Bug#700338: marked as done (unblock: imview/1.1.9c-11)

To: Julien Cristau <jcristau@debian.org>
Subject: Bug#700338: marked as done (unblock: imview/1.1.9c-11)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 16 Mar 2013 12:06:07 +0000
Message-id: <[🔎] handler.700338.D700338.136343548718785.ackdone@bugs.debian.org>
References: <20130316120442.GN5840@radis.cristau.org> <20130211191521.4240.28375.reportbug@debian.home.debian>

Your message dated Sat, 16 Mar 2013 13:04:42 +0100
with message-id <20130316120442.GN5840@radis.cristau.org>
and subject line Re: Bug#700338: unblock: imview/1.1.9c-11
has caused the Debian Bug report #700338,
regarding unblock: imview/1.1.9c-11
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
700338: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700338
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: imview/1.1.9c-11
From: Anton Gladky <gladk@debian.org>
Date: Mon, 11 Feb 2013 20:15:21 +0100
Message-id: <20130211191521.4240.28375.reportbug@debian.home.debian>
Reply-to: gladk@debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package imview

the version fixes RC-Bug #699820 (security issue)
and FTBFS on kFreeBSD-systems (it was detected after
the version 1.1.9c-10 uploaded).

unblock imview/1.1.9c-11

Thanks,

Anton

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.7-trunk-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff --git a/debian/changelog b/debian/changelog
index 58f7794..0691ced 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,23 @@
+imview (1.1.9c-11) unstable; urgency=low
+
+  * [8106c00] Fix FTBFS on kFreeBSD*.
+
+ -- Anton Gladky <gladk@debian.org>  Thu, 07 Feb 2013 22:06:57 +0100
+
+imview (1.1.9c-10) unstable; urgency=low
+
+  [ Anton Gladky ]
+  * [f6c935a] Update homepage. (Closes: #681761)
+  * [272f222] Add upstream-files.
+
+  [ Michael Terry ]
+  * [98e20d5] Prevent link fltk libraries statically.
+
+  [ Sebastian Ramacher ]
+  * [5832a2e] Fix stack smashing in ics-reader. (Closes: #699820)
+
+ -- Anton Gladky <gladk@debian.org>  Wed, 06 Feb 2013 19:46:55 +0100
+
 imview (1.1.9c-9) unstable; urgency=low
 
