rfdump patches: build system & format strings

Lukas Schwaighofer lukas at schwaighofer.name
Fri Apr 21 20:23:26 UTC 2017 

Hi rfdump developers,

I'm part of the team that packages your software rfdump for the Debian
distribution.  I've attached two patches which fix problems we've
encountered.


The first patch "configure.in-preserve-CFLAGS.patch" fixes the handling
of CFLAGS given to the configure script (which are ignored due to a
bug).  The problem is caused by the square brackets in `configure.in`
which are part of the perl expression ("$ARGV[0]").  They are removed
by the autoconf/m4 processing.  The resulting perl code in the
configure script is broken, as the square brackets are missing.
Encoding them using @<:@ and @:>@ fixes that problem.

In addition to that, the patch also makes sure that if the CFLAGS are
explicitly given to the configure script `-g` is no longer removed.
Instead the patch removes `-g` from the default CFLAGS to preserve the
original behavior to some extent (the software is still compiled
without `-g` for anyone who follows the `./configure`, `make`, `make
install` workflow).


The second patch "fix-format-security-errors.patch" fixes two instances
where a `char *message` is passed directly to a function that expects
a format string.  (This can be a security problem if the string
contains the formatting character %.)


Please consider merging these two patches.


Thank you
Lukas Schwaighofer

PS: If you reply to pkg-security-team@, your answer will be publicly
    logged as part of a mailing list archive. If you do not want that
    please reply to me privately.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: configure.in-preserve-CFLAGS.patch
Type: text/x-patch
Size: 1693 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20170421/509f1919/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-format-security-errors.patch
Type: text/x-patch
Size: 1039 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20170421/509f1919/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20170421/509f1919/attachment.sig>

More information about the Pkg-security-team mailing list