Bug#690895: unblock: giflib/4.1.6-10
reopen 690895
thanks
Hello again,
On Thursday 18 October 2012, you wrote:
> On 2012-10-18 23:23, Thibaut Gridel wrote:
> > Hi!
> > Please unblock giflib
>
> Thank you for your interest.
>
> We can allow a minimal patch for the hardning fixes (/without/ a
> debhelper compat bump) if it goes via unstable, if needed.
Please find enclosed proposed new debdiff,
only for enabling hardening and fixes.
Best Regards,
Thibaut
diff -Nru giflib-4.1.6/debian/changelog giflib-4.1.6/debian/changelog
--- giflib-4.1.6/debian/changelog 2012-04-28 18:30:07.000000000 +0200
+++ giflib-4.1.6/debian/changelog 2012-10-19 23:04:11.000000000 +0200
@@ -1,3 +1,11 @@
+giflib (4.1.6-10) unstable; urgency=low
+
+ * Fixing fprintf issues by YunQiang Su.
+ * Hardening build flags (Closes: #673660).
+ * Updating Standards (no change).
+
+ -- Thibaut Gridel <tgridel@free.fr> Fri, 19 Oct 2012 23:03:46 +0200
+
giflib (4.1.6-9.1) unstable; urgency=low
* Non-maintainer upload.
diff -Nru giflib-4.1.6/debian/control giflib-4.1.6/debian/control
--- giflib-4.1.6/debian/control 2012-04-28 18:29:49.000000000 +0200
+++ giflib-4.1.6/debian/control 2012-10-19 23:04:11.000000000 +0200
@@ -1,9 +1,9 @@
Source: giflib
Section: libs
Priority: optional
-Maintainer: Thibaut GRIDEL <tgridel@free.fr>
+Maintainer: Thibaut Gridel <tgridel@free.fr>
Build-Depends: debhelper (>= 7.0.50~), autotools-dev, automake, autoconf, libtool (>=2.2.6)
-Standards-Version: 3.8.3
+Standards-Version: 3.9.3
Homepage: http://giflib.sourceforge.net/
Vcs-Browser: http://git.debian.org/?p=collab-maint/giflib.git;a=summary
Vcs-Git: git://git.debian.org/collab-maint/giflib.git
diff -Nru giflib-4.1.6/debian/patches/04-fprintf_format_error.patch giflib-4.1.6/debian/patches/04-fprintf_format_error.patch
--- giflib-4.1.6/debian/patches/04-fprintf_format_error.patch 1970-01-01 01:00:00.000000000 +0100
+++ giflib-4.1.6/debian/patches/04-fprintf_format_error.patch 2012-10-19 23:04:11.000000000 +0200
@@ -0,0 +1,377 @@
+Index: giflib-4.1.6/util/gif2epsn.c
+===================================================================
+--- giflib-4.1.6.orig/util/gif2epsn.c 2011-11-03 17:58:55.451972034 +0800
++++ giflib-4.1.6/util/gif2epsn.c 2011-11-03 18:02:13.000000000 +0800
+@@ -146,7 +146,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s",VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gif2iris.c
+===================================================================
+--- giflib-4.1.6.orig/util/gif2iris.c 2011-11-03 17:58:55.475972156 +0800
++++ giflib-4.1.6/util/gif2iris.c 2011-11-03 18:02:13.000000000 +0800
+@@ -111,7 +111,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gif2ps.c
+===================================================================
+--- giflib-4.1.6.orig/util/gif2ps.c 2011-11-03 17:58:55.503972298 +0800
++++ giflib-4.1.6/util/gif2ps.c 2011-11-03 18:02:13.000000000 +0800
+@@ -129,7 +129,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gif2rgb.c
+===================================================================
+--- giflib-4.1.6.orig/util/gif2rgb.c 2011-11-03 17:58:55.539972474 +0800
++++ giflib-4.1.6/util/gif2rgb.c 2011-11-03 18:02:13.000000000 +0800
+@@ -108,7 +108,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gif2rle.c
+===================================================================
+--- giflib-4.1.6.orig/util/gif2rle.c 2011-11-03 17:58:55.567972612 +0800
++++ giflib-4.1.6/util/gif2rle.c 2011-11-03 18:02:13.000000000 +0800
+@@ -103,7 +103,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gifasm.c
+===================================================================
+--- giflib-4.1.6.orig/util/gifasm.c 2011-11-03 17:58:55.587972712 +0800
++++ giflib-4.1.6/util/gifasm.c 2011-11-03 18:02:13.000000000 +0800
+@@ -98,7 +98,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gifbg.c
+===================================================================
