[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Releasing groff 1.22.5?
Re: Releasing groff 1.22.5?
Wed, 21 Oct 2020 19:59:29 +0200
Ingo Schwarze wrote on Thu, Oct 15, 2020 at 05:32:32PM +0200:
> Meanwhile, i heard rumours that the upcoming change in libc that will
> cause %n in writeable memory to abort the program will cause some
> gnulib ./configure tests to (wrongly) fail, again resulting in
> compilation of vasnprintf.c
So far, the rumour turned out to be true.
On OpenBSD-current, after building a kernel and libc that rejects
%n in writeable memory and after rebuilding GNU m4 and GNU bison
on top of that, when i run "../configure" in groff/build, i now see
this in config.status:
configure:9431: checking whether printf supports the 'n' directive
configure:9512: result: no
#define REPLACE_FPRINTF_POSIX 1
The groff build consequently proceeds to build vasnprintf.c.
(I certainly don't like it when application software goes out of
its way trying to defeat security features of the operating system.
By the way, Dave Kemper reported the same effect from his Gentoo
Linux system: groff is trying to circumvent system security features
there, too. But that's a long-standing effect rather than a
regression, so it probably shouldn't hold up the release.)
> with %n
But this part is not true. At least on OpenBSD (and probably on
Gentoo, not sure about other platforms, this is certainly all rather
fragile) config.status says:
configure:10741: checking whether snprintf returns a byte count as in C99
configure:10843: result: yes
configure:10849: checking whether snprintf truncates the result as in C99
configure:10942: result: yes
#define HAVE_SNPRINTF_RETVAL_C99 1
#define HAVE_SNPRINTF_TRUNCATION_C99 1
That results in %n not being used by the new version of lib/vasnprintf.c.
> and ultimately killing groff at run-time.
That part of the rumour isn't true either.
A package of groff-current built as described above works for me
on OpenBSD-current, not counting two or three minor regressions
that i'll inestigate sepaarately because they are clearly unrelated
So i think further deliberation of the vasnprintf.c issue can be
postponed until after release.
Re: Releasing groff 1.22.5?, Dave Kemper, 2020/10/10
Re: Releasing groff 1.22.5?, Dave Kemper, 2020/10/13
- Re: Releasing groff 1.22.5?, (continued)
- Re: Releasing groff 1.22.5?, Bertrand Garrigues, 2020/10/10
- Re: Releasing groff 1.22.5?, G. Branden Robinson, 2020/10/10
- Re: Releasing groff 1.22.5?, Bertrand Garrigues, 2020/10/11
- Re: Releasing groff 1.22.5?, Ingo Schwarze, 2020/10/12
- Re: Releasing groff 1.22.5?, Werner LEMBERG, 2020/10/12
- Re: Releasing groff 1.22.5?, Bertrand Garrigues, 2020/10/14
- Re: Releasing groff 1.22.5?, Ingo Schwarze, 2020/10/15
- Re: Releasing groff 1.22.5?, Bertrand Garrigues, 2020/10/20
- Re: Releasing groff 1.22.5?,
Ingo Schwarze <=