Bug#1116075: marked as done (libphonenumber FTBFS with gcc-15 and -Wbidi-char)

[Debian Bug Tracking System]

Your message dated Tue, 17 Feb 2026 14:49:28 +0000
with message-id <e1vsmog-00000002lxt-0...@fasolo.debian.org>
and subject line Bug#1116075: fixed in libphonenumber 8.13.51+ds-5
has caused the Debian Bug report #1116075,
regarding libphonenumber FTBFS with gcc-15 and -Wbidi-char
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1116075: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116075
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Subject: libphonenumber FTBFS with gcc-15 and -Wbidi-char
Package: libphonenumber8
Source: libphonenumber
X-Debbugs-Cc: john.chit...@canonical.com
Version: 8.13.51+ds-4.2
Severity: normal

attempting to compile libphonenumber with Ubuntu defaults with gcc-15
results in a FTBFS. This is due to -Werror=bidi-char being set by default.
-Wbidi-char raises

/usr/bin/c++ -DI18N_PHONENUMBERS_USE_ALTERNATE_FORMATS
-DI18N_PHONENUMBERS_USE_ICU_REGEXP
-DI18N_PHONENUMBERS_USE_TR1_UNORDERED_MAP -I/<<PKGBUILDDIR>>/cpp/src
-I/<<PKGBUILDDIR>>/cpp/test -g -O2 -fno-omit-frame-pointer
-mno-omit-leaf-frame-pointer -ffile-prefix-map=/<<PKGBUILDDIR>>=.
-flto=auto -ffat-lto-objects -fstack-protector-strong
-fstack-clash-protection -Wformat -Werror=format-security -fcf-protection
-fdebug-prefix-map=/<<PKGBUILDDIR>>=/usr/src/libphonenumber-8.13.51+ds-4.2build1
-Wdate-time -D_FORTIFY_SOURCE=3 -Wall -Werror -MD -MT
CMakeFiles/libphonenumber_test.dir/test/phonenumbers/phonenumberutil_test.cc.o
-MF
CMakeFiles/libphonenumber_test.dir/test/phonenumbers/phonenumberutil_test.cc.o.d
-o
CMakeFiles/libphonenumber_test.dir/test/phonenumbers/phonenumberutil_test.cc.o
-c /<<PKGBUILDDIR>>/cpp/test/phonenumbers/phonenumberutil_test.cc
/<<PKGBUILDDIR>>/cpp/test/phonenumbers/phonenumberutil_test.cc:1627:43:
error: found problematic Unicode character ‘U+200F (RIGHT-TO-LEFT MARK)’
[-Werror=bidi-chars=]
 1627 | /* "(650) 253-0000<U+200F>" */, &extracted_number);
      | ^~~~~~~~
cc1plus: all warnings being treated as errors

Where <U+200F> in the code is the properly formatted Unicode character.

The test correctly encodes it, and only the comment contains the unicode
literal. However, -Wbidi-char checks comments as well, as that is a source
for a Trojan Source attack. pragma comments also cannot disable bidi-char
when set via cli or envvar.

Attached is the proposed patch going into Ubuntu, which escapes the
comment. This is also reported upstream with Google, where I suggest
escaping as well.

Upstream: https://partnerissuetracker.corp.google.com/issues/446931058
Ubuntu Bug:
https://bugs.launchpad.net/ubuntu/+source/libphonenumber/+bug/2124964


-- 
-----------------------
Dr. John Chittum
Engineering Manager, Canonical, Debcrafters