+--- giflib-4.1.6.orig/util/gifbg.c 2011-11-03 18:02:13.000000000 +0800
++++ giflib-4.1.6/util/gifbg.c 2011-11-03 18:04:31.945640624 +0800
+@@ -130,7 +130,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gifclip.c
+===================================================================
+--- giflib-4.1.6.orig/util/gifclip.c 2011-11-03 17:58:55.643972986 +0800
++++ giflib-4.1.6/util/gifclip.c 2011-11-03 18:02:13.000000000 +0800
+@@ -92,7 +92,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gifclrmp.c
+===================================================================
+--- giflib-4.1.6.orig/util/gifclrmp.c 2011-11-03 17:58:55.667973112 +0800
++++ giflib-4.1.6/util/gifclrmp.c 2011-11-03 18:02:13.000000000 +0800
+@@ -111,7 +111,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gifcolor.c
+===================================================================
+--- giflib-4.1.6.orig/util/gifcolor.c 2011-11-03 17:58:55.687973208 +0800
++++ giflib-4.1.6/util/gifcolor.c 2011-11-03 18:02:13.000000000 +0800
+@@ -89,7 +89,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gifcomb.c
+===================================================================
+--- giflib-4.1.6.orig/util/gifcomb.c 2011-11-03 17:58:55.707973306 +0800
++++ giflib-4.1.6/util/gifcomb.c 2011-11-03 18:02:13.000000000 +0800
+@@ -93,7 +93,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/giffix.c
+===================================================================
+--- giflib-4.1.6.orig/util/giffix.c 2011-11-03 17:58:55.863974080 +0800
++++ giflib-4.1.6/util/giffix.c 2011-11-03 18:02:13.000000000 +0800
+@@ -90,7 +90,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gifflip.c
+===================================================================
+--- giflib-4.1.6.orig/util/gifflip.c 2011-11-03 17:58:55.891974218 +0800
++++ giflib-4.1.6/util/gifflip.c 2011-11-03 18:02:13.000000000 +0800
+@@ -104,7 +104,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gifhisto.c
+===================================================================
+--- giflib-4.1.6.orig/util/gifhisto.c 2011-11-03 17:58:55.931974418 +0800
++++ giflib-4.1.6/util/gifhisto.c 2011-11-03 18:02:13.000000000 +0800
+@@ -112,7 +112,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gifinfo.c
+===================================================================
+--- giflib-4.1.6.orig/util/gifinfo.c 2011-11-03 17:58:55.963974576 +0800
++++ giflib-4.1.6/util/gifinfo.c 2011-11-03 18:02:13.000000000 +0800
+@@ -104,7 +104,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ printf("Format: quoted text string used for formating of information\n");
+ printf(" Special characters for various information can be used\n");
+Index: giflib-4.1.6/util/gifinter.c
+===================================================================
+--- giflib-4.1.6.orig/util/gifinter.c 2011-11-03 17:58:56.003974774 +0800
++++ giflib-4.1.6/util/gifinter.c 2011-11-03 18:02:13.000000000 +0800
+@@ -98,7 +98,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gifinto.c
+===================================================================
+--- giflib-4.1.6.orig/util/gifinto.c 2011-11-03 17:58:56.039974952 +0800
++++ giflib-4.1.6/util/gifinto.c 2011-11-03 18:02:13.000000000 +0800
+@@ -96,7 +96,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gifovly.c
+===================================================================
+--- giflib-4.1.6.orig/util/gifovly.c 2011-11-03 17:58:56.059975052 +0800
++++ giflib-4.1.6/util/gifovly.c 2011-11-03 18:02:13.000000000 +0800
+@@ -73,7 +73,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gifpos.c
+===================================================================
+--- giflib-4.1.6.orig/util/gifpos.c 2011-11-03 17:58:56.083975170 +0800
++++ giflib-4.1.6/util/gifpos.c 2011-11-03 18:02:13.000000000 +0800
+@@ -90,7 +90,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gifrotat.c
