** Description changed: [Impact] Breaks build on arm64 in trusty: ../.././builtins/../.././builtins/help.def:130:7: error: format not a string literal and no format arguments [-Werror=format-security] [Test case] Check it builds [Regression potential] - Indefinitely low. + Indefinitely low. All we do is add + "%s" + between printf( and ngettext(... [Other info] The same code works fine on all other architectures and newer releases, but it seems broken anyway: We are passing the return value of ngettext() to printf() as the format string, which is unsafe. We should evaluate why that works elsewhere and probably also do the same fix in other branches, but I'll leave that to someone else to decide. My intention here is to just get the trusty SRU for bug 1644048 building on all platforms.
** Description changed: [Impact] Breaks build on arm64 in trusty: ../.././builtins/../.././builtins/help.def:130:7: error: format not a string literal and no format arguments [-Werror=format-security] [Test case] Check it builds [Regression potential] - Indefinitely low. All we do is add - "%s" + Indefinitely low. All we do is add + "%s", between printf( and ngettext(... [Other info] The same code works fine on all other architectures and newer releases, but it seems broken anyway: We are passing the return value of ngettext() to printf() as the format string, which is unsafe. We should evaluate why that works elsewhere and probably also do the same fix in other branches, but I'll leave that to someone else to decide. My intention here is to just get the trusty SRU for bug 1644048 building on all platforms. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1644048 Title: 4.3-7ubuntu1.6 FTBFS on arm64 only with format-security error Status in bash package in Ubuntu: Confirmed Status in bash source package in Trusty: In Progress Bug description: [Impact] Breaks build on arm64 in trusty: ../.././builtins/../.././builtins/help.def:130:7: error: format not a string literal and no format arguments [-Werror=format-security] [Test case] Check it builds [Regression potential] Indefinitely low. All we do is add "%s", between printf( and ngettext(... [Other info] The same code works fine on all other architectures and newer releases, but it seems broken anyway: We are passing the return value of ngettext() to printf() as the format string, which is unsafe. We should evaluate why that works elsewhere and probably also do the same fix in other branches, but I'll leave that to someone else to decide. My intention here is to just get the trusty SRU for bug 1644048 building on all platforms. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1644048/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
