mimelib 1.1.2 packages: strlcpy/strlcat vs. strcpy/strcat
Hello,
I plan to package libmimelib 1.1.2 for debian/unstable. Until now this
has been built/provided by kdepim from kde3, but as part of the kde4
transition kdepim3 has been removed from debian/unstable. Still lurker
depends on libmimelib1c2a, and migrating to libmimelib4 is not an option
as it would introduce tons of kdelibs dependencies that lurker doesn't
need at all.
So I copied kdepim-3.5.9/mimelib/ from the kdepim 3.5.9-5 source
package in order to build a standalone source package from it.
Now I've one problem: kde developers have patched mimelib heavily since
it has been added to kdepim, and one of the changes is to use
strlcpy/strlcat at some places.
Unfortunately, strlcpy/strlcat seems not to be available on a standard
linux system. Only stncpy/strncat and strcpy/strcat are.
The original standalone mimelib used strcpy/strcat, but mimelib is in
fact unmaintained upstream since 1997, so there is no real upstream
version available. Instead I found more than five different patched
versions of mimelib in the web, all of them differing a lot.
I would like to package the kdepim 3.5.9 version of mimelib. So what to
do? As far as I understand, there are three possibilities:
- patch mimelib from kdepim to use strcpy/strcat again, but I guess this
is not a good idea as strcpy/strcat seem to be insecure.
- patch mimelib from kdepim to use strncpy/strncat instead of
strlcpy/strlcat.
- define strlcpy/strlcat in a custom header file and include that one
where appropriate.
I don't know enough about this topic to make a decision on my own. Thus
I ask you for advice.
greetings,
jonas
Reply to: