Re: security bug needs upload along with xlibs-dev transition Re: Bug#346856: intent to upload sponsored NMU to fix xlibs-dev bug

[Steve Langasek <vorlon@debian.org>]

On Tue, Jan 17, 2006 at 09:21:12AM +0100, Thomas Viehmann wrote:
> Justin Pryzby wrote:
> > You might consider mailing on -mentors, asking for a one time sponsor;
> > I'm mailing -qa for you right now.

> > In fact, please do this asap, because of the stack smash bug.  Also
> > change urgency to at least medium, and provide a patch to the security
> > team, since the package is in stable.

Is it confirmed that this stack smash bug is a security vulnerability?  Not
all are...

> I can't build it (see below for a pbuilder snippet).

Confirmed.

> Autoreconf doesn't work, either.

Well, I can't confirm this.  Jacob, please consider the attached patch,
which fixes some quoting issues in configure.ac and re-autoconfs the source.
Confirmed to work in pbuilder here.  If you would care to prepare a -4 that
includes these fixes, I'd be happy to sponsor for you (as, I imagine, would
Thomas).

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

diff -u xscorch-0.2.0/debian/changelog xscorch-0.2.0/debian/changelog
--- xscorch-0.2.0/debian/changelog
+++ xscorch-0.2.0/debian/changelog
@@ -1,10 +1,16 @@
-xscorch (0.2.0-4) unstable; urgency=low
+xscorch (0.2.0-3.1) unstable; urgency=high
 
+  * Non-maintainer upload.
+  * High-urgency upload for RC bugfix.
   * Update to Standards version 3.6.2
   * Apply upstream patch for potential stack smash
   * Get rid of build deps on xlibs-dev (Closes: #346856)
+  * Fix quoting in AC_MSG_ERROR() usage in configure.ac, and re-run
+    autoconf to lose the build-dependency on libxt for AC_PATH_XTRA.
+  * Remove check for libXpm, which is *not* needed directly by the gtk
+    interface.
 
- -- Jacob Luna Lundberg <jacob@gnifty.net>  Sun,  8 Jan 2006 20:14:02 -0800
+ -- Steve Langasek <vorlon@debian.org>  Tue, 17 Jan 2006 01:48:58 -0800
 
 xscorch (0.2.0-3) unstable; urgency=low
 
only in patch2:
unchanged:
--- xscorch-0.2.0.orig/configure
+++ xscorch-0.2.0/configure
@@ -25707,9 +25707,9 @@
 _ACEOF
 
 else
-  { { echo "$as_me:$LINENO: error: gettimeofday() not found" >&5
-echo "$as_me: error: gettimeofday() not found" >&2;}
-   { (exit aborting.); exit aborting.; }; }
+  { { echo "$as_me:$LINENO: error: gettimeofday() not found, aborting." >&5
+echo "$as_me: error: gettimeofday() not found, aborting." >&2;}
+   { (exit 1); exit 1; }; }
 fi
 done
 
@@ -25812,9 +25812,9 @@
 _ACEOF
 
 else
-  { { echo "$as_me:$LINENO: error: usleep() not found" >&5
-echo "$as_me: error: usleep() not found" >&2;}
-   { (exit aborting.); exit aborting.; }; }
+  { { echo "$as_me:$LINENO: error: usleep() not found, aborting." >&5
+echo "$as_me: error: usleep() not found, aborting." >&2;}
+   { (exit 1); exit 1; }; }
 fi
 done
 
@@ -25917,9 +25917,9 @@
 _ACEOF
 
 else
-  { { echo "$as_me:$LINENO: error: memcpy() not found" >&5
-echo "$as_me: error: memcpy() not found" >&2;}
-   { (exit aborting.); exit aborting.; }; }
+  { { echo "$as_me:$LINENO: error: memcpy() not found, aborting." >&5
+echo "$as_me: error: memcpy() not found, aborting." >&2;}
+   { (exit 1); exit 1; }; }
 fi
 done
 
@@ -26022,9 +26022,9 @@
 _ACEOF
 
 else
-  { { echo "$as_me:$LINENO: error: memset() not found" >&5
-echo "$as_me: error: memset() not found" >&2;}
-   { (exit aborting.); exit aborting.; }; }
+  { { echo "$as_me:$LINENO: error: memset() not found, aborting." >&5
+echo "$as_me: error: memset() not found, aborting." >&2;}
+   { (exit 1); exit 1; }; }
 fi
 done
 
@@ -26127,9 +26127,9 @@
 _ACEOF
 
 else
-  { { echo "$as_me:$LINENO: error: vsnprintf() not found" >&5
-echo "$as_me: error: vsnprintf() not found" >&2;}
-   { (exit aborting.); exit aborting.; }; }
+  { { echo "$as_me:$LINENO: error: vsnprintf() not found, aborting." >&5
+echo "$as_me: error: vsnprintf() not found, aborting." >&2;}
+   { (exit 1); exit 1; }; }
 fi
 done
 
@@ -26232,9 +26232,9 @@
 _ACEOF
 
 else
-  { { echo "$as_me:$LINENO: error: stat() not found" >&5
-echo "$as_me: error: stat() not found" >&2;}
-   { (exit aborting.); exit aborting.; }; }
+  { { echo "$as_me:$LINENO: error: stat() not found, aborting." >&5
+echo "$as_me: error: stat() not found, aborting." >&2;}
+   { (exit 1); exit 1; }; }
 fi
 done
 
@@ -26623,9 +26623,9 @@
 if test $ac_cv_lib_nsl_gethostbyname = yes; then
   NET_LIBS="$NET_LIBS -lnsl"
 else
-  { { echo "$as_me:$LINENO: error: gethostbyname() network function not found" >&5
-echo "$as_me: error: gethostbyname() network function not found" >&2;}
-   { (exit aborting.); exit aborting.; }; }
+  { { echo "$as_me:$LINENO: error: gethostbyname() network function not found, aborting." >&5
+echo "$as_me: error: gethostbyname() network function not found, aborting." >&2;}
+   { (exit 1); exit 1; }; }
 fi
 
 fi
@@ -26796,9 +26796,9 @@
 if test $ac_cv_lib_socket_socket = yes; then
   NET_LIBS="$NET_LIBS -lsocket"
 else
-  { { echo "$as_me:$LINENO: error: socket() network function not found" >&5
-echo "$as_me: error: socket() network function not found" >&2;}
-   { (exit aborting.); exit aborting.; }; }
+  { { echo "$as_me:$LINENO: error: socket() network function not found, aborting." >&5
+echo "$as_me: error: socket() network function not found, aborting." >&2;}
+   { (exit 1); exit 1; }; }
 fi
 
 fi
@@ -26990,7 +26990,7 @@
 cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
-#include <X11/Intrinsic.h>
+#include <X11/Xlib.h>
 _ACEOF
 if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
   (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
@@ -27017,7 +27017,7 @@
 sed 's/^/| /' conftest.$ac_ext >&5
 
   for ac_dir in $ac_x_header_dirs; do
-  if test -r "$ac_dir/X11/Intrinsic.h"; then
+  if test -r "$ac_dir/X11/Xlib.h"; then
     ac_x_includes=$ac_dir
     break
   fi
@@ -27031,18 +27031,18 @@
   # See if we find them without any special options.
   # Don't add to $LIBS permanently.
   ac_save_LIBS=$LIBS
-  LIBS="-lXt $LIBS"
+  LIBS="-lX11 $LIBS"
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
-#include <X11/Intrinsic.h>
+#include <X11/Xlib.h>
 int
 main ()
 {
-XtMalloc (0)
+XrmInitialize ()
   ;
   return 0;
 }
@@ -27080,7 +27080,7 @@
 do
   # Don't even attempt the hair of trying to link an X program!
   for ac_extension in a so sl; do
-    if test -r $ac_dir/libXt.$ac_extension; then
+    if test -r $ac_dir/libX11.$ac_extension; then
       ac_x_libraries=$ac_dir
       break 2
     fi
@@ -28336,86 +28336,9 @@
   LIBS="-lX11 $LIBS"
 
 else
-  { { echo "$as_me:$LINENO: error: libX11 is required for GTK interface" >&5
-echo "$as_me: error: libX11 is required for GTK interface" >&2;}
-   { (exit aborting.); exit aborting.; }; }
-fi
-
-
-echo "$as_me:$LINENO: checking for XpmCreateImageFromData in -lXpm" >&5
-echo $ECHO_N "checking for XpmCreateImageFromData in -lXpm... $ECHO_C" >&6
-if test "${ac_cv_lib_Xpm_XpmCreateImageFromData+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lXpm $X_LIBS $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char XpmCreateImageFromData ();
-int
-main ()
-{
-XpmCreateImageFromData ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_Xpm_XpmCreateImageFromData=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_lib_Xpm_XpmCreateImageFromData=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_Xpm_XpmCreateImageFromData" >&5
-echo "${ECHO_T}$ac_cv_lib_Xpm_XpmCreateImageFromData" >&6
-if test $ac_cv_lib_Xpm_XpmCreateImageFromData = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_LIBXPM 1
-_ACEOF
-
-  LIBS="-lXpm $LIBS"
-
-else
-  { { echo "$as_me:$LINENO: error: libXpm is required for GTK interface" >&5
-echo "$as_me: error: libXpm is required for GTK interface" >&2;}
-   { (exit aborting.); exit aborting.; }; }
+  { { echo "$as_me:$LINENO: error: libX11 is required for GTK interface, aborting." >&5
+echo "$as_me: error: libX11 is required for GTK interface, aborting." >&2;}
+   { (exit 1); exit 1; }; }
 fi
 
