Tuesday, August 31, 2021

Re: ports and printf("%n")

On Tue, Aug 31 2021, "Theo de Raadt" <deraadt@openbsd.org> wrote:
> Christian Weisgerber <naddy@mips.inka.de> wrote:
>
>> Jeremie Courreges-Anglas:
>>
>> > Ports may suffer from this at build time *and* runtime. Regarding
>> > issues at build time we can ease the debugging with the diff below.
>>
>> I've been running with this for months, but nobody asked me for
>> results and I didn't push the issue. Grepping /var/log/messages.*
>> and deduplicating the results shows this:
>>
>> devel/bison conftest: *printf used %n: %d %n
>> devel/gettext,-runtime conftest: *printf used %n: %d %n
>> devel/grcs conftest: *printf used %n: %d %n
>> devel/m4 conftest: *printf used %n: %d %n
>> editors/poke conftest: *printf used %n: %d %n
>> editors/zile conftest: *printf used %n: %d %n
>> lang/gpc genmodes: *printf used %n: %s,%n
>> lang/gpc genmodes: *printf used %n: %smode,%n
>> math/pspp conftest: *printf used %n: %d %n
>> net/lftp conftest: *printf used %n: %d %n
>> security/gnupg mkdefsinc: *printf used %n: %d %n%s %d
>> security/gpgme,-main mkdefsinc: *printf used %n: %d %n%s %d
>> sysutils/coreutils conftest: *printf used %n: %d %n
>> textproc/groff conftest: *printf used %n: %d %n
>> textproc/recutils conftest: *printf used %n: %d %n
>
> Ouch. I was under the impression the %n problem was finished.

From the list above I feel that most of them aren't an issue,
specifically the ones showing "conftest: *printf used %n: %d %n".
Those are autoconf tests that attempt to detect whether %n is usable,
usually without the software actually using the result of the test.

textproc/recutils is new to me, I can fix it easily.
lang/gpc isn't new to me, I forgot about it.
security/gnupg is fixed already
security/gpgme,-main is the most important one that needs a fix.

> Backout required until those get fixed?

Unless my analysis above proves to be wrong, I don't think it needs to
be backed out. The port listed above that need fixing will probably be
fixed by the time you push out a new snapshot.

--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE

No comments:

Post a Comment