   * [2c68893] Fix FTBFS with gcc-4.7. Thanks to Sebastian Ramacher. 
diff --git a/debian/control b/debian/control
index 36230ff..bbad7fb 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: science
 Priority: optional
 Maintainer: Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>
 Uploaders: Teemu Ikonen <tpikonen@gmail.com>, Andreas Tille <tille@debian.org>, 
- Anton Gladky <gladky.anton@gmail.com>
+ Anton Gladky <gladk@debian.org>
 Vcs-Browser: http://git.debian.org/?p=debian-science/packages/imview.git
 Vcs-Git: http://git.debian.org/git/debian-science/packages/imview.git
 Build-Depends: debhelper (>= 7.0.50~), libfltk1.1-dev, fluid (>= 1.3.0),
diff --git a/debian/patches/04_fix_ics_stack_smashing.patch b/debian/patches/04_fix_ics_stack_smashing.patch
new file mode 100644
index 0000000..5ac532b
--- /dev/null
+++ b/debian/patches/04_fix_ics_stack_smashing.patch
@@ -0,0 +1,380 @@
+Description: fixes stack smashing in ics-reader
+Author: Sebastian Ramacher <sramacher@debian.org>
+        Sune Vuorela
+Bug-Debian: http://bugs.debian.org/699820
+Last-Update: 2013-02-06
+
+--- a/io/readics.cxx
++++ b/io/readics.cxx
+@@ -80,15 +80,15 @@
+ 
+     res = load_ics(name, &p, &thepixtype, &nx, &ny, &nz);
+ 
+-    pp = (void **)malloc(sizeof(void *));
+-    pp[0] = p;
+-    
+     if (res == 0) { // all went well
+ 	// now reprocess that according to content
+ 	
+ 	// the new buffer needs to be set first before
+ 	// the dimensions are changed because the previous buffer
+ 	// might be freed, and we will need its dimensions.
++  pp = (void **)malloc(sizeof(void *));
++  pp[0] = p;
++    
+ 	IOBlackBox->setCurrBuffp(pp);
+ 	IOBlackBox->setCurrImgWidth(nx);
+ 	IOBlackBox->setCurrImgHeight(ny);
+@@ -273,6 +273,13 @@
+     /* get the length of the ICS file and rewind */
+     length = (unsigned int)lseek(fd,0L,2);
+     lseek(fd,0L,0);
++
++    /* the first two characters are the seperators */
++    if (length < 2)
++    {
++      close(fd);
++      return -4;
++    }
+    
+   /* allocate space for all data from the ICS file */
+     if ((buffer1 = (char *)malloc(length)) == NULL)
+@@ -321,10 +328,15 @@
+     delim1 = *bp++;	/* field delimiter */
+     delim2 = *bp++;	/* record delimiter */
+     t = temp1;
+- 
++
++    size_t bread = 0;
++
+     /* check if written by ICS */
+-    while (*bp != delim2)
+-	*t++ = *bp++;
++    while (*bp != delim2 && bread < 3 && bp != end)
++    {
++    	*t++ = *bp++;
++      ++bread;
++    }
+     bp++;
+     *t = '\0';
+     if (strncmp(temp1,"ICS",3) && strncmp(temp1,"ics",3))
+@@ -337,13 +349,18 @@
+     /* get the filename from the ICS file */
+ 
+     t = temp1;
+-    while (*bp != delim2)
+-	*t++ = *bp++;
++    bread = 0;
++    while (*bp != delim2 && bread < sizeof(temp1) - 1 && bp != end)
++    {
++    	*t++ = *bp++;
++      ++bread;
++    }
+     bp++;
+     *t = '\0';
+ 
+     t = strchr(temp1,delim1);
+-    strcpy(icsheader->filename,t);
++    strncpy(icsheader->filename,t, FILENAME_SIZE);
++    icsheader->filename[FILENAME_SIZE - 1] = '\0';
+     *t = '\0';
+ 
+     if (strcmp(temp1,"filename"))
+@@ -360,18 +377,27 @@
+     {
+ 	/* get the next record into temp1 */
+ 	t = temp1;
+-	while (*bp != delim2 && bp < end)	/* dont read beyond EOF */
+-	    *t++ = *bp++;
++  bread = 0;
++	while (*bp != delim2 && bp < end && bread < sizeof(temp1) - 1)	/* dont read beyond EOF */
++  {
++    *t++ = *bp++;
++    ++bread;
++  }
+ 	bp++;
+ 	*t = '\0';
+       
+       /* get the category into temp2 */
++  bread = 0;
+ 	t = temp1;
+ 	tg = temp2;
+-	while (*t != delim1)
++	while (*t != delim1 && bread < sizeof(temp1) - 1)
++  {
+ 	    *tg++ = *t++;
++      ++bread;
++  }
+ 	t++;
+ 	*tg = '\0';
++  ++bread;
+ 
+       /* check if it is one of the decodable categories */
+ 	cat = 0;
+@@ -388,10 +414,14 @@
+ 	}
+ 	/* get the next field from this record */
+ 	tg = temp2;
+-	while (*t != delim1)
++	while (*t != delim1 && bread < sizeof(temp1) - 1)
++  {
+ 	    *tg++ = *t++;
++      ++bread;
++  }
+ 	t++;
+ 	*tg = '\0';
++  ++bread;
+ 