    LIBS=
only in patch2:
unchanged:
--- xscorch-0.2.0.orig/configure.ac
+++ xscorch-0.2.0/configure.ac
@@ -296,12 +296,12 @@
 
 dnl Checks for library functions.
 dnl
-AC_CHECK_FUNCS(gettimeofday, , AC_MSG_ERROR(gettimeofday() not found, aborting.))
-AC_CHECK_FUNCS(usleep, , AC_MSG_ERROR(usleep() not found, aborting.))
-AC_CHECK_FUNCS(memcpy, , AC_MSG_ERROR(memcpy() not found, aborting.))
-AC_CHECK_FUNCS(memset, , AC_MSG_ERROR(memset() not found, aborting.))
-AC_CHECK_FUNCS(vsnprintf, , AC_MSG_ERROR(vsnprintf() not found, aborting.))
-AC_CHECK_FUNCS(stat, , AC_MSG_ERROR(stat() not found, aborting.))
+AC_CHECK_FUNCS(gettimeofday, , [AC_MSG_ERROR([gettimeofday() not found, aborting.])])
+AC_CHECK_FUNCS(usleep, , [AC_MSG_ERROR([usleep() not found, aborting.])])
+AC_CHECK_FUNCS(memcpy, , [AC_MSG_ERROR([memcpy() not found, aborting.])])
+AC_CHECK_FUNCS(memset, , [AC_MSG_ERROR([memset() not found, aborting.])])
+AC_CHECK_FUNCS(vsnprintf, , [AC_MSG_ERROR([vsnprintf() not found, aborting.])])
+AC_CHECK_FUNCS(stat, , [AC_MSG_ERROR([stat() not found, aborting.])])
 AC_CHECK_FUNCS(strnlen)
 
 
@@ -317,11 +317,11 @@
 AC_SUBST(NET_LIBS)
 if test "x$NETWORK" = "x1"; then
    AC_CHECK_FUNCS(gethostbyname, ,
-      AC_CHECK_LIB(nsl, gethostbyname, NET_LIBS="$NET_LIBS -lnsl",
-         AC_MSG_ERROR(gethostbyname() network function not found, aborting.)))
+      [AC_CHECK_LIB(nsl, gethostbyname, NET_LIBS="$NET_LIBS -lnsl",
+         [AC_MSG_ERROR([gethostbyname() network function not found, aborting.])])])
    AC_CHECK_FUNCS(socket, ,
-      AC_CHECK_LIB(socket, socket, NET_LIBS="$NET_LIBS -lsocket",
-         AC_MSG_ERROR(socket() network function not found, aborting.)))
+      [AC_CHECK_LIB(socket, socket, NET_LIBS="$NET_LIBS -lsocket",
+         [AC_MSG_ERROR([socket() network function not found, aborting.])])])
    echo "Network libraries we're linking against: "`if test "x$NET_LIBS" = "x"; then echo "(none)"; else echo "$NET_LIBS"; fi`
 fi
 
@@ -335,8 +335,7 @@
 dnl
 if test "x$ANYGTK" = "x1"; then
    AC_PATH_XTRA
-   AC_CHECK_LIB(X11, XOpenDisplay, , AC_MSG_ERROR(libX11 is required for GTK interface, aborting.), $X_LIBS)
-   AC_CHECK_LIB(Xpm, XpmCreateImageFromData, , AC_MSG_ERROR(libXpm is required for GTK interface, aborting.), $X_LIBS)
+   AC_CHECK_LIB(X11, XOpenDisplay, , [AC_MSG_ERROR([libX11 is required for GTK interface, aborting.])], $X_LIBS)
    LIBS=
 fi
 AC_SUBST(X_LIBS)

Attachment: signature.asc
Description: Digital signature