On Tue, Jan 17, 2006 at 09:21:12AM +0100, Thomas Viehmann wrote: > Justin Pryzby wrote: > > You might consider mailing on -mentors, asking for a one time sponsor; > > I'm mailing -qa for you right now.
> > In fact, please do this asap, because of the stack smash bug. Also > > change urgency to at least medium, and provide a patch to the security > > team, since the package is in stable. Is it confirmed that this stack smash bug is a security vulnerability? Not all are... > I can't build it (see below for a pbuilder snippet). Confirmed. > Autoreconf doesn't work, either. Well, I can't confirm this. Jacob, please consider the attached patch, which fixes some quoting issues in configure.ac and re-autoconfs the source. Confirmed to work in pbuilder here. If you would care to prepare a -4 that includes these fixes, I'd be happy to sponsor for you (as, I imagine, would Thomas). Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
diff -u xscorch-0.2.0/debian/changelog xscorch-0.2.0/debian/changelog --- xscorch-0.2.0/debian/changelog +++ xscorch-0.2.0/debian/changelog @@ -1,10 +1,16 @@ -xscorch (0.2.0-4) unstable; urgency=low +xscorch (0.2.0-3.1) unstable; urgency=high + * Non-maintainer upload. + * High-urgency upload for RC bugfix. * Update to Standards version 3.6.2 * Apply upstream patch for potential stack smash * Get rid of build deps on xlibs-dev (Closes: #346856) + * Fix quoting in AC_MSG_ERROR() usage in configure.ac, and re-run + autoconf to lose the build-dependency on libxt for AC_PATH_XTRA. + * Remove check for libXpm, which is *not* needed directly by the gtk + interface. - -- Jacob Luna Lundberg <[EMAIL PROTECTED]> Sun, 8 Jan 2006 20:14:02 -0800 + -- Steve Langasek <[EMAIL PROTECTED]> Tue, 17 Jan 2006 01:48:58 -0800 xscorch (0.2.0-3) unstable; urgency=low only in patch2: unchanged: --- xscorch-0.2.0.orig/configure +++ xscorch-0.2.0/configure @@ -25707,9 +25707,9 @@ _ACEOF else - { { echo "$as_me:$LINENO: error: gettimeofday() not found" >&5 -echo "$as_me: error: gettimeofday() not found" >&2;} - { (exit aborting.); exit aborting.; }; } + { { echo "$as_me:$LINENO: error: gettimeofday() not found, aborting." >&5 +echo "$as_me: error: gettimeofday() not found, aborting." >&2;} + { (exit 1); exit 1; }; } fi done @@ -25812,9 +25812,9 @@ _ACEOF else - { { echo "$as_me:$LINENO: error: usleep() not found" >&5 -echo "$as_me: error: usleep() not found" >&2;} - { (exit aborting.); exit aborting.; }; } + { { echo "$as_me:$LINENO: error: usleep() not found, aborting." >&5 +echo "$as_me: error: usleep() not found, aborting." >&2;} + { (exit 1); exit 1; }; } fi done @@ -25917,9 +25917,9 @@ _ACEOF else - { { echo "$as_me:$LINENO: error: memcpy() not found" >&5 -echo "$as_me: error: memcpy() not found" >&2;} - { (exit aborting.); exit aborting.; }; } + { { echo "$as_me:$LINENO: error: memcpy() not found, aborting." >&5 +echo "$as_me: error: memcpy() not found, aborting." >&2;} + { (exit 1); exit 1; }; } fi done @@ -26022,9 +26022,9 @@ _ACEOF else - { { echo "$as_me:$LINENO: error: memset() not found" >&5 -echo "$as_me: error: memset() not found" >&2;} - { (exit aborting.); exit aborting.; }; } + { { echo "$as_me:$LINENO: error: memset() not found, aborting." >&5 +echo "$as_me: error: memset() not found, aborting." >&2;} + { (exit 1); exit 1; }; } fi done @@ -26127,9 +26127,9 @@ _ACEOF else - { { echo "$as_me:$LINENO: error: vsnprintf() not found" >&5 -echo "$as_me: error: vsnprintf() not found" >&2;} - { (exit aborting.); exit aborting.; }; } + { { echo "$as_me:$LINENO: error: vsnprintf() not found, aborting." >&5 +echo "$as_me: error: vsnprintf() not found, aborting." >&2;} + { (exit 1); exit 1; }; } fi done @@ -26232,9 +26232,9 @@ _ACEOF else - { { echo "$as_me:$LINENO: error: stat() not found" >&5 -echo "$as_me: error: stat() not found" >&2;} - { (exit aborting.); exit aborting.; }; } + { { echo "$as_me:$LINENO: error: stat() not found, aborting." >&5 +echo "$as_me: error: stat() not found, aborting." >&2;} + { (exit 1); exit 1; }; } fi done @@ -26623,9 +26623,9 @@ if test $ac_cv_lib_nsl_gethostbyname = yes; then NET_LIBS="$NET_LIBS -lnsl" else - { { echo "$as_me:$LINENO: error: gethostbyname() network function not found" >&5 -echo "$as_me: error: gethostbyname() network function not found" >&2;} - { (exit aborting.); exit aborting.; }; } + { { echo "$as_me:$LINENO: error: gethostbyname() network function not found, aborting." >&5 +echo "$as_me: error: gethostbyname() network function not found, aborting." >&2;} + { (exit 1); exit 1; }; } fi fi @@ -26796,9 +26796,9 @@ if test $ac_cv_lib_socket_socket = yes; then NET_LIBS="$NET_LIBS -lsocket" else - { { echo "$as_me:$LINENO: error: socket() network function not found" >&5 -echo "$as_me: error: socket() network function not found" >&2;} - { (exit aborting.); exit aborting.; }; } + { { echo "$as_me:$LINENO: error: socket() network function not found, aborting." >&5 +echo "$as_me: error: socket() network function not found, aborting." >&2;} + { (exit 1); exit 1; }; } fi fi @@ -26990,7 +26990,7 @@ cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ -#include <X11/Intrinsic.h> +#include <X11/Xlib.h> _ACEOF if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 @@ -27017,7 +27017,7 @@ sed 's/^/| /' conftest.$ac_ext >&5 for ac_dir in $ac_x_header_dirs; do - if test -r "$ac_dir/X11/Intrinsic.h"; then + if test -r "$ac_dir/X11/Xlib.h"; then ac_x_includes=$ac_dir break fi @@ -27031,18 +27031,18 @@ # See if we find them without any special options. # Don't add to $LIBS permanently. ac_save_LIBS=$LIBS - LIBS="-lXt $LIBS" + LIBS="-lX11 $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ -#include <X11/Intrinsic.h> +#include <X11/Xlib.h> int main () { -XtMalloc (0) +XrmInitialize () ; return 0; } @@ -27080,7 +27080,7 @@ do # Don't even attempt the hair of trying to link an X program! for ac_extension in a so sl; do - if test -r $ac_dir/libXt.$ac_extension; then + if test -r $ac_dir/libX11.$ac_extension; then ac_x_libraries=$ac_dir break 2 fi @@ -28336,86 +28336,9 @@ LIBS="-lX11 $LIBS" else - { { echo "$as_me:$LINENO: error: libX11 is required for GTK interface" >&5 -echo "$as_me: error: libX11 is required for GTK interface" >&2;} - { (exit aborting.); exit aborting.; }; } -fi - - -echo "$as_me:$LINENO: checking for XpmCreateImageFromData in -lXpm" >&5 -echo $ECHO_N "checking for XpmCreateImageFromData in -lXpm... $ECHO_C" >&6 -if test "${ac_cv_lib_Xpm_XpmCreateImageFromData+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lXpm $X_LIBS $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any gcc2 internal prototype to avoid an error. */ -#ifdef __cplusplus -extern "C" -#endif -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char