+       /* find this item in the keyword table */
+ 	for (i = 0; i < kwrds; i++)
+@@ -415,10 +445,14 @@
+ 		break;
+ 	    }
+ 	    tg = temp2;
+-	    while (*t != '\0')
+-		*tg++ = *t++;
++	    while (*t != '\0' && bread < sizeof(temp1) - 1)
++      {
++        *tg++ = *t++;
++        ++bread;
++      }
+ 	    *tg = '\0';
+ 	    t++;
++      ++bread;
+ 	    icsheader->parameters = atoi(temp2);
+ 	    if (icsheader->parameters > MAXDIM)
+ 	    {  /* if necessary change MAXDIM in ics.h */
+@@ -444,11 +478,15 @@
+ 	    for (i = 0; i < icsheader->parameters; i++)
+ 	    {
+ 		tg = temp2;
+-		while (*t != delim1 && *t != '\0')
++		while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1)
++    {
+ 		    *tg++ = *t++;
++        ++bread;
++    }
+ 		*tg = '\0';
+ 		t++;
+-		strcpy(icsheader->order[i],temp2);
++		strncpy(icsheader->order[i],temp2, ORDER_SIZE);
++    icsheader->order[i][ORDER_SIZE - 1] = '\0';
+ 	    }
+ 	    icsheader->valid_order = TRUE;
+ 	    break;
+@@ -468,10 +506,14 @@
+ 	    for (i = 0; i < icsheader->parameters; i++)
+ 	    {
+ 		tg = temp2;
+-		while (*t != delim1 && *t != '\0')
++		while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1)
++    {
+ 		    *tg++ = *t++;
++        ++bread;
++    }
+ 		*tg = '\0';
+ 		t++;
++    ++bread;
+ 		icsheader->sizes[i] = atoi(temp2);
+ 	    }
+ 	    icsheader->valid_sizes = TRUE;
+@@ -484,11 +526,16 @@
+ 		break;
+ 	    }
+ 	    tg = temp2;
+-	    while (*t != '\0')
+-		*tg++ = *t++;
++	    while (*t != '\0' && bread < sizeof(temp1) - 1)
++      {
++    		*tg++ = *t++;
++        ++bread;
++      }
+ 	    *tg = '\0';
+ 	    t++;
+-	    strcpy(icsheader->coord,temp2);
++      ++bread;
++	    strncpy(icsheader->coord,temp2, COORD_SIZE);
++      icsheader->coord[COORD_SIZE - 1] = '\0';
+ 	    icsheader->valid_coord = TRUE;
+ 	    break;
+ 	  case 4: /* significant bits */
+@@ -499,10 +546,14 @@
+ 		break;
+ 	    }
+ 	    tg = temp2;
+-	    while (*t != '\0')
+-		*tg++ = *t++;
++	    while (*t != '\0' && bread < sizeof(temp1) - 1)
++      {
++    		*tg++ = *t++;
++        ++bread;
++      }
+ 	    *tg = '\0';
+ 	    t++;
++      ++bread;
+ 	    icsheader->sigbits = atoi(temp2);
+ 	    icsheader->valid_sigbits = TRUE;
+ 	    break;
+@@ -514,11 +565,16 @@
+ 		break;
+ 	    }
+ 	    tg = temp2;
+-	    while (*t != '\0')
+-		*tg++ = *t++;
++	    while (*t != '\0' && bread < sizeof(temp1) - 1)
++      {
++    		*tg++ = *t++;
++        ++bread;
++      }
+ 	    *tg = '\0';
+ 	    t++;
+-	    strcpy(icsheader->format,temp2);
++      ++bread;
++	    strncpy(icsheader->format,temp2, FORMAT_SIZE);
++      icsheader->format[FORMAT_SIZE - 1] = '\0';
+ 	    icsheader->valid_format = TRUE;
+ 	    break;
+ 	  case 6: /* signed or unsigned */
+@@ -529,10 +585,14 @@
+ 		break;
+ 	    }
+ 	    tg = temp2;
+-	    while (*t != '\0')
+-		*tg++ = *t++;
++	    while (*t != '\0' && bread < sizeof(temp1) - 1)
++      {
++    		*tg++ = *t++;
++        ++bread;
++      }
+ 	    *tg = '\0';
+ 	    t++;
++      ++bread;
+ 	    if (!strcmp(temp2,"unsigned"))
+ 		icsheader->sign = UNSIGNED;
+ 	    else icsheader->sign = SIGNED;
+@@ -546,11 +606,16 @@
+ 		break;
+ 	    }
+ 	    tg = temp2;
+-	    while (*t != '\0')
+-		*tg++ = *t++;
++	    while (*t != '\0' && bread < sizeof(temp1) - 1)
++      {
++    		*tg++ = *t++;
++        ++bread;
++      }
+ 	    *tg = '\0';
+ 	    t++;
+-	    strcpy(icsheader->compression,temp2);
++      ++bread;
++	    strncpy(icsheader->compression,temp2, CMPS_SIZE);
++      icsheader->compression[CMPS_SIZE - 1] = '\0';
+ 	    icsheader->valid_compression = TRUE;
+ 	    break;
+ 	  case 8: /* origin */
+@@ -569,10 +634,14 @@
+ 	    for (i = 0; i < icsheader->parameters; i++)
+ 	    {
+ 		tg = temp2;
+-		while (*t != delim1 && *t != '\0')
++		while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1)
++    {
+ 		    *tg++ = *t++;
++        ++bread;
++    }
+ 		*tg = '\0';
+ 		t++;
++    ++bread;
+ 		icsheader->origin[i] = (float)atof(temp2);
+ 	    }
+ 	    icsheader->valid_origin = TRUE;
+@@ -593,10 +662,14 @@
+ 	    for (i = 0; i < icsheader->parameters; i++)
