Bug#700338: unblock: imview/1.1.9c-11
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package imview
the version fixes RC-Bug #699820 (security issue)
and FTBFS on kFreeBSD-systems (it was detected after
the version 1.1.9c-10 uploaded).
unblock imview/1.1.9c-11
Thanks,
Anton
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.7-trunk-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff --git a/debian/changelog b/debian/changelog
index 58f7794..0691ced 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,23 @@
+imview (1.1.9c-11) unstable; urgency=low
+
+ * [8106c00] Fix FTBFS on kFreeBSD*.
+
+ -- Anton Gladky <gladk@debian.org> Thu, 07 Feb 2013 22:06:57 +0100
+
+imview (1.1.9c-10) unstable; urgency=low
+
+ [ Anton Gladky ]
+ * [f6c935a] Update homepage. (Closes: #681761)
+ * [272f222] Add upstream-files.
+
+ [ Michael Terry ]
+ * [98e20d5] Prevent link fltk libraries statically.
+
+ [ Sebastian Ramacher ]
+ * [5832a2e] Fix stack smashing in ics-reader. (Closes: #699820)
+
+ -- Anton Gladky <gladk@debian.org> Wed, 06 Feb 2013 19:46:55 +0100
+
imview (1.1.9c-9) unstable; urgency=low
* [2c68893] Fix FTBFS with gcc-4.7. Thanks to Sebastian Ramacher.
diff --git a/debian/control b/debian/control
index 36230ff..bbad7fb 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: science
Priority: optional
Maintainer: Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>
Uploaders: Teemu Ikonen <tpikonen@gmail.com>, Andreas Tille <tille@debian.org>,
- Anton Gladky <gladky.anton@gmail.com>
+ Anton Gladky <gladk@debian.org>
Vcs-Browser: http://git.debian.org/?p=debian-science/packages/imview.git
Vcs-Git: http://git.debian.org/git/debian-science/packages/imview.git
Build-Depends: debhelper (>= 7.0.50~), libfltk1.1-dev, fluid (>= 1.3.0),
diff --git a/debian/patches/04_fix_ics_stack_smashing.patch b/debian/patches/04_fix_ics_stack_smashing.patch
new file mode 100644
index 0000000..5ac532b
--- /dev/null
+++ b/debian/patches/04_fix_ics_stack_smashing.patch
@@ -0,0 +1,380 @@
+Description: fixes stack smashing in ics-reader
+Author: Sebastian Ramacher <sramacher@debian.org>
+ Sune Vuorela
+Bug-Debian: http://bugs.debian.org/699820
+Last-Update: 2013-02-06
+
+--- a/io/readics.cxx
++++ b/io/readics.cxx
+@@ -80,15 +80,15 @@
+
+ res = load_ics(name, &p, &thepixtype, &nx, &ny, &nz);
+
+- pp = (void **)malloc(sizeof(void *));
+- pp[0] = p;
+-
+ if (res == 0) { // all went well
+ // now reprocess that according to content
+
+ // the new buffer needs to be set first before
+ // the dimensions are changed because the previous buffer
+ // might be freed, and we will need its dimensions.
