I first found a new bug that needed fixing (changed sudo behaviour in buildds), and then made a borked upload. So, here is the entire new diff, _hopefully_ the last in the series. :-)
/* Steinar */
diff -u doxygen-1.4.6/debian/changelog doxygen-1.4.6/debian/changelog --- doxygen-1.4.6/debian/changelog +++ doxygen-1.4.6/debian/changelog @@ -1,3 +1,28 @@ +doxygen (1.4.6-2.3) unstable; urgency=high + + * Non-maintainer upload. (Yes, the third in a row. I hope to get it right + this time.) + * Do the buffer overflow fixes in a file in debian/patches/ instead of + directly in the Debian diff. + + -- Steinar H. Gunderson <[EMAIL PROTECTED]> Sun, 4 Jun 2006 01:33:12 +0200 + +doxygen (1.4.6-2.2) unstable; urgency=low + + * Non-maintainer upload. + * Use $(shell pwd) instead of $(PWD) in debian/rules, which fixes FTBFS on + builds that use (newer versions of) sudo. + + -- Steinar H. Gunderson <[EMAIL PROTECTED]> Sun, 4 Jun 2006 01:19:23 +0200 + +doxygen (1.4.6-2.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix buffer overflows in QCString::sprintf() and SCString::sprintf(). + (Closes: #357722) + + -- Steinar H. Gunderson <[EMAIL PROTECTED]> Sat, 3 Jun 2006 13:28:13 +0200 + doxygen (1.4.6-2) unstable; urgency=low * Fix build error with g++-4.1 (closes: #358208). diff -u doxygen-1.4.6/debian/rules doxygen-1.4.6/debian/rules --- doxygen-1.4.6/debian/rules +++ doxygen-1.4.6/debian/rules @@ -49,8 +49,8 @@ install-indep: install-arch install-indep: install-indep-stamp install-indep-stamp: DH_OPTIONS=-i -install-indep-stamp: INSDIR=$(PWD)/debian/doxygen/usr -install-indep-stamp: DOCDIR=$(PWD)/debian/doxygen-doc/usr/share/doc/doxygen +install-indep-stamp: INSDIR=$(shell pwd)/debian/doxygen/usr +install-indep-stamp: DOCDIR=$(shell pwd)/debian/doxygen-doc/usr/share/doc/doxygen install-indep-stamp: dh_testdir dh_testroot @@ -63,8 +63,8 @@ install-arch: build install-arch: install-arch-stamp install-arch-stamp: DH_OPTIONS=-a -install-arch-stamp: INSDIR=$(PWD)/debian/doxygen/usr -install-arch-stamp: DOCDIR=$(PWD)/debian/doxygen/usr/share/doc/doxygen +install-arch-stamp: INSDIR=$(shell pwd)/debian/doxygen/usr +install-arch-stamp: DOCDIR=$(shell pwd)/debian/doxygen/usr/share/doc/doxygen install-arch-stamp: dh_testdir dh_testroot @@ -134,6 +134,7 @@ system-libpng \ install-docs \ manpages \ + fix-qcstring \ patch: patch-stamp patch-stamp: $(foreach p,$(debian_patches),patch-stamp-$(p)) only in patch2: unchanged: --- doxygen-1.4.6.orig/debian/patches/fix-qcstring.dpatch +++ doxygen-1.4.6/debian/patches/fix-qcstring.dpatch @@ -0,0 +1,160 @@ +#! /bin/sh -e + +# All lines beginning with `# DPATCH:' are a description of the patch. +# DP: fix QCString and SCstring + +dir= +if [ $# -eq 3 -a "$2" = '-d' ]; then + pdir="-d $3" + dir="$3/" +elif [ $# -ne 1 ]; then + echo >&2 "usage: `basename $0`: -patch|-unpatch [-d <srcdir>]" + exit 1 +fi +case "$1" in + -patch) + patch $pdir -f --no-backup-if-mismatch -p1 < $0 + ;; + -unpatch) + patch $pdir -f --no-backup-if-mismatch -R -p1 < $0 + ;; + *) + echo >&2 "usage: `basename $0`: -patch|-unpatch [-d <srcdir>]" + exit 1 +esac +exit 0 + +This patch fixes QCString (and its alternative implementation, SCString) +to be able to allocate their buffers dynamically as needed instead of the +programmer having to second-guess how buffer the needs to be. This fixes +at least one real bug, and