XpmCreateImageFromData (); -int -main () -{ -XpmCreateImageFromData (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_lib_Xpm_XpmCreateImageFromData=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -ac_cv_lib_Xpm_XpmCreateImageFromData=no -fi -rm -f conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -echo "$as_me:$LINENO: result: $ac_cv_lib_Xpm_XpmCreateImageFromData" >&5 -echo "${ECHO_T}$ac_cv_lib_Xpm_XpmCreateImageFromData" >&6 -if test $ac_cv_lib_Xpm_XpmCreateImageFromData = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBXPM 1 -_ACEOF - - LIBS="-lXpm $LIBS" - -else - { { echo "$as_me:$LINENO: error: libXpm is required for GTK interface" >&5 -echo "$as_me: error: libXpm is required for GTK interface" >&2;} - { (exit aborting.); exit aborting.; }; } + { { echo "$as_me:$LINENO: error: libX11 is required for GTK interface, aborting." >&5 +echo "$as_me: error: libX11 is required for GTK interface, aborting." >&2;} + { (exit 1); exit 1; }; } fi LIBS= only in patch2: unchanged: --- xscorch-0.2.0.orig/configure.ac +++ xscorch-0.2.0/configure.ac @@ -296,12 +296,12 @@ dnl Checks for library functions. dnl -AC_CHECK_FUNCS(gettimeofday, , AC_MSG_ERROR(gettimeofday() not found, aborting.)) -AC_CHECK_FUNCS(usleep, , AC_MSG_ERROR(usleep() not found, aborting.)) -AC_CHECK_FUNCS(memcpy, , AC_MSG_ERROR(memcpy() not found, aborting.)) -AC_CHECK_FUNCS(memset, , AC_MSG_ERROR(memset() not found, aborting.)) -AC_CHECK_FUNCS(vsnprintf, , AC_MSG_ERROR(vsnprintf() not found, aborting.)) -AC_CHECK_FUNCS(stat, , AC_MSG_ERROR(stat() not found, aborting.)) +AC_CHECK_FUNCS(gettimeofday, , [AC_MSG_ERROR([gettimeofday() not found, aborting.])]) +AC_CHECK_FUNCS(usleep, , [AC_MSG_ERROR([usleep() not found, aborting.])]) +AC_CHECK_FUNCS(memcpy, , [AC_MSG_ERROR([memcpy() not found, aborting.])]) +AC_CHECK_FUNCS(memset, , [AC_MSG_ERROR([memset() not found, aborting.])]) +AC_CHECK_FUNCS(vsnprintf, , [AC_MSG_ERROR([vsnprintf() not found, aborting.])]) +AC_CHECK_FUNCS(stat, , [AC_MSG_ERROR([stat() not found, aborting.])]) AC_CHECK_FUNCS(strnlen) @@ -317,11 +317,11 @@ AC_SUBST(NET_LIBS) if test "x$NETWORK" = "x1"; then AC_CHECK_FUNCS(gethostbyname, , - AC_CHECK_LIB(nsl, gethostbyname, NET_LIBS="$NET_LIBS -lnsl", - AC_MSG_ERROR(gethostbyname() network function not found, aborting.))) + [AC_CHECK_LIB(nsl, gethostbyname, NET_LIBS="$NET_LIBS -lnsl", + [AC_MSG_ERROR([gethostbyname() network function not found, aborting.])])]) AC_CHECK_FUNCS(socket, , - AC_CHECK_LIB(socket, socket, NET_LIBS="$NET_LIBS -lsocket", - AC_MSG_ERROR(socket() network function not found, aborting.))) + [AC_CHECK_LIB(socket, socket, NET_LIBS="$NET_LIBS -lsocket", + [AC_MSG_ERROR([socket() network function not found, aborting.])])]) echo "Network libraries we're linking against: "`if test "x$NET_LIBS" = "x"; then echo "(none)"; else echo "$NET_LIBS"; fi` fi @@ -335,8 +335,7 @@ dnl if test "x$ANYGTK" = "x1"; then AC_PATH_XTRA - AC_CHECK_LIB(X11, XOpenDisplay, , AC_MSG_ERROR(libX11 is required for GTK interface, aborting.), $X_LIBS) - AC_CHECK_LIB(Xpm, XpmCreateImageFromData, , AC_MSG_ERROR(libXpm is required for GTK interface, aborting.), $X_LIBS) + AC_CHECK_LIB(X11, XOpenDisplay, , [AC_MSG_ERROR([libX11 is required for GTK interface, aborting.])], $X_LIBS) LIBS= fi AC_SUBST(X_LIBS)
signature.asc
Description: Digital signature