Tuesday, August 31, 2021

Re: ports and printf("%n")

On Tue, Aug 31 2021, Jeremie Courreges-Anglas <jca@wxcvbn.org> wrote:
> On Tue, Aug 31 2021, "Theo de Raadt" <deraadt@openbsd.org> wrote:
>> Christian Weisgerber <naddy@mips.inka.de> wrote:
>>
>>> Jeremie Courreges-Anglas:
>>>
>>> > Ports may suffer from this at build time *and* runtime. Regarding
>>> > issues at build time we can ease the debugging with the diff below.
>>>
>>> I've been running with this for months, but nobody asked me for
>>> results and I didn't push the issue. Grepping /var/log/messages.*
>>> and deduplicating the results shows this:
>>>
>>> devel/bison conftest: *printf used %n: %d %n
>>> devel/gettext,-runtime conftest: *printf used %n: %d %n
>>> devel/grcs conftest: *printf used %n: %d %n
>>> devel/m4 conftest: *printf used %n: %d %n
>>> editors/poke conftest: *printf used %n: %d %n
>>> editors/zile conftest: *printf used %n: %d %n
>>> lang/gpc genmodes: *printf used %n: %s,%n
>>> lang/gpc genmodes: *printf used %n: %smode,%n
>>> math/pspp conftest: *printf used %n: %d %n
>>> net/lftp conftest: *printf used %n: %d %n
>>> security/gnupg mkdefsinc: *printf used %n: %d %n%s %d
>>> security/gpgme,-main mkdefsinc: *printf used %n: %d %n%s %d
>>> sysutils/coreutils conftest: *printf used %n: %d %n
>>> textproc/groff conftest: *printf used %n: %d %n
>>> textproc/recutils conftest: *printf used %n: %d %n
>>
>> Ouch. I was under the impression the %n problem was finished.
>
> From the list above I feel that most of them aren't an issue,
> specifically the ones showing "conftest: *printf used %n: %d %n".
> Those are autoconf tests that attempt to detect whether %n is usable,
> usually without the software actually using the result of the test.
>
> textproc/recutils is new to me, I can fix it easily.
> lang/gpc isn't new to me, I forgot about it.
> security/gnupg is fixed already
> security/gpgme,-main is the most important one that needs a fix.
>
>> Backout required until those get fixed?
>
> Unless my analysis above proves to be wrong, I don't think it needs to
> be backed out. The port listed above that need fixing will probably be
> fixed by the time you push out a new snapshot.

Done, please update to the very latest before starting your build.

Hotfix in case your build has already started:

cd /usr/ports && for d in security/gpgme textproc/recutils lang/gpc math/pspp; do (cd "$d" && cvs up -A); done

--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE

No comments:

Post a Comment