Package: aptitude
Version: 0.4.11.3-1
Severity: wishlist
Tags: patch
User: [EMAIL PROTECTED]
Usertags: origin-ubuntu ubuntu-patch intrepid
Ubuntu builds with -D_FORTIFY_SOURCE=2 by default nowadays, to emit
warnings on a variety of coding errors that can lead to security flaws.
aptitude's use of -Werror means that these turn into errors which caused
aptitude to fail to build for us.
Unfortunately glibc upstream has an IMO slightly eccentric idea of which
functions must have their results checked, so some of this patch is a
little strange: system() turns into if(system() != 0) { /* ignore */ }.
(Casts to (void) don't work here, which according to gcc upstream is
intentional.) Still, it seems largely harmless and works for me, so
perhaps you would like to incorporate it.
Thanks,
--
Colin Watson [EMAIL PROTECTED]
#! /bin/sh /usr/share/dpatch/dpatch-run
## 09_ubuntu_fortify_source.dpatch by Colin Watson <[EMAIL PROTECTED]>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Suppress a number of warnings (turned into errors by -Werror)
## DP: triggered by Ubuntu's default of -D_FORTIFY_SOURCE=2.
@DPATCH@
diff -urNad aptitude-0.4.11.3~/src/generic/apt/download_install_manager.cc
aptitude-0.4.11.3/src/generic/apt/download_install_manager.cc
--- aptitude-0.4.11.3~/src/generic/apt/download_install_manager.cc
2008-05-27 04:59:39.000000000 +0100
+++ aptitude-0.4.11.3/src/generic/apt/download_install_manager.cc
2008-09-02 12:43:47.000000000 +0100
@@ -153,7 +153,7 @@
case pkgPackageManager::Failed:
_error->DumpErrors();
cerr << _("A package failed to install. Trying to recover:") << endl;
- system("DPKG_NO_TSTP=1 dpkg --configure -a");
+ if(system("DPKG_NO_TSTP=1 dpkg --configure -a") != 0) { /* ignore */ }
_error->Discard();
rval = failure;
diff -urNad aptitude-0.4.11.3~/src/pkg_item.cc aptitude-0.4.11.3/src/pkg_item.cc
--- aptitude-0.4.11.3~/src/pkg_item.cc 2008-05-27 04:59:39.000000000 +0100
+++ aptitude-0.4.11.3/src/pkg_item.cc 2008-09-02 12:43:47.000000000 +0100
@@ -406,7 +406,7 @@
printf(_("Reporting a bug in %s:\n"), package.Name());
- system(cmd.c_str());
+ if(system(cmd.c_str()) != 0) { /* ignore */ }
cw::toplevel::resume();
}
@@ -440,7 +440,7 @@
snprintf(buf, 512, sucmd,
package.Name());
- system(buf);
+ if(system(buf) != 0) { /* ignore? */ }
cerr<<_("Press return to continue.\n");
getchar();
diff -urNad aptitude-0.4.11.3~/src/pkg_ver_item.cc
aptitude-0.4.11.3/src/pkg_ver_item.cc
--- aptitude-0.4.11.3~/src/pkg_ver_item.cc 2008-05-27 04:59:39.000000000
+0100
+++ aptitude-0.4.11.3/src/pkg_ver_item.cc 2008-09-02 12:43:47.000000000
+0100
@@ -775,7 +775,7 @@
- system(cmd.c_str());
+ if(system(cmd.c_str()) != 0) { /* ignore */ }
sigaction(SIGCONT, &oldact, NULL);
diff -urNad aptitude-0.4.11.3~/src/ui.cc aptitude-0.4.11.3/src/ui.cc
--- aptitude-0.4.11.3~/src/ui.cc 2008-05-27 04:59:39.000000000 +0100
+++ aptitude-0.4.11.3/src/ui.cc 2008-09-02 12:43:47.000000000 +0100
@@ -471,7 +471,12 @@
// Read one byte from the FIFO for synchronization
char tmp;
int fd = open(fifoname.get_name().c_str(), O_RDONLY);
- read(fd, &tmp, 1); // Will block until the other process writes.
+ if(read(fd, &tmp, 1) < 0) // Will block until the other process writes.
+ {
+ std::string errmsg = ssprintf("aptitude: failed to synchronize with
parent process");
+ perror(errmsg.c_str());
+ exit(1);
+ }
close(fd);
// It's ok to use argv0 to generate the command,
@@ -546,7 +551,13 @@
// Ok, wake the other process up.
char tmp=0;
int fd=open(fifoname.get_name().c_str(), O_WRONLY);
- write(fd, &tmp, 1);
+ if(write(fd, &tmp, 1) < 0)
+ {
+ // If we can't synchronize with it, we'd better kill it.
+ std::string errmsg = ssprintf("aptitude: failed to synchronize with
child process");
+ perror(errmsg.c_str());
+ kill(pid, SIGTERM);
+ }
close(fd);
// Wait for a while so we don't accidentally daemonize ourselves.
