[Bug 2066024] [NEW] eso-midas: please remove due to FTBFS

Launchpad Bug Tracker 2066024 at bugs.launchpad.net
Fri May 17 09:23:26 UTC 2024 

You have been subscribed to a public bug by Graham Inggs (ginggs):

Please remove eso-midas.

eso-midas FTBFS on all architectures due to a crash when running its
testuite (which it does during package building), this is the issue
described in https://bugs.launchpad.net/ubuntu/+source/eso-
midas/+bug/2058971 . It was first noticed with time_t changes but is not
related to time_t.

This is probably due to _FORTIFY_SOURCE=3 and the issue doesn't happen
on Debian it seems (no ftbfs there). It is not a spurious error though.

The crux is the following backtrace excerpt:

    #7 0x00007ffff7ed39e5 in snprintf (__fmt=0x7ffff7f0dbc7 "%10d",
__n=88, __s=0x7ffff7f7168a <work+10> "") at /usr/include/x86_64-linux-
gnu/bits/stdio2.h:54

Relevant code is:

    for (nr=0; nr<(n2-n1)*10; nr+=10)
        (void) snprintf(&work[nr],(size_t)88,"%10d",KIWORDS[koffs++]);

The project's code is quite obscure, mostly undocumented, previous-
millenium grade and even without considering all of this, is quite
certainly wrong because the buffer offset (&work[nr]) moves forward due
to the loop but the "88" is not decreased accordingly.

I don't understand the code or its usage enough to be confident I can
produce an appropriate fix, especially since the code is structured that
way in order to format values in a specific way (which is unknown to
me).

For the past 10 years or so, upstream has only been doing maintenance:
there was actually an update in February 2023. However there are tons of
warnings about buffer overflows, especially s(n)printf-related, and the
current issue flew under the radar: that's quite telling of how many
problems there probably are.

It is (very) low-popcon: https://qa.debian.org/popcon.php?package=eso-
midas

There are no reverse-depend besides astro-frameworks (Debian Astro Team)
which Recommends it.

For completeness, I should mention there are reverse-test-triggers
however: fitsverify, missfits, stiff.

Contacting upstream involves using a mailing-list which you can do
through an HTML form on https://www.eso.org/sci/software/esomidas/midas-
mailform.html . The list is pre-moderated, there are no public archives
and I wasn't able to use the HTML and/or craft appropriate messages to
get archives (or anything at all) in my inbox; I didn't get error
messages either. At that point, I gave up (we don't have proof either
that there wouldn't be subsequent failures).

For all of the above, I think it is appropriate to remove eso-midas. I
am however unsure about preventing future syncs because a) maybe the
next update will fix the issue, b) it's a slow-changing package so there
won't be a lot of noise.

** Affects: eso-midas (Ubuntu)
     Importance: Undecided
         Status: New

-- 
eso-midas: please remove due to FTBFS
https://bugs.launchpad.net/bugs/2066024
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is subscribed to the bug report.

More information about the ubuntu-archive mailing list