I first found a new bug that needed fixing (changed sudo behaviour
in buildds), and then made a borked upload. So, here is the entire
new diff, _hopefully_ the last in the series. :-)
/* Steinar */
diff -u doxygen-1.4.6/debian/changelog doxygen-1.4.6/debian/changelog
--- doxygen-1.4.6/debian/changelog
+++ doxygen-1.4.6/debian/changelog
@@ -1,3 +1,28 @@
+doxygen (1.4.6-2.3) unstable; urgency=high
+
+ * Non-maintainer upload. (Yes, the third in a row. I hope to get it right
+ this time.)
+ * Do the buffer overflow fixes in a file in debian/patches/ instead of
+ directly in the Debian diff.
+
+ -- Steinar H. Gunderson <[EMAIL PROTECTED]> Sun, 4 Jun 2006 01:33:12 +0200
+
+doxygen (1.4.6-2.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Use $(shell pwd) instead of $(PWD) in debian/rules, which fixes FTBFS on
+ builds that use (newer versions of) sudo.
+
+ -- Steinar H. Gunderson <[EMAIL PROTECTED]> Sun, 4 Jun 2006 01:19:23 +0200
+
+doxygen (1.4.6-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix buffer overflows in QCString::sprintf() and SCString::sprintf().
+ (Closes: #357722)
+
+ -- Steinar H. Gunderson <[EMAIL PROTECTED]> Sat, 3 Jun 2006 13:28:13 +0200
+
doxygen (1.4.6-2) unstable; urgency=low
* Fix build error with g++-4.1 (closes: #358208).
diff -u doxygen-1.4.6/debian/rules doxygen-1.4.6/debian/rules
--- doxygen-1.4.6/debian/rules
+++ doxygen-1.4.6/debian/rules
@@ -49,8 +49,8 @@
install-indep: install-arch
install-indep: install-indep-stamp
install-indep-stamp: DH_OPTIONS=-i
-install-indep-stamp: INSDIR=$(PWD)/debian/doxygen/usr
-install-indep-stamp: DOCDIR=$(PWD)/debian/doxygen-doc/usr/share/doc/doxygen
+install-indep-stamp: INSDIR=$(shell pwd)/debian/doxygen/usr
+install-indep-stamp: DOCDIR=$(shell
pwd)/debian/doxygen-doc/usr/share/doc/doxygen
install-indep-stamp:
dh_testdir
dh_testroot
@@ -63,8 +63,8 @@
install-arch: build
install-arch: install-arch-stamp
install-arch-stamp: DH_OPTIONS=-a
-install-arch-stamp: INSDIR=$(PWD)/debian/doxygen/usr
-install-arch-stamp: DOCDIR=$(PWD)/debian/doxygen/usr/share/doc/doxygen
+install-arch-stamp: INSDIR=$(shell pwd)/debian/doxygen/usr
+install-arch-stamp: DOCDIR=$(shell pwd)/debian/doxygen/usr/share/doc/doxygen
install-arch-stamp:
dh_testdir
dh_testroot
@@ -134,6 +134,7 @@
system-libpng \
install-docs \
manpages \
+ fix-qcstring \
patch: patch-stamp
patch-stamp: $(foreach p,$(debian_patches),patch-stamp-$(p))
only in patch2:
unchanged:
--- doxygen-1.4.6.orig/debian/patches/fix-qcstring.dpatch
+++ doxygen-1.4.6/debian/patches/fix-qcstring.dpatch
@@ -0,0 +1,160 @@
+#! /bin/sh -e
+
+# All lines beginning with `# DPATCH:' are a description of the patch.
+# DP: fix QCString and SCstring
+
+dir=
+if [ $# -eq 3 -a "$2" = '-d' ]; then
+ pdir="-d $3"
+ dir="$3/"
+elif [ $# -ne 1 ]; then
+ echo >&2 "usage: `basename $0`: -patch|-unpatch [-d <srcdir>]"
+ exit 1
+fi
+case "$1" in
+ -patch)
+ patch $pdir -f --no-backup-if-mismatch -p1 < $0
+ ;;
+ -unpatch)
+ patch $pdir -f --no-backup-if-mismatch -R -p1 < $0
+ ;;
+ *)
+ echo >&2 "usage: `basename $0`: -patch|-unpatch [-d <srcdir>]"
+ exit 1
+esac
+exit 0
+
+This patch fixes QCString (and its alternative implementation, SCString)
+to be able to allocate their buffers dynamically as needed instead of the
+programmer having to second-guess how buffer the needs to be. This fixes
+at least one real bug, and probably several hidden ones, although it
+introduces a dependency on vsnprintf (this should not be a problem for
+Debian, though).