+===================================================================
+--- giflib-4.1.6.orig/util/gifrotat.c 2011-11-03 17:58:56.111975310 +0800
++++ giflib-4.1.6/util/gifrotat.c 2011-11-03 18:02:13.000000000 +0800
+@@ -117,7 +117,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gifrsize.c
+===================================================================
+--- giflib-4.1.6.orig/util/gifrsize.c 2011-11-03 17:58:56.143975468 +0800
++++ giflib-4.1.6/util/gifrsize.c 2011-11-03 18:02:13.000000000 +0800
+@@ -113,7 +113,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/giftext.c
+===================================================================
+--- giflib-4.1.6.orig/util/giftext.c 2011-11-03 17:58:56.183975670 +0800
++++ giflib-4.1.6/util/giftext.c 2011-11-03 18:02:13.000000000 +0800
+@@ -102,7 +102,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gifwedge.c
+===================================================================
+--- giflib-4.1.6.orig/util/gifwedge.c 2011-11-03 17:58:56.215975826 +0800
++++ giflib-4.1.6/util/gifwedge.c 2011-11-03 18:02:13.000000000 +0800
+@@ -94,7 +94,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/icon2gif.c
+===================================================================
+--- giflib-4.1.6.orig/util/icon2gif.c 2011-11-03 17:58:56.243975968 +0800
++++ giflib-4.1.6/util/icon2gif.c 2011-11-03 18:02:13.000000000 +0800
+@@ -94,7 +94,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/raw2gif.c
+===================================================================
+--- giflib-4.1.6.orig/util/raw2gif.c 2011-11-03 17:58:56.263976064 +0800
++++ giflib-4.1.6/util/raw2gif.c 2011-11-03 18:02:13.000000000 +0800
+@@ -118,7 +118,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/rgb2gif.c
+===================================================================
+--- giflib-4.1.6.orig/util/rgb2gif.c 2011-11-03 17:58:56.287976186 +0800
++++ giflib-4.1.6/util/rgb2gif.c 2011-11-03 18:02:13.000000000 +0800
+@@ -111,7 +111,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/rle2gif.c
+===================================================================
+--- giflib-4.1.6.orig/util/rle2gif.c 2011-11-03 17:58:56.311976302 +0800
++++ giflib-4.1.6/util/rle2gif.c 2011-11-03 18:02:13.000000000 +0800
+@@ -105,7 +105,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/text2gif.c
+===================================================================
+--- giflib-4.1.6.orig/util/text2gif.c 2011-11-03 17:58:56.335976420 +0800
++++ giflib-4.1.6/util/text2gif.c 2011-11-03 18:02:13.000000000 +0800
+@@ -107,7 +107,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
+Index: giflib-4.1.6/util/gif2x11.c
+===================================================================
+--- giflib-4.1.6.orig/util/gif2x11.c 2011-11-03 17:58:56.363976560 +0800
++++ giflib-4.1.6/util/gif2x11.c 2011-11-03 18:02:13.000000000 +0800
+@@ -143,7 +143,7 @@
+ }
+
+ if (HelpFlag) {
+- fprintf(stderr, VersionStr);
++ fprintf(stderr, "%s", VersionStr);
+ GAPrintHowTo(CtrlStr);
+ exit(EXIT_SUCCESS);
+ }
diff -Nru giflib-4.1.6/debian/patches/series giflib-4.1.6/debian/patches/series
--- giflib-4.1.6/debian/patches/series 2010-01-13 21:22:18.000000000 +0100
+++ giflib-4.1.6/debian/patches/series 2012-10-19 23:04:11.000000000 +0200
@@ -1,3 +1,4 @@
01-cve.patch
02-doc_fixes.patch
03-spelling_fixes.patch
+04-fprintf_format_error.patch
diff -Nru giflib-4.1.6/debian/rules giflib-4.1.6/debian/rules
--- giflib-4.1.6/debian/rules 2010-01-13 21:22:18.000000000 +0100
+++ giflib-4.1.6/debian/rules 2012-10-19 23:04:11.000000000 +0200
@@ -26,7 +26,8 @@
override_dh_auto_configure:
autoreconf -fi
- dh_auto_configure -- --disable-x11 --disable-rpath
+ dh_auto_configure -- --disable-x11 --disable-rpath \
+ $(shell dpkg-buildflags --export=configure)
override_dh_auto_install:
dh_auto_install
Reply to: