[SCM] Debian packaging of libfile-mmagic-xs-perl branch, master, updated. debian/0.09006-3-2-g5041591

Dominic Hargreaves dom at earth.li
Tue Mar 6 19:24:38 UTC 2012 

The following commit has been merged in the master branch:
commit 5041591fccc92656a89def0ceb99a729dbd86ca4
Author: Dominic Hargreaves <dom at earth.li>
Date:   Tue Mar 6 19:22:49 2012 +0000

    Apply patch from Niko Tyni fixing FTBFS with -Werror=format-security (Closes: #661539)

diff --git a/debian/changelog b/debian/changelog
index 74a3834..68c1fad 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ libfile-mmagic-xs-perl (0.09006-4) UNRELEASED; urgency=low
   WAITS-FOR: debhelper 9 hardening flags fix (#662666)
 
   * Bump debhelper compat level to 9
+  * Apply patch from Niko Tyni fixing FTBFS with
+    -Werror=format-security (Closes: #661539)
 
  -- Dominic Hargreaves <dom at earth.li>  Tue, 06 Mar 2012 19:18:24 +0000
 
diff --git a/debian/patches/format_string_fix.diff b/debian/patches/format_string_fix.diff
new file mode 100644
index 0000000..1009d3f
--- /dev/null
+++ b/debian/patches/format_string_fix.diff
@@ -0,0 +1,35 @@
+>From 2a247110eb4ec1828e844410dd83249bb5af1e1e Mon Sep 17 00:00:00 2001
+From: Niko Tyni <ntyni at debian.org>
+Date: Mon, 5 Mar 2012 22:13:56 +0200
+Subject: [PATCH] Call croak() with a controlled format string
+
+Bug-Debian: http://bugs.debian.org/661539
+Bug: https://rt.cpan.org/Public/Bug/Display.html?id=75568
+
+This fixes builds with -Werror=format-security.
+
+The fatal error with an invalid offset contains a format string error
+that could be triggered with a crafted magic line.
+
+$ perl -MFile::MMagic::XS -e 'File::MMagic::XS->new->add_magic("%s%s%s%s")'
+Segmentation fault (core dumped)
+---
+ src/perl-mmagic-xs.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/src/perl-mmagic-xs.c b/src/perl-mmagic-xs.c
+index 019afb0..2af0d6e 100644
+--- a/src/perl-mmagic-xs.c
++++ b/src/perl-mmagic-xs.c
+@@ -927,7 +927,7 @@ fmm_parse_magic_line(PerlFMM *state, char *l, int lineno)
+         err = newSVpvf(
+             "fmm_parse_magic_line: offset %s invalid", l);
+         FMM_SET_ERROR(state, err);
+-        croak(SvPV_nolen(err));
++        croak("%s", SvPV_nolen(err));
+     }
+ 
+     l = t;
+-- 
+1.7.9.1
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..a8ab736
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+format_string_fix.diff

-- 
Debian packaging of libfile-mmagic-xs-perl

More information about the Pkg-perl-cvs-commits mailing list