Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package imview the version fixes RC-Bug #699820 (security issue) and FTBFS on kFreeBSD-systems (it was detected after the version 1.1.9c-10 uploaded). unblock imview/1.1.9c-11 Thanks, Anton -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.7-trunk-686-pae (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff --git a/debian/changelog b/debian/changelog index 58f7794..0691ced 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,23 @@ +imview (1.1.9c-11) unstable; urgency=low + + * [8106c00] Fix FTBFS on kFreeBSD*. + + -- Anton Gladky <gl...@debian.org> Thu, 07 Feb 2013 22:06:57 +0100 + +imview (1.1.9c-10) unstable; urgency=low + + [ Anton Gladky ] + * [f6c935a] Update homepage. (Closes: #681761) + * [272f222] Add upstream-files. + + [ Michael Terry ] + * [98e20d5] Prevent link fltk libraries statically. + + [ Sebastian Ramacher ] + * [5832a2e] Fix stack smashing in ics-reader. (Closes: #699820) + + -- Anton Gladky <gl...@debian.org> Wed, 06 Feb 2013 19:46:55 +0100 + imview (1.1.9c-9) unstable; urgency=low * [2c68893] Fix FTBFS with gcc-4.7. Thanks to Sebastian Ramacher. diff --git a/debian/control b/debian/control index 36230ff..bbad7fb 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,7 @@ Section: science Priority: optional Maintainer: Debian Science Maintainers <debian-science-maintain...@lists.alioth.debian.org> Uploaders: Teemu Ikonen <tpiko...@gmail.com>, Andreas Tille <ti...@debian.org>, - Anton Gladky <gladky.an...@gmail.com> + Anton Gladky <gl...@debian.org> Vcs-Browser: http://git.debian.org/?p=debian-science/packages/imview.git Vcs-Git: http://git.debian.org/git/debian-science/packages/imview.git Build-Depends: debhelper (>= 7.0.50~), libfltk1.1-dev, fluid (>= 1.3.0), diff --git a/debian/patches/04_fix_ics_stack_smashing.patch b/debian/patches/04_fix_ics_stack_smashing.patch new file mode 100644 index 0000000..5ac532b --- /dev/null +++ b/debian/patches/04_fix_ics_stack_smashing.patch @@ -0,0 +1,380 @@ +Description: fixes stack smashing in ics-reader +Author: Sebastian Ramacher <sramac...@debian.org> + Sune Vuorela +Bug-Debian: http://bugs.debian.org/699820 +Last-Update: 2013-02-06 + +--- a/io/readics.cxx ++++ b/io/readics.cxx +@@ -80,15 +80,15 @@ + + res = load_ics(name, &p, &thepixtype, &nx, &ny, &nz); + +- pp = (void **)malloc(sizeof(void *)); +- pp[0] = p; +- + if (res == 0) { // all went well + // now reprocess that according to content + + // the new buffer needs to be set first before + // the dimensions are changed because the previous buffer + // might be freed, and we will need its dimensions. ++ pp = (void **)malloc(sizeof(void *)); ++ pp[0] = p; ++ + IOBlackBox->setCurrBuffp(pp); + IOBlackBox->setCurrImgWidth(nx); + IOBlackBox->setCurrImgHeight(ny); +@@ -273,6 +273,13 @@ + /* get the length of the ICS file and rewind */ + length = (unsigned int)lseek(fd,0L,2); + lseek(fd,0L,0); ++ ++ /* the first two characters are the seperators */ ++ if (length < 2) ++ { ++ close(fd); ++ return -4; ++ } + + /* allocate space for all data from the ICS file */ + if ((buffer1 = (char *)malloc(length)) == NULL) +@@ -321,10 +328,15 @@ + delim1 = *bp++; /* field delimiter */ + delim2 = *bp++; /* record delimiter */ + t = temp1; +- ++ ++ size_t bread = 0; ++ + /* check if written by ICS */ +- while (*bp != delim2) +- *t++ = *bp++; ++ while (*bp != delim2 && bread < 3 && bp != end) ++ { ++ *t++ = *bp++; ++ ++bread; ++ } + bp++; + *t = '\0'; + if (strncmp(temp1,"ICS",3) && strncmp(temp1,"ics",3)) +@@ -337,13 +349,18 @@ + /* get the filename from the ICS file */ + + t = temp1; +- while (*bp != delim2) +- *t++ = *bp++; ++ bread = 0; ++ while (*bp != delim2 && bread < sizeof(temp1) - 1 && bp != end) ++ { ++ *t++ = *bp++; ++ ++bread; ++ } + bp++; + *t = '\0'; + + t = strchr(temp1,delim1); +- strcpy(icsheader->filename,t); ++ strncpy(icsheader->filename,t, FILENAME_SIZE); ++ icsheader->filename[FILENAME_SIZE - 1] = '\0'; + *t = '\0'; + + if (strcmp(temp1,"filename")) +@@ -360,18 +377,27 @@ + { + /* get the next record into temp1 */ + t = temp1; +- while (*bp != delim2 && bp < end) /* dont read beyond EOF */ +- *t++ = *bp++; ++ bread = 0; ++ while (*bp != delim2 && bp < end && bread < sizeof(temp1) - 1) /* dont read beyond EOF */ ++ { ++ *t++ = *bp++; ++ ++bread; ++ } + bp++; + *t = '\0'; + + /* get the category into temp2 */ ++ bread = 0; + t = temp1; + tg = temp2; +- while (*t != delim1) ++ while (*t != delim1 && bread < sizeof(temp1) - 1) ++ { + *tg++ = *t++; ++ ++bread; ++ } + t++; + *tg = '\0'; ++ ++bread; + + /* check if it is one of the decodable categories */ + cat = 0; +@@ -388,10 +414,14 @@ + } + /* get the next field from this record */ + tg = temp2; +- while (*t != delim1) ++ while (*t != delim1 && bread < sizeof(temp1) - 1) ++ { + *tg++ = *t++; ++ ++bread; ++ } + t++; + *tg = '\0'; ++ ++bread; + + /* find this item in the keyword table */ + for (i = 0; i < kwrds; i++) +@@ -415,10 +445,14 @@ + break; + } + tg = temp2; +- while (*t != '\0') +- *tg++ = *t++; ++ while (*t != '\0' && bread < sizeof(temp1) - 1) ++ { ++ *tg++ = *t++; ++ ++bread; ++ } + *tg = '\0'; + t++; ++ ++bread; + icsheader->parameters = atoi(temp2); + if (icsheader->parameters > MAXDIM) + { /* if necessary change MAXDIM in ics.h */ +@@ -444,11 +478,15 @@ + for (i = 0; i < icsheader->parameters; i++) + { + tg = temp2; +- while (*t != delim1 && *t != '\0') ++ while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1) ++ { + *tg++ = *t++; ++ ++bread; ++ } + *tg = '\0'; + t++; +- strcpy(icsheader->order[i],temp2); ++ strncpy(icsheader->order[i],temp2, ORDER_SIZE); ++ icsheader->order[i][ORDER_SIZE - 1] = '\0'; + } + icsheader->valid_order = TRUE; + break; +@@ -468,10 +506,14 @@ + for (i = 0; i < icsheader->parameters; i++) + { + tg = temp2; +- while (*t != delim1 && *t != '\0') ++ while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1) ++ { + *tg++ = *t++; ++ ++bread; ++ } + *tg = '\0'; + t++; ++ ++bread; + icsheader->sizes[i] = atoi(temp2); + } + icsheader->valid_sizes = TRUE; +@@ -484,11 +526,16 @@ + break; + } + tg = temp2; +- while (*t != '\0') +- *tg++ = *t++; ++ while (*t != '\0' && bread < sizeof(temp1) - 1) ++ { ++ *tg++ = *t++; ++ ++bread; ++ } + *tg = '\0'; + t++; +- strcpy(icsheader->coord,temp2); ++ ++bread; ++ strncpy(icsheader->coord,temp2, COORD_SIZE); ++ icsheader->coord[COORD_SIZE - 1] = '\0'; + icsheader->valid_coord = TRUE; + break; + case 4: /* significant bits */ +@@ -499,10 +546,14 @@ + break; + } + tg = temp2; +- while (*t != '\0') +- *tg++ = *t++; ++ while (*t != '\0' && bread < sizeof(temp1) - 1) ++ { ++ *tg++ = *t++; ++ ++bread; ++ } + *tg = '\0'; + t++; ++ ++bread; + icsheader->sigbits = atoi(temp2); + icsheader->valid_sigbits = TRUE; + break; +@@ -514,11 +565,16 @@ + break; + } + tg = temp2; +- while (*t != '\0') +- *tg++ = *t++; ++ while (*t != '\0' && bread < sizeof(temp1) - 1) ++ { ++ *tg++ = *t++; ++ ++bread; ++ } + *tg = '\0'; + t++; +- strcpy(icsheader->format,temp2); ++ ++bread; ++ strncpy(icsheader->format,temp2, FORMAT_SIZE); ++ icsheader->format[FORMAT_SIZE - 1] = '\0'; + icsheader->valid_format = TRUE; + break; + case 6: /* signed or unsigned */ +@@ -529,10 +585,14 @@ + break; + } + tg = temp2; +- while (*t != '\0') +- *tg++ = *t++; ++ while (*t != '\0' && bread < sizeof(temp1) - 1) ++ { ++ *tg++ = *t++; ++ ++bread; ++ } + *tg = '\0'; + t++; ++ ++bread; + if (!strcmp(temp2,"unsigned")) + icsheader->sign = UNSIGNED; + else icsheader->sign = SIGNED; +@@ -546,11 +606,16 @@ + break; + } + tg = temp2; +- while (*t != '\0') +- *tg++ = *t++; ++ while (*t != '\0' && bread < sizeof(temp1) - 1) ++ { ++ *tg++ = *t++; ++ ++bread; ++ } + *tg = '\0'; + t++; +- strcpy(icsheader->compression,temp2); ++ ++bread; ++ strncpy(icsheader->compression,temp2, CMPS_SIZE); ++ icsheader->compression[CMPS_SIZE - 1] = '\0'; + icsheader->valid_compression = TRUE; + break; + case 8: /* origin */ +@@ -569,10 +634,14 @@ + for (i = 0; i < icsheader->parameters; i++) + { + tg = temp2; +- while (*t != delim1 && *t != '\0') ++ while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1) ++ { + *tg++ = *t++; ++ ++bread; ++ } + *tg = '\0'; + t++; ++ ++bread; + icsheader->origin[i] = (float)atof(temp2); + } + icsheader->valid_origin = TRUE; +@@ -593,10 +662,14 @@ + for (i = 0; i < icsheader->parameters; i++) + { + tg = temp2; +- while (*t != delim1 && *t != '\0') ++ while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1) ++ { + *tg++ = *t++; ++ ++bread; ++ } + *tg = '\0'; + t++; ++ ++bread; + icsheader->scale[i] = (float)atof(temp2); + } + icsheader->valid_scale = TRUE; +@@ -617,11 +690,16 @@ + for (i = 0; i < icsheader->parameters; i++) + { + tg = temp2; +- while (*t != delim1 && *t != '\0') ++ while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1) ++ { + *tg++ = *t++; ++ ++bread; ++ } + *tg = '\0'; + t++; +- strcpy(icsheader->label[i],temp2); ++ ++bread; ++ strncpy(icsheader->label[i],temp2, LABEL_SIZE); ++ icsheader->label[i][LABEL_SIZE - 1] = '\0'; + } + icsheader->valid_label = TRUE; + break; +@@ -641,11 +719,16 @@ + for (i = 0; i < icsheader->parameters; i++) + { + tg = temp2; +- while (*t != delim1 && *t != '\0') ++ while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1) ++ { + *tg++ = *t++; ++ ++bread; ++ } + *tg = '\0'; + t++; +- strcpy(icsheader->units[i],temp2); ++ ++bread; ++ strncpy(icsheader->units[i],temp2, UNITS_SIZE); ++ icsheader->units[i][UNITS_SIZE - 1] = '\0'; + } + icsheader->valid_units = TRUE; + break; +@@ -666,10 +749,14 @@ + for (ui = 0; ui < length; ui++) + { + tg = temp2; +- while (*t != delim1 && *t != '\0') ++ while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1) ++ { + *tg++ = *t++; ++ ++bread; ++ } + *tg = '\0'; + t++; ++ ++bread; + icsheader->byteorder[ui] = atoi(temp2); + } + icsheader->valid_byteorder = TRUE; +@@ -682,11 +769,16 @@ + break; + } + tg = temp2; +- while (*t != '\0') +- *tg++ = *t++; ++ while (*t != '\0' && bread < sizeof(temp1) - 1) ++ { ++ *tg++ = *t++; ++ ++bread; ++ } + *tg = '\0'; + t++; +- strcpy(icsheader->SCIL_TYPE,temp2); ++ ++bread; ++ strncpy(icsheader->SCIL_TYPE,temp2, SCIL_SIZE); ++ icsheader->SCIL_TYPE[SCIL_SIZE - 1] = '\0'; + icsheader->valid_SCIL_TYPE = TRUE; + break; + default: diff --git a/debian/patches/07_fix_kfreebsd_FTBFS.patch b/debian/patches/07_fix_kfreebsd_FTBFS.patch new file mode 100644 index 0000000..28994a0 --- /dev/null +++ b/debian/patches/07_fix_kfreebsd_FTBFS.patch @@ -0,0 +1,16 @@ +Description: fix FTBFS on kFreeBSD* + (aggregate 'semun arg' has incomplete type and cannot be defined) +Author: Anton Gladky <gl...@debian.org> +Last-Update: 2013-02-07 + +--- a/server/imshared.hxx ++++ b/server/imshared.hxx +@@ -65,7 +65,7 @@ + #include <setjmp.h> + + // this is WEIRD! but required on Unices +-#ifdef Linux ++#if defined (Linux) || (__FreeBSD_kernel__) + # if defined(__GNU_LIBRARY__) && !defined(_SEM_SEMUN_UNDEFINED) + #warning Incorrect <sys/sem.h>, workaround used. + /* union semun is defined by including <sys/sem.h> */ diff --git a/debian/patches/series b/debian/patches/series index 4067bcd..276da68 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,6 @@ 01_fix_FTBFS_Fl_Widget.patch 02_fix_FTBFS_gcc-4.patch 03_non-static.patch +04_fix_ics_stack_smashing.patch + +07_fix_kfreebsd_FTBFS.patch