++ pp = (void **)malloc(sizeof(void *));
++ pp[0] = p;
++
+ IOBlackBox->setCurrBuffp(pp);
+ IOBlackBox->setCurrImgWidth(nx);
+ IOBlackBox->setCurrImgHeight(ny);
+@@ -273,6 +273,13 @@
+ /* get the length of the ICS file and rewind */
+ length = (unsigned int)lseek(fd,0L,2);
+ lseek(fd,0L,0);
++
++ /* the first two characters are the seperators */
++ if (length < 2)
++ {
++ close(fd);
++ return -4;
++ }
+
+ /* allocate space for all data from the ICS file */
+ if ((buffer1 = (char *)malloc(length)) == NULL)
+@@ -321,10 +328,15 @@
+ delim1 = *bp++; /* field delimiter */
+ delim2 = *bp++; /* record delimiter */
+ t = temp1;
+-
++
++ size_t bread = 0;
++
+ /* check if written by ICS */
+- while (*bp != delim2)
+- *t++ = *bp++;
++ while (*bp != delim2 && bread < 3 && bp != end)
++ {
++ *t++ = *bp++;
++ ++bread;
++ }
+ bp++;
+ *t = '\0';
+ if (strncmp(temp1,"ICS",3) && strncmp(temp1,"ics",3))
+@@ -337,13 +349,18 @@
+ /* get the filename from the ICS file */
+
+ t = temp1;
+- while (*bp != delim2)
+- *t++ = *bp++;
++ bread = 0;
++ while (*bp != delim2 && bread < sizeof(temp1) - 1 && bp != end)
++ {
++ *t++ = *bp++;
++ ++bread;
++ }
+ bp++;
+ *t = '\0';
+
+ t = strchr(temp1,delim1);
+- strcpy(icsheader->filename,t);
++ strncpy(icsheader->filename,t, FILENAME_SIZE);
++ icsheader->filename[FILENAME_SIZE - 1] = '\0';
+ *t = '\0';
+
+ if (strcmp(temp1,"filename"))
+@@ -360,18 +377,27 @@
+ {
+ /* get the next record into temp1 */
+ t = temp1;
+- while (*bp != delim2 && bp < end) /* dont read beyond EOF */
+- *t++ = *bp++;
++ bread = 0;
++ while (*bp != delim2 && bp < end && bread < sizeof(temp1) - 1) /* dont read beyond EOF */
++ {
++ *t++ = *bp++;
++ ++bread;
++ }
+ bp++;
+ *t = '\0';
+
+ /* get the category into temp2 */
++ bread = 0;
+ t = temp1;
+ tg = temp2;
+- while (*t != delim1)
++ while (*t != delim1 && bread < sizeof(temp1) - 1)
++ {
+ *tg++ = *t++;
++ ++bread;
++ }
+ t++;
+ *tg = '\0';
++ ++bread;
+
+ /* check if it is one of the decodable categories */
+ cat = 0;
+@@ -388,10 +414,14 @@
+ }
+ /* get the next field from this record */
+ tg = temp2;
+- while (*t != delim1)
++ while (*t != delim1 && bread < sizeof(temp1) - 1)
++ {
+ *tg++ = *t++;
++ ++bread;
++ }
+ t++;
+ *tg = '\0';
++ ++bread;
+
+ /* find this item in the keyword table */
+ for (i = 0; i < kwrds; i++)
+@@ -415,10 +445,14 @@
+ break;
+ }
+ tg = temp2;
+- while (*t != '\0')
+- *tg++ = *t++;
++ while (*t != '\0' && bread < sizeof(temp1) - 1)
++ {
++ *tg++ = *t++;
++ ++bread;
++ }
+ *tg = '\0';
+ t++;
++ ++bread;
+ icsheader->parameters = atoi(temp2);
+ if (icsheader->parameters > MAXDIM)
+ { /* if necessary change MAXDIM in ics.h */
+@@ -444,11 +478,15 @@
+ for (i = 0; i < icsheader->parameters; i++)
+ {
+ tg = temp2;
+- while (*t != delim1 && *t != '\0')
++ while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1)
++ {
+ *tg++ = *t++;
++ ++bread;
++ }
+ *tg = '\0';
+ t++;
+- strcpy(icsheader->order[i],temp2);
++ strncpy(icsheader->order[i],temp2, ORDER_SIZE);
++ icsheader->order[i][ORDER_SIZE - 1] = '\0';
+ }
+ icsheader->valid_order = TRUE;
+ break;
+@@ -468,10 +506,14 @@
+ for (i = 0; i < icsheader->parameters; i++)
+ {
+ tg = temp2;
+- while (*t != delim1 && *t != '\0')
++ while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1)
++ {
+ *tg++ = *t++;
++ ++bread;
++ }
+ *tg = '\0';
+ t++;
++ ++bread;
+ icsheader->sizes[i] = atoi(temp2);
+ }
+ icsheader->valid_sizes = TRUE;
+@@ -484,11 +526,16 @@
+ break;
+ }
+ tg = temp2;
+- while (*t != '\0')
+- *tg++ = *t++;
++ while (*t != '\0' && bread < sizeof(temp1) - 1)
++ {
++ *tg++ = *t++;
++ ++bread;
++ }
+ *tg = '\0';
+ t++;
+- strcpy(icsheader->coord,temp2);
++ ++bread;
++ strncpy(icsheader->coord,temp2, COORD_SIZE);
++ icsheader->coord[COORD_SIZE - 1] = '\0';
+ icsheader->valid_coord = TRUE;
+ break;
+ case 4: /* significant bits */
+@@ -499,10 +546,14 @@
+ break;
+ }
+ tg = temp2;
+- while (*t != '\0')
+- *tg++ = *t++;
++ while (*t != '\0' && bread < sizeof(temp1) - 1)
++ {
++ *tg++ = *t++;
++ ++bread;
++ }
+ *tg = '\0';
+ t++;
++ ++bread;
+ icsheader->sigbits = atoi(temp2);
+ icsheader->valid_sigbits = TRUE;
+ break;
+@@ -514,11 +565,16 @@
+ break;
+ }
+ tg = temp2;
+- while (*t != '\0')
+- *tg++ = *t++;
++ while (*t != '\0' && bread < sizeof(temp1) - 1)
++ {
++ *tg++ = *t++;
++ ++bread;
++ }
+ *tg = '\0';
+ t++;
+- strcpy(icsheader->format,temp2);
++ ++bread;
++ strncpy(icsheader->format,temp2, FORMAT_SIZE);
++ icsheader->format[FORMAT_SIZE - 1] = '\0';
+ icsheader->valid_format = TRUE;
+ break;
+ case 6: /* signed or unsigned */
+@@ -529,10 +585,14 @@
+ break;
+ }
+ tg = temp2;
+- while (*t != '\0')
+- *tg++ = *t++;
++ while (*t != '\0' && bread < sizeof(temp1) - 1)
++ {
++ *tg++ = *t++;
++ ++bread;
++ }
+ *tg = '\0';
+ t++;
++ ++bread;
+ if (!strcmp(temp2,"unsigned"))
+ icsheader->sign = UNSIGNED;
+ else icsheader->sign = SIGNED;
+@@ -546,11 +606,16 @@
+ break;
+ }
+ tg = temp2;
+- while (*t != '\0')
+- *tg++ = *t++;
++ while (*t != '\0' && bread < sizeof(temp1) - 1)
++ {
++ *tg++ = *t++;
++ ++bread;
++ }
+ *tg = '\0';
+ t++;
+- strcpy(icsheader->compression,temp2);
++ ++bread;
++ strncpy(icsheader->compression,temp2, CMPS_SIZE);
++ icsheader->compression[CMPS_SIZE - 1] = '\0';
+ icsheader->valid_compression = TRUE;
+ break;
+ case 8: /* origin */
+@@ -569,10 +634,14 @@
+ for (i = 0; i < icsheader->parameters; i++)
+ {
+ tg = temp2;
+- while (*t != delim1 && *t != '\0')
++ while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1)
++ {
+ *tg++ = *t++;
++ ++bread;
++ }
+ *tg = '\0';
+ t++;
++ ++bread;
+ icsheader->origin[i] = (float)atof(temp2);
+ }
+ icsheader->valid_origin = TRUE;
+@@ -593,10 +662,14 @@
+ for (i = 0; i < icsheader->parameters; i++)
+ {
+ tg = temp2;
+- while (*t != delim1 && *t != '\0')
++ while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1)
++ {
+ *tg++ = *t++;
++ ++bread;
++ }
+ *tg = '\0';
+ t++;
++ ++bread;
+ icsheader->scale[i] = (float)atof(temp2);
+ }
+ icsheader->valid_scale = TRUE;
+@@ -617,11 +690,16 @@
+ for (i = 0; i < icsheader->parameters; i++)
+ {
+ tg = temp2;
+- while (*t != delim1 && *t != '\0')
++ while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1)
++ {
+ *tg++ = *t++;
++ ++bread;
++ }
+ *tg = '\0';
+ t++;
+- strcpy(icsheader->label[i],temp2);
++ ++bread;
++ strncpy(icsheader->label[i],temp2, LABEL_SIZE);
++ icsheader->label[i][LABEL_SIZE - 1] = '\0';
+ }
+ icsheader->valid_label = TRUE;
+ break;
+@@ -641,11 +719,16 @@
+ for (i = 0; i < icsheader->parameters; i++)
+ {
+ tg = temp2;
+- while (*t != delim1 && *t != '\0')
++ while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1)
++ {
+ *tg++ = *t++;
++ ++bread;
++ }
+ *tg = '\0';
+ t++;
+- strcpy(icsheader->units[i],temp2);
++ ++bread;
++ strncpy(icsheader->units[i],temp2, UNITS_SIZE);
++ icsheader->units[i][UNITS_SIZE - 1] = '\0';
+ }
+ icsheader->valid_units = TRUE;
+ break;
+@@ -666,10 +749,14 @@
+ for (ui = 0; ui < length; ui++)
+ {
+ tg = temp2;
+- while (*t != delim1 && *t != '\0')
++ while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1)
++ {
+ *tg++ = *t++;
++ ++bread;
++ }
+ *tg = '\0';
+ t++;
++ ++bread;
+ icsheader->byteorder[ui] = atoi(temp2);
+ }
+ icsheader->valid_byteorder = TRUE;
+@@ -682,11 +769,16 @@
+ break;
+ }
+ tg = temp2;
+- while (*t != '\0')
+- *tg++ = *t++;
++ while (*t != '\0' && bread < sizeof(temp1) - 1)
++ {
++ *tg++ = *t++;
++ ++bread;
++ }
+ *tg = '\0';
+ t++;
+- strcpy(icsheader->SCIL_TYPE,temp2);
++ ++bread;
++ strncpy(icsheader->SCIL_TYPE,temp2, SCIL_SIZE);
++ icsheader->SCIL_TYPE[SCIL_SIZE - 1] = '\0';
+ icsheader->valid_SCIL_TYPE = TRUE;
+ break;
+ default:
diff --git a/debian/patches/07_fix_kfreebsd_FTBFS.patch b/debian/patches/07_fix_kfreebsd_FTBFS.patch
new file mode 100644
index 0000000..28994a0
--- /dev/null
+++ b/debian/patches/07_fix_kfreebsd_FTBFS.patch
@@ -0,0 +1,16 @@
+Description: fix FTBFS on kFreeBSD*
+ (aggregate 'semun arg' has incomplete type and cannot be defined)
+Author: Anton Gladky <gladk@debian.org>
+Last-Update: 2013-02-07
+
+--- a/server/imshared.hxx
++++ b/server/imshared.hxx
+@@ -65,7 +65,7 @@
+ #include <setjmp.h>
+
+ // this is WEIRD! but required on Unices
+-#ifdef Linux
++#if defined (Linux) || (__FreeBSD_kernel__)
+ # if defined(__GNU_LIBRARY__) && !defined(_SEM_SEMUN_UNDEFINED)
+ #warning Incorrect <sys/sem.h>, workaround used.
+ /* union semun is defined by including <sys/sem.h> */
diff --git a/debian/patches/series b/debian/patches/series
index 4067bcd..276da68 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,6 @@
01_fix_FTBFS_Fl_Widget.patch
02_fix_FTBFS_gcc-4.patch
03_non-static.patch
+04_fix_ics_stack_smashing.patch
+
+07_fix_kfreebsd_FTBFS.patch
Reply to: