As per the archive test rebuild done recently by doko, nss FTBFS due to a compiler warning raised by gcc-10 (and this fails the build due to the use of -Werror in CFLAGS):
https://launchpad.net/ubuntu/+archive/test-rebuild-20200925-groovy/+build/20033437
nsinstall.c: In function ‘main’:
nsinstall.c:70:16: error: argument 1 is null but the corresponding size argument 2 value is 4096 [-Werror=nonnull]
70 | #define GETCWD getcwd
| ^
nsinstall.c:239:8: note: in expansion of macro ‘GETCWD’
239 | cwd = GETCWD(0, PATH_MAX);
| ^~~~~~
In file included from nsinstall.c:20:
/usr/include/unistd.h:520:14: note: in a call to function ‘getcwd’ declared with attribute ‘write_only (1, 2)’
520 | extern char *getcwd (char *__buf, size_t __size) __THROW __wur
| ^~~~~~
nsinstall.c:70:16: error: argument 1 is null but the corresponding size argument 2 value is 4096 [-Werror=nonnull]
70 | #define GETCWD getcwd
| ^
nsinstall.c:246:13: note: in expansion of macro ‘GETCWD’
246 | todir = GETCWD(0, PATH_MAX);
| ^~~~~~
In file included from nsinstall.c:20:
/usr/include/unistd.h:520:14: note: in a call to function ‘getcwd’ declared with attribute ‘write_only (1, 2)’
520 | extern char *getcwd (char *__buf, size_t __size) __THROW __wur
| ^~~~~~
cc1: all warnings being treated as errors
According to the upstream bug report at https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96832 this would appear to be because of the annotation of getcwd() with the access attribute. However, there seems to be some debate about the best way to resolve this (whether in glibc or in the callers of getcwd, ie nss) for now I propose to just disable this check via the use of gcc's #pragma directive.
See attached for a debdiff (note this uses ubuntu3 instead of ubuntu2 since I already burned that version in the security-proposed PPA whilst preparing this)