+
+--- doxygen-1.4.6.orig/qtools/qcstring.cpp
++++ doxygen-1.4.6/qtools/qcstring.cpp
+@@ -577,43 +577,42 @@
+
+
+ /*!
+- Implemented as a call to the native vsprintf() (see your C-library
++ Implemented as a call to the native vsnprintf() (see your C-library
+ manual).
+
+- If your string is shorter than 256 characters, this sprintf() calls
+- resize(256) to decrease the chance of memory corruption. The string is
+- resized back to its natural length before sprintf() returns.
+-
+- Example:
+- \code
+- QCString s;
+- s.sprintf( "%d - %s", 1, "first" ); // result < 256 chars
+-
+- QCString big( 25000 ); // very long string
+- big.sprintf( "%d - %s", 2, longString ); // result < 25000 chars
+- \endcode
+-
+- \warning All vsprintf() implementations will write past the end of
+- the target string (*this) if the format specification and arguments
+- happen to be longer than the target string, and some will also fail
+- if the target string is longer than some arbitrary implementation
+- limit.
+-
+- Giving user-supplied arguments to sprintf() is begging for trouble.
+- Sooner or later someone \e will paste a 3000-character line into
+- your application.
++ This function takes some special care to avoid overflowing the buffer.
++ It uses vsnprintf() instead of vsprintf(), and if the entire string was
++ used, it increases the buffer length successively until there is enough
++ room. The string is resized back to its natural length before sprintf()
++ returns.
+ */
+
+ QCString &QCString::sprintf( const char *format, ... )
+ {
+ detach();
+- va_list ap;
+- va_start( ap, format );
+- if ( size() < 256 )
+- QByteArray::resize( 256 ); // make string big enough
+- vsprintf( data(), format, ap );
++
++ bool finish;
++ if ( size() < 256 ) { // useful starting
point
++ QByteArray::resize( 256 );
++ }
++
++ do {
++ va_list ap;
++ va_start( ap, format );
++ int ret = vsnprintf( data(), size(), format, ap );
++ va_end( ap );
++
++ finish = false;
++ if ( ret >= size() ) {
++ QByteArray::resize( ret + 1 );
++ } else if ( ret == -1 ) { // glibc pre-2.1
++ QByteArray::resize( size() * 2 );
++ } else {
++ finish = true;
++ }
++ } while ( !finish );
++
+ resize( qstrlen(data()) + 1 ); // truncate
+- va_end( ap );
+ return *this;
+ }
+
+only in patch2:
+unchanged:
+--- doxygen-1.4.6.orig/qtools/scstring.cpp
++++ doxygen-1.4.6/qtools/scstring.cpp
+@@ -130,20 +130,41 @@
+
+ SCString &SCString::sprintf( const char *format, ... )
+ {
+- va_list ap;
+- va_start( ap, format );
+- uint l = length();
+- const uint minlen=256;
++ int l = length();
++ const int minlen=256;
++ bool finish;
++
+ if (l<minlen)
+ {
+ if (m_data)
+ m_data = (char *)realloc(m_data,minlen);
+ else
+ m_data = (char *)malloc(minlen);
++ l = minlen;
+ }
+- vsprintf( m_data, format, ap );
+- resize( qstrlen(m_data) + 1 ); // truncate
+- va_end( ap );
++
++ do {
++ va_list ap;
++ va_start(ap, format);
++ int ret = vsnprintf(m_data, l, format, ap);
++ va_end(ap);
++
++ finish = false;
++ if (ret >= l)
++ {
++ l = ret + 1;
++ resize(l);
++ }
++ else if (ret == -1) // glibc pre-2.1
++ {
++ l *= 2;
++ resize(l);
++ } else {
++ finish = true;
++ }
++ } while ( !finish );
++
++ resize( qstrlen(m_data) + 1 ); // truncate
+ return *this;
+ }
+