Description: Escape unicode bidi-char in comment
  gcc-15 default in Ubuntu runs with -Werror=bidi-char=.
  Bidi-char warnings are not supressable with pragma.
  Instead, escape the comment into <> instead of [] so it
  is not interpreted as unicode.
Author: John Chittum <john.chit...@canonical.com>
Bug: https://partnerissuetracker.corp.google.com/issues/446931058
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libphonenumber/+bug/2124964
Last-Update: 2025-09-23
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/cpp/test/phonenumbers/phonenumberutil_test.cc
+++ b/cpp/test/phonenumbers/phonenumberutil_test.cc
@@ -1623,8 +1623,11 @@
   ExtractPossibleNumber("(650) 253-0000.", &extracted_number);
   EXPECT_EQ("650) 253-0000", extracted_number);
   // This case has a trailing RTL char.
+  // gcc-15+ introduces a new warning for invisible bidi Unicode characters
+  // compiling with gcc-15, -Wbidi-chars -Werror, this test will fail
+  // But it's meant to test a bidi char as it's a generally unsafe thing
   ExtractPossibleNumber("(650) 253-0000\xE2\x80\x8F"
-                        /* "(650) 253-0000‏" */, &extracted_number);
+                        /* "(650) 253-0000<U+200F>" */, &extracted_number);
   EXPECT_EQ("650) 253-0000", extracted_number);
 }
 

--- End Message ---

--- Begin Message ---

Source: libphonenumber
Source-Version: 8.13.51+ds-5
Done: Matthias Geiger <werdah...@debian.org>

We believe that the bug you reported is fixed in the latest version of
libphonenumber, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1116...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Geiger <werdah...@debian.org> (supplier of updated libphonenumber 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 17 Feb 2026 15:15:46 +0100
Source: libphonenumber
Architecture: source
Version: 8.13.51+ds-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Matthias Geiger <werdah...@debian.org>
Closes: 1108579 1116075 1126173
Changes:
 libphonenumber (8.13.51+ds-5) unstable; urgency=medium
 .
   [ John Chittum ]
   * d/p/lp2124964-bidi-char-warn-err.patch: Escape unicode bidi-char in
     comment (Closes: #1116075).
 .
   [ Vladimir Petko ]
   * d/p/enable-annotation-processor.patch: Enable annotation processor
     to resolve Java 25 ftbfs (Closes: #1108579).
   * d/rules: do not set C++ standard, this googletest build workaround
     is no longer needed.
   * d/rules: Add -Wno-deprecated-declarations to work
     around deprecated MutexLock constructor taking raw pointers, see
     https://issuetracker.google.com/issues/478659006 (Closes: #1126173).
 .
   [ Matthias Geiger ]
   * Team upload
   * d/control: Bump S-V to 4.7.3; drop priority: optional and RRR
   * Refresh patches
Checksums-Sha1:
 50fefcee31cdc63c8cebe8373407c511a97fac85 2412 libphonenumber_8.13.51+ds-5.dsc
 228910f950ee7d5a3653846c49f9a3ecd804b901 13572 
libphonenumber_8.13.51+ds-5.debian.tar.xz
 016287f530aa1dce85d4497c7d30af2a7fceaecf 20224 
libphonenumber_8.13.51+ds-5_amd64.buildinfo
Checksums-Sha256:
 ec4ddd693c1046ca31cec3e2c793d0a6ea76fa550b9d94e2d62fc18746185545 2412 
libphonenumber_8.13.51+ds-5.dsc
 2c84d5bf5df2750895b9af32ada3df6faa8cb1a1b3e9a00dc9d0bb04d86e9a31 13572 
libphonenumber_8.13.51+ds-5.debian.tar.xz
 41223ba86e7e702779e54ccc45a9aa4bd766e34a8e31531d8f1f25253ad977d4 20224 
libphonenumber_8.13.51+ds-5_amd64.buildinfo
Files:
 4c30abbfb663f5582e09c71654964173 2412 libs optional 
libphonenumber_8.13.51+ds-5.dsc
 16770a6ac39080c6402954b23c74a37a 13572 libs optional 
libphonenumber_8.13.51+ds-5.debian.tar.xz
 c15e49f3385081c411d2c7f01eebcb66 20224 libs optional 
libphonenumber_8.13.51+ds-5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQUWTv/Sl6/b+DpcW7svtu2B7myvgUCaZR6VgAKCRDsvtu2B7my
vvHbAP0W2ZNZXagIIXiKQ64d8WE/2ImM0DYaRg7pnMYWsibbuAEA7J2jpyLNkaQs
yVC1QZBw0S9IkPphHNG5IK0f8sJjPAg=
=7O93
-----END PGP SIGNATURE-----

pgpz5MizsdG_P.pgp
Description: PGP signature

--- End Message ---