probably several hidden ones, although it +introduces a dependency on vsnprintf (this should not be a problem for +Debian, though). + +--- doxygen-1.4.6.orig/qtools/qcstring.cpp ++++ doxygen-1.4.6/qtools/qcstring.cpp +@@ -577,43 +577,42 @@ + + + /*! +- Implemented as a call to the native vsprintf() (see your C-library ++ Implemented as a call to the native vsnprintf() (see your C-library + manual). + +- If your string is shorter than 256 characters, this sprintf() calls +- resize(256) to decrease the chance of memory corruption. The string is +- resized back to its natural length before sprintf() returns. +- +- Example: +- \code +- QCString s; +- s.sprintf( "%d - %s", 1, "first" ); // result < 256 chars +- +- QCString big( 25000 ); // very long string +- big.sprintf( "%d - %s", 2, longString ); // result < 25000 chars +- \endcode +- +- \warning All vsprintf() implementations will write past the end of +- the target string (*this) if the format specification and arguments +- happen to be longer than the target string, and some will also fail +- if the target string is longer than some arbitrary implementation +- limit. +- +- Giving user-supplied arguments to sprintf() is begging for trouble. +- Sooner or later someone \e will paste a 3000-character line into +- your application. ++ This function takes some special care to avoid overflowing the buffer. ++ It uses vsnprintf() instead of vsprintf(), and if the entire string was ++ used, it increases the buffer length successively until there is enough ++ room. The string is resized back to its natural length before sprintf() ++ returns. + */ + + QCString &QCString::sprintf( const char *format, ... ) + { + detach(); +- va_list ap; +- va_start( ap, format ); +- if ( size() < 256 ) +- QByteArray::resize( 256 ); // make string big enough +- vsprintf( data(), format, ap ); ++ ++ bool finish; ++ if ( size() < 256 ) { // useful starting point ++ QByteArray::resize( 256 ); ++ } ++ ++ do { ++ va_list ap; ++ va_start( ap, format ); ++ int ret = vsnprintf( data(), size(), format, ap ); ++ va_end( ap ); ++ ++ finish = false; ++ if ( ret >= size() ) { ++ QByteArray::resize( ret + 1 ); ++ } else if ( ret == -1 ) { // glibc pre-2.1 ++ QByteArray::resize( size() * 2 ); ++ } else { ++ finish = true; ++ } ++ } while ( !finish ); ++ + resize( qstrlen(data()) + 1 ); // truncate +- va_end( ap ); + return *this; + } + +only in patch2: +unchanged: +--- doxygen-1.4.6.orig/qtools/scstring.cpp ++++ doxygen-1.4.6/qtools/scstring.cpp +@@ -130,20 +130,41 @@ + + SCString &SCString::sprintf( const char *format, ... ) + { +- va_list ap; +- va_start( ap, format ); +- uint l = length(); +- const uint minlen=256; ++ int l = length(); ++ const int minlen=256; ++ bool finish; ++ + if (l<minlen) + { + if (m_data) + m_data = (char *)realloc(m_data,minlen); + else + m_data = (char *)malloc(minlen); ++ l = minlen; + } +- vsprintf( m_data, format, ap ); +- resize( qstrlen(m_data) + 1 ); // truncate +- va_end( ap ); ++ ++ do { ++ va_list ap; ++ va_start(ap, format); ++ int ret = vsnprintf(m_data, l, format, ap); ++ va_end(ap); ++ ++ finish = false; ++ if (ret >= l) ++ { ++ l = ret + 1; ++ resize(l); ++ } ++ else if (ret == -1) // glibc pre-2.1 ++ { ++ l *= 2; ++ resize(l); ++ } else { ++ finish = true; ++ } ++ } while ( !finish ); ++ ++ resize( qstrlen(m_data) + 1 ); // truncate + return *this; + } +