[pkg-boost-commits] r14324 - in boost/branches/1.36.0/debian: . patches
smr at alioth.debian.org
smr at alioth.debian.org
Sat Nov 15 04:39:50 UTC 2008
Author: smr
Date: 2008-11-15 04:39:49 +0000 (Sat, 15 Nov 2008)
New Revision: 14324
Added:
boost/branches/1.36.0/debian/patches/jam-hardening.patch
Modified:
boost/branches/1.36.0/debian/changelog
boost/branches/1.36.0/debian/patches/series
Log:
Apply hardening patch to fix #505734.
Modified: boost/branches/1.36.0/debian/changelog
===================================================================
--- boost/branches/1.36.0/debian/changelog 2008-11-15 03:52:35 UTC (rev 14323)
+++ boost/branches/1.36.0/debian/changelog 2008-11-15 04:39:49 UTC (rev 14324)
@@ -5,8 +5,12 @@
* patches/add-disable-long-double.patch: Only install boost_math_c99l
and boost_math_tr1l if build-long-double is true.
+
+ * patches/jam-hardening.patch: New. Fix warnings generated by hardening
+ options, -D_FORTIFY_SOURCE=2 and -Wformat-security. Thanks to Kees
+ Cook for the patch. Closes: #505734.
- -- Steve M. Robbins <smr at debian.org> Fri, 14 Nov 2008 20:04:17 -0600
+ -- Steve M. Robbins <smr at debian.org> Fri, 14 Nov 2008 22:19:44 -0600
boost1.36 (1.36.0-5) unstable; urgency=low
Added: boost/branches/1.36.0/debian/patches/jam-hardening.patch
===================================================================
--- boost/branches/1.36.0/debian/patches/jam-hardening.patch (rev 0)
+++ boost/branches/1.36.0/debian/patches/jam-hardening.patch 2008-11-15 04:39:49 UTC (rev 14324)
@@ -0,0 +1,79 @@
+From Kees Cook, Debian BTS #505734
+
+--- boost1.36-1.36.0.orig/tools/jam/src/compile.c
++++ boost1.36-1.36.0/tools/jam/src/compile.c
+@@ -1405,7 +1405,7 @@
+ i = (level+1)*2;
+ while ( i > 35 )
+ {
+- printf( indent );
++ printf( "%s", indent );
+ i -= 35;
+ }
+
+--- boost1.36-1.36.0.orig/tools/jam/src/make1.c
++++ boost1.36-1.36.0/tools/jam/src/make1.c
+@@ -1018,7 +1018,7 @@
+ list_sublist( ns, start, chunk ),
+ list_new( L0, newstr( "%" ) ) );
+
+- printf( cmd->buf );
++ printf( "%s", cmd->buf );
+
+ exit( EXITBAD );
+ }
+--- boost1.36-1.36.0.orig/tools/jam/src/output.c
++++ boost1.36-1.36.0/tools/jam/src/output.c
+@@ -20,7 +20,7 @@
+ while ( *data )
+ {
+ size_t len = strcspn(data,"\r");
+- fwrite(data,len,1,io);
++ do { if (fwrite(data,len,1,io)) {} } while (0);
+ data += len;
+ if ( *data == '\r' ) ++data;
+ }
+--- boost1.36-1.36.0.orig/tools/jam/src/variable.c
++++ boost1.36-1.36.0/tools/jam/src/variable.c
+@@ -416,8 +416,18 @@
+ }
+ if ( output_0 < output_1 )
+ {
+- if ( out_file ) fwrite(output_0,output_1-output_0,1,out_file);
+- if ( out_debug ) fwrite(output_0,output_1-output_0,1,stdout);
++ if ( out_file ) {
++ if ( fwrite(output_0,output_1-output_0,1,out_file) < 1 ) {
++ printf( "failed to write output file!\n" );
++ exit( EXITBAD );
++ }
++ }
++ if ( out_debug ) {
++ if ( fwrite(output_0,output_1-output_0,1,stdout) < 1 ) {
++ printf( "failed to write output to stdout!\n" );
++ exit( EXITBAD );
++ }
++ }
+ }
+ output_0 = output_1;
+
+@@ -457,8 +467,18 @@
+ }
+ else if ( output_0 < output_1 )
+ {
+- if ( out_file ) fwrite(output_0,output_1-output_0,1,out_file);
+- if ( out_debug ) fwrite(output_0,output_1-output_0,1,stdout);
++ if ( out_file ) {
++ if ( fwrite(output_0,output_1-output_0,1,out_file) < 1 ) {
++ printf( "failed to write output file!\n" );
++ exit( EXITBAD );
++ }
++ }
++ if ( out_debug ) {
++ if ( fwrite(output_0,output_1-output_0,1,stdout) < 1 ) {
++ printf( "failed to write output to stdout!\n" );
++ exit( EXITBAD );
++ }
++ }
+ }
+
+ in = output_1;
Modified: boost/branches/1.36.0/debian/patches/series
===================================================================
--- boost/branches/1.36.0/debian/patches/series 2008-11-15 03:52:35 UTC (rev 14323)
+++ boost/branches/1.36.0/debian/patches/series 2008-11-15 04:39:49 UTC (rev 14324)
@@ -14,3 +14,4 @@
gcc43-spirit-1617.patch
gcc43-path_name_check.patch
date_time_date_formatting_hpp.patch
+jam-hardening.patch
More information about the pkg-boost-commits
mailing list