Package: texinfo Version: 4.13a.dfsg.1-6 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu oneiric ubuntu-patch
*** /tmp/tmpthmH7S In Ubuntu, the attached patch was applied to achieve the following: Fix a bug filed on Launchpad that makeinfo fails on sparc with buffer overflow detected, causing other packages FTBFS: https://bugs.launchpad.net/ubuntu/+source/texinfo/+bug/569802 * debian/patches/minor-buffer-size-fix: increase stack buffer size for sprintf of numeric values (LP: #569802). Thanks for considering the patch. -- System Information: Debian Release: squeeze/sid APT prefers natty-updates APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty-proposed'), (500, 'natty'), (100, 'natty-backports') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-11-generic (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -u texinfo-4.13a.dfsg.1/debian/changelog texinfo-4.13a.dfsg.1/debian/changelog diff -u texinfo-4.13a.dfsg.1/debian/patches/series texinfo-4.13a.dfsg.1/debian/patches/series --- texinfo-4.13a.dfsg.1/debian/patches/series +++ texinfo-4.13a.dfsg.1/debian/patches/series @@ -7,0 +8 @@ +minor-buffer-size-fix only in patch2: unchanged: --- texinfo-4.13a.dfsg.1.orig/debian/patches/minor-buffer-size-fix +++ texinfo-4.13a.dfsg.1/debian/patches/minor-buffer-size-fix @@ -0,0 +1,26 @@ +Author: Kees Cook <k...@ubuntu.com> +Description: extend stack buffers to be large enough for the type values + they are expected to hold. +Bug: https://savannah.gnu.org/bugs/?32122 +Bug-Ubuntu: https://launchpad.net/bugs/569802 + +Index: texinfo-4.13a.dfsg.1/makeinfo/sectioning.c +=================================================================== +--- texinfo-4.13a.dfsg.1.orig/makeinfo/sectioning.c 2011-01-13 14:12:35.382016526 -0800 ++++ texinfo-4.13a.dfsg.1/makeinfo/sectioning.c 2011-01-13 14:14:41.285127427 -0800 +@@ -256,13 +256,13 @@ + return xstrdup (""); + else if (enum_marker == APPENDIX_MAGIC) + { +- char s[1]; ++ char s[2]; + sprintf (s, "%c", numbers[0] + 64); + return xstrdup (s); + } + else + { +- char s[5]; ++ char s[32]; + sprintf (s, "%d", numbers[0]); + return xstrdup (s); + }