, which is subscribed to asterisk in Ubuntu.
https://bugs.launchpad.net/bugs/305901
Title:
Intrepid gcc -O2 breaks string appending with sprintf(), due to
fortify source patch
To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/305901/+subscriptions
--
Ubuntu
mp; ./foo
not fail
$ gcc -O2 -o foo foo.c && ./foo
not fail
$ gcc -O2 -D_FORTIFY_SOURCE=2 -o foo foo.c && ./foo
fail
The original report was filed in Ubuntu, where -D_FORTIFY_SOURCE=2 is enabled by
default: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/305901
C99 states:
The s
This bug was fixed in the package glibc - 2.8~20080505-0ubuntu8
---
glibc (2.8~20080505-0ubuntu8) intrepid-proposed; urgency=low
* Add debian/patches/ubuntu/no-sprintf-pre-truncate.diff: do not
pre-clear target buffers on sprintf to retain backward compatibility
(LP: #305901
** Tags added: verification-done
** Tags removed: verification-needed
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/305901
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscr
I can confirm that the intrepid-proposed libc6 fixes both my test
program and the Intrepid barnowl package.
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/305901
You received this bug notification because you are a member o
My intrepid machines with this glibc show the expected behavior and show
no signs of regression.
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/305901
You received this bug notification because you are a member of Ubuntu
Se
Anyone who has this glibc version installed and can tell us whether the
original problems/crashes are now fixed, as well as if the system
generally still works as before?
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/30590
Actually :
* On the time I've seen this problem, it was still there after three reboots.
But it has now disappeared...
* If I try to revert to an earlier version of glibc, synaptic wants as well to
remove 56 packets including some important ones... So I prefer not to try.
So for the moment, this
Mathieu: does reverting to an earlier glibc solve the problem for you?
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/305901
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscr
Not sure whether this is related (please tell me if it's not), but that
is the only significant update I've done since yesterday (with xine...)
:
With glibc 2.8~20080505-0ubuntu8 :
* The system takes a lng time to scan the different WiFi networks available
* A "sudo iwlist wlan0 scan" returns
Accepted glibc into intrepid-proposed, please test and give feedback
here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for
documentation how to enable and use -proposed. Thank you in advance!
** Changed in: glibc (Ubuntu Intrepid)
Status: In Progress => Fix Committed
** Tags
For intrepid-proposed:
glibc (2.8~20080505-0ubuntu8) intrepid-proposed; urgency=low
* Add debian/patches/ubuntu/no-sprintf-pre-truncate.diff: do not
pre-clear target buffers on sprintf to retain backward compatibility
(LP: #305901).
** Changed in: glibc (Ubuntu Intrepid)
Status
This bug was fixed in the package glibc - 2.9-0ubuntu6
---
glibc (2.9-0ubuntu6) jaunty; urgency=low
[ Matthias Klose ]
* Merge with Debian, glibc-2.9 branch, r3200.
[ Kees Cook ]
* Add debian/patches/ubuntu/no-sprintf-pre-truncate.diff: do not
pre-clear target buffers on
Marking the source packages as Invalid, since they will be handled
upstream. The glibc patch restores the original behavior, so it will
get SRU'd into Intrepid and fixed in Jaunty.
** Changed in: 4g8 (Ubuntu Intrepid)
Status: New => Invalid
** Changed in: abiword (Ubuntu Intrepid)
(er, 252 total -- I added "linux" back in at the last moment) I'm also
testing a patch to glibc to avoid the change in behavior when using
_FORTIFY_SOURCE.
** Attachment added: "no-sprintf-pre-truncate.diff"
http://launchpadlibrarian.net/20703741/no-sprintf-pre-truncate.diff
--
Intrepid gcc
http://people.ubuntu.com/~kees/sprintf-glibc/
29 main
15 multiverse
208 universe
251 total
I removed a few copies of the kernel, which all show the same report, as
well as gnokii, which had a note in the Changelog about how they'd fixed
it already.
--
Intrepid gcc -O2 breaks s
Kees Cook schrieb:
> On Tue, Dec 23, 2008 at 06:14:32AM -, Anders Kaseorg wrote:
>> Matthias, shall I go ahead and use massfile to create 231 bugs for this
>> issue?
>
> It probably makes more sense to approach Debian with the mass-filing. I'd
> be happy to help drive this.
seems to be the r
On Tue, Dec 23, 2008 at 06:14:32AM -, Anders Kaseorg wrote:
> • There are no instances of snprintf in your results.
I haven't yet re-run the search with snprintf.
> • Does your search include DBS style tarball-inside-a-tarball
packages?
It does not yet, but I've put together a script that wi
Oops, and I would use the right bug URL, of course.
** Attachment added: "instructions file for proposed massfile, v2"
http://launchpadlibrarian.net/20680112/instructions
** Attachment removed: "instructions file for proposed massfile"
http://launchpadlibrarian.net/20680039/instructions
-
Kees, some quick questions about your search:
• There are no instances of snprintf in your results. I could believe that
there aren’t any, because this use of snprintf has been broken for longer than
this use of sprintf, but I just wanted to confirm this.
• Does your search include DBS style tar
** Attachment added: "multiverse.log"
http://launchpadlibrarian.net/20288264/multiverse.log
** Attachment removed: "report of search in main"
http://launchpadlibrarian.net/20285489/main.log
** Attachment removed: "report of search in universe"
http://launchpadlibrarian.net/20285495/un
** Attachment added: "universe.log"
http://launchpadlibrarian.net/20288259/universe.log
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/305901
You received this bug notification because you are a member of Ubuntu
Server
yeah, my search was glitched. New logs attached only count difference
was universe, which went to 187.
** Attachment added: "main.log"
http://launchpadlibrarian.net/20288238/main.log
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchp
For snprintf, use
pcregrep -M 'snprintf\s*\(\s*([^,]*)\s*,[^,]*,\s*"%s[^"]*"\s*,\s*\1\s*,'
"$@"
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/305901
You received this bug notification because you are a member of Ubuntu
Se
>> pcregrep -M 'sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*,'
>
> the regexp doesn't search for snprintf, and doesn't look for functions
> spanning more than one line.
It does with pcregrep -M. For example,
$ pcregrep -M 'sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*,' \
linux-2.6
> You can search a source file for instances of it with this regex:
> pcregrep -M 'sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*,'
the regexp doesn't search for snprintf, and doesn't look for functions
spanning more than one line.
> I’ll stop filing bugs for now and see what happens with th
** Attachment added: "report of search in multiverse"
http://launchpadlibrarian.net/20285502/multiverse.log
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/305901
You received this bug notification because you are a memb
** Attachment added: "report of search in universe"
http://launchpadlibrarian.net/20285495/universe.log
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/305901
You received this bug notification because you are a member o
Searching all of Ubuntu source in Jaunty:
29 main
0 restricted
182 universe
15 multiverse
** Attachment added: "report of search in main"
http://launchpadlibrarian.net/20285489/main.log
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.lau
** Changed in: glibc
Status: Unknown => Invalid
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/305901
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nagios-p
** Bug watch added: Sourceware.org Bugzilla #7075
http://sourceware.org/bugzilla/show_bug.cgi?id=7075
** Also affects: glibc via
http://sourceware.org/bugzilla/show_bug.cgi?id=7075
Importance: Unknown
Status: Unknown
** Changed in: glibc (Ubuntu)
Importance: Undecided => High
Given the large number of affected packages, perhaps it is better to fix
the compiler option. I'm curious to see what upstream thinks of this.
** Also affects: glibc (Ubuntu)
Importance: Undecided
Status: New
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify s
I’m about 8% of the way through my list, and it looks like there might
indeed be a _lot_ of affected Ubuntu packages. I’ll stop filing bugs
for now and see what happens with these ones.
** Also affects: billard-gl (Ubuntu)
Importance: Undecided
Status: New
** Also affects: binutils (Ub
** Also affects: ctn (Ubuntu)
Importance: Undecided
Status: New
** Also affects: hypermail (Ubuntu)
Importance: Undecided
Status: New
** Also affects: asterisk (Ubuntu)
Importance: Undecided
Status: New
** Also affects: atomicparsley (Ubuntu)
Importance: Undecide
** Also affects: 4g8 (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
Binary package hint: gcc-4.3
In Hardy and previous releases, one could use statements such as
sprintf(buf, "%s %s%d", buf, foo, bar);
to append formatted text to a buffer buf. Intrepid’
** Also affects: owl (Ubuntu)
Importance: Undecided
Status: New
** Also affects: barnowl (Ubuntu)
Importance: Undecided
Status: New
** Also affects: nagios-plugins (Ubuntu)
Importance: Undecided
Status: New
** Also affects: xmcd (Ubuntu)
Importance: Undecided
36 matches
Mail list logo
