Bug#862456: jessie-pu: package cfitsio/3.370-2+deb8u1
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Dear release team,
I would like to fix the cfitsio package in stable wrt bug#800819. The
wrong use of memcpy on overlapping area causes some tests in depending
packages to fail. More importantly this bug is likely to cause issues
on other architectures. The patch, which simply replaces memcpy by
memmove is included upstream for quite some time now, as well as in
stretch.
You will find below the full debdiff of the proposed changes. Thanks for
considering.
Regards,
Aurelien
diff -Nru cfitsio-3.370/debian/changelog cfitsio-3.370/debian/changelog
--- cfitsio-3.370/debian/changelog 2014-09-05 21:10:20.000000000 +0000
+++ cfitsio-3.370/debian/changelog 2017-05-12 20:25:50.000000000 +0000
@@ -1,3 +1,10 @@
+cfitsio (3.370-2+deb8u1) jessie; urgency=medium
+
+ * Add patches/09-memcpy-overlap.diff to use memmove instead of memcpy
+ where memory area might overlap (closes: #800819).
+
+ -- Aurelien Jarno <aurel32@debian.org> Fri, 12 May 2017 20:25:21 +0000
+
cfitsio (3.370-2) unstable; urgency=medium
* Upload to unstable.
diff -Nru cfitsio-3.370/debian/patches/09-memcpy-overlap.diff cfitsio-3.370/debian/patches/09-memcpy-overlap.diff
--- cfitsio-3.370/debian/patches/09-memcpy-overlap.diff 1970-01-01 00:00:00.000000000 +0000
+++ cfitsio-3.370/debian/patches/09-memcpy-overlap.diff 2017-05-12 20:25:18.000000000 +0000
@@ -0,0 +1,44 @@
+--- cfitsio-3.370.orig/getcolb.c
++++ cfitsio-3.370/getcolb.c
+@@ -1008,7 +1008,7 @@ int fffi1i1(unsigned char *input, /* I -
+ {
+ if (scale == 1. && zero == 0.) /* no scaling */
+ { /* this routine is normally not called in this case */
+- memcpy(output, input, ntodo );
++ memmove(output, input, ntodo );
+ }
+ else /* must scale the data */
+ {
+--- cfitsio-3.370.orig/getcold.c
++++ cfitsio-3.370/getcold.c
+@@ -1444,7 +1444,7 @@ int fffr8r8(double *input, /* I -
+ {
+ if (scale == 1. && zero == 0.) /* no scaling */
+ {
+- memcpy(output, input, ntodo * sizeof(double) );
++ memmove(output, input, ntodo * sizeof(double) );
+ }
+ else /* must scale the data */
+ {
+--- cfitsio-3.370.orig/getcole.c
++++ cfitsio-3.370/getcole.c
+@@ -1349,7 +1349,7 @@ int fffr4r4(float *input, /* I -
+ {
+ if (scale == 1. && zero == 0.) /* no scaling */
+ {
+- memcpy(output, input, ntodo * sizeof(float) );
++ memmove(output, input, ntodo * sizeof(float) );
+ }
+ else /* must scale the data */
+ {
+--- cfitsio-3.370.orig/getcoli.c
++++ cfitsio-3.370/getcoli.c
+@@ -1047,7 +1047,7 @@ int fffi2i2(short *input, /* I -
+ {
+ if (scale == 1. && zero == 0.) /* no scaling */
+ {
+- memcpy(output, input, ntodo * sizeof(short) );
++ memmove(output, input, ntodo * sizeof(short) );
+ }
+ else /* must scale the data */
+ {
diff -Nru cfitsio-3.370/debian/patches/series cfitsio-3.370/debian/patches/series
--- cfitsio-3.370/debian/patches/series 2014-09-05 21:09:53.000000000 +0000
+++ cfitsio-3.370/debian/patches/series 2017-05-12 20:25:18.000000000 +0000
@@ -6,3 +6,4 @@
06-fpack-funpack-dynamic-link.diff
07-testprog-static-link.diff
08-hurd.diff
+09-memcpy-overlap.diff
-- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64
(x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: