tests/Compiler/CssAssetUrlCompilerTest.php
contains the line:

'input' => "background-image: url(\'data:image/png;base64,iVBORw0KG\')",

so it gets parsed by the license check script, which tries to decode
'iVBORw0KG\' as base64, when it should not.

If in one hand this is a bug in the script that needs fixing in symphony
(in Debian, preferrably, as there is no Ubuntu delta), this was working
before because the checksums, although wrong, were calculated with the
output of `base64 -d`. This bug was only caught because base64 from the
new coreutils is returning different outputs for invalid base64 strings
when compared to the gnu one. As follows:

$ dpkg -S /usr/bin/base64 
coreutils: /usr/bin/base64
$ echo 'definitelynotbase64\' | base64 -d
u��+^�)赶�{�base64: neplatný vstup

versus

$ dpkg -S /usr/bin/base64
coreutils-from-uutils: /usr/bin/base64
$ echo 'definitelynotbase64\' | base64 -d
base64: error: invalid input

Despite the localization difference, which should be fine, note there is
no output in the second case. IMHO this is a regression on coreutils-
from, and thus I'm adding it to this bug. Please let me know if this can
be tracked here or if you want a separate bug filed against coreutils-
from.

** Affects: coreutils-from (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: rust-coreutils (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: symfony (Ubuntu)
     Importance: Undecided
         Status: New

** Also affects: coreutils-from (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: rust-coreutils (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to coreutils-from in Ubuntu.
https://bugs.launchpad.net/bugs/2119335

Title:
  symfony 6.4.21+dfsg-2 FTBFS on questing-proposed

Status in coreutils-from package in Ubuntu:
  New
Status in rust-coreutils package in Ubuntu:
  New
Status in symfony package in Ubuntu:
  New

Bug description:
  Trying to build the current version of symfony in the archive
  (6.4.21+dfsg-2) using questing-proposed causes it to FTBFS.

  One of the steps in building symfony includes checking licenses of the images. This is done through evaluating debian/copyright and it's done by the debian/licensing/bin/check_image_licenes script.
  This script uses base64 + sha256 to calculate checksums to be validated.

  The problem at hand is caused because the `grep` call which searches
  for png/gif/svg images in the code is returning some false positives -
  like test files which use invalid base64 strings to describe images.
  For example,
  src/Symfony/Component/AssetMapper/Tests/Compiler/CssAssetUrlCompilerTest.php
  contains the line:

  'input' => "background-image:
  url(\'data:image/png;base64,iVBORw0KG\')",

  so it gets parsed by the license check script, which tries to decode
  'iVBORw0KG\' as base64, when it should not.

  If in one hand this is a bug in the script that needs fixing in
  symphony (in Debian, preferrably, as there is no Ubuntu delta), this
  was working before because the checksums, although wrong, were
  calculated with the output of `base64 -d`. This bug was only caught
  because base64 from the new coreutils is returning different outputs
  for invalid base64 strings when compared to the gnu one. As follows:

  $ dpkg -S /usr/bin/base64 
  coreutils: /usr/bin/base64
  $ echo 'definitelynotbase64\' | base64 -d
  u��+^�)赶�{�base64: neplatný vstup

  versus

  $ dpkg -S /usr/bin/base64
  coreutils-from-uutils: /usr/bin/base64
  $ echo 'definitelynotbase64\' | base64 -d
  base64: error: invalid input

  Despite the localization difference, which should be fine, note there
  is no output in the second case. IMHO this is a regression on
  coreutils-from, and thus I'm adding it to this bug. Please let me know
  if this can be tracked here or if you want a separate bug filed
  against coreutils-from.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/coreutils-from/+bug/2119335/+subscriptions

More information about the foundations-bugs mailing list