+ 	    {
+ 		tg = temp2;
+-		while (*t != delim1 && *t != '\0')
++		while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1)
++    {
+ 		    *tg++ = *t++;
++        ++bread;
++    }
+ 		*tg = '\0';
+ 		t++;
++    ++bread;
+ 		icsheader->scale[i] = (float)atof(temp2);
+ 	    }
+ 	    icsheader->valid_scale = TRUE;
+@@ -617,11 +690,16 @@
+ 	    for (i = 0; i < icsheader->parameters; i++)
+ 	    {
+ 		tg = temp2;
+-		while (*t != delim1 && *t != '\0')
++		while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1)
++    {
+ 		    *tg++ = *t++;
++        ++bread;
++    }
+ 		*tg = '\0';
+ 		t++;
+-		strcpy(icsheader->label[i],temp2);
++    ++bread;
++		strncpy(icsheader->label[i],temp2, LABEL_SIZE);
++    icsheader->label[i][LABEL_SIZE - 1] = '\0';
+ 	    }
+ 	    icsheader->valid_label = TRUE;
+ 	    break;
+@@ -641,11 +719,16 @@
+ 	    for (i = 0; i < icsheader->parameters; i++)
+ 	    {
+ 		tg = temp2;
+-		while (*t != delim1 && *t != '\0')
++		while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1)
++    {
+ 		    *tg++ = *t++;
++        ++bread;
++    }
+ 		*tg = '\0';
+ 		t++;
+-		strcpy(icsheader->units[i],temp2);
++    ++bread;
++		strncpy(icsheader->units[i],temp2, UNITS_SIZE);
++    icsheader->units[i][UNITS_SIZE - 1] = '\0';
+ 	    }
+ 	    icsheader->valid_units = TRUE;
+ 	    break;
+@@ -666,10 +749,14 @@
+ 	    for (ui = 0; ui < length; ui++)
+ 	    {
+ 		tg = temp2;
+-		while (*t != delim1 && *t != '\0')
++		while (*t != delim1 && *t != '\0' && bread < sizeof(temp1) - 1)
++    {
+ 		    *tg++ = *t++;
++        ++bread;
++    }
+ 		*tg = '\0';
+ 		t++;
++    ++bread;
+ 		icsheader->byteorder[ui] = atoi(temp2);
+ 	    }
+ 	    icsheader->valid_byteorder = TRUE;
+@@ -682,11 +769,16 @@
+ 		break;
+ 	    }
+ 	    tg = temp2;
+-	    while (*t != '\0')
+-		*tg++ = *t++;
++	    while (*t != '\0' && bread < sizeof(temp1) - 1)
++      {
++    		*tg++ = *t++;
++        ++bread;
++      }
+ 	    *tg = '\0';
+ 	    t++;
+-	    strcpy(icsheader->SCIL_TYPE,temp2);
++      ++bread;
++	    strncpy(icsheader->SCIL_TYPE,temp2, SCIL_SIZE);
++      icsheader->SCIL_TYPE[SCIL_SIZE - 1] = '\0';
+ 	    icsheader->valid_SCIL_TYPE = TRUE;
+ 	    break;
+ 	  default:
diff --git a/debian/patches/07_fix_kfreebsd_FTBFS.patch b/debian/patches/07_fix_kfreebsd_FTBFS.patch
new file mode 100644
index 0000000..28994a0
--- /dev/null
+++ b/debian/patches/07_fix_kfreebsd_FTBFS.patch
@@ -0,0 +1,16 @@
+Description: fix FTBFS on kFreeBSD* 
+  (aggregate 'semun arg' has incomplete type and cannot be defined)
+Author: Anton Gladky <gladk@debian.org> 
+Last-Update: 2013-02-07
+
+--- a/server/imshared.hxx
++++ b/server/imshared.hxx
+@@ -65,7 +65,7 @@
+ #include <setjmp.h>
+ 
+ // this is WEIRD! but required on Unices
+-#ifdef Linux
++#if  defined (Linux) || (__FreeBSD_kernel__)
+ #  if defined(__GNU_LIBRARY__) && !defined(_SEM_SEMUN_UNDEFINED)
+ #warning Incorrect <sys/sem.h>, workaround used.
+ /* union semun is defined by including <sys/sem.h> */
diff --git a/debian/patches/series b/debian/patches/series
index 4067bcd..276da68 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,6 @@
 01_fix_FTBFS_Fl_Widget.patch
 02_fix_FTBFS_gcc-4.patch
 03_non-static.patch
+04_fix_ics_stack_smashing.patch
+
+07_fix_kfreebsd_FTBFS.patch

--- End Message ---

--- Begin Message ---

To: Sebastian Ramacher <sramacher@debian.org>, 700338-done@bugs.debian.org

Subject: Re: Bug#700338: unblock: imview/1.1.9c-11

From: Julien Cristau <jcristau@debian.org>

Date: Sat, 16 Mar 2013 13:04:42 +0100

Message-id: <20130316120442.GN5840@radis.cristau.org>

In-reply-to: <20130212145535.GA8987@earth.ramacher.at>

References: <20130211191521.4240.28375.reportbug@debian.home.debian> <20130211194308.GI8837@radis.cristau.org> <20130211235750.GC25486@earth.ramacher.at> <20130212145535.GA8987@earth.ramacher.at>
On Tue, Feb 12, 2013 at 15:55:35 +0100, Sebastian Ramacher wrote:

> On 2013-02-12 00:57:50, Sebastian Ramacher wrote:
> > In the meanwhile I've also found some ics images in the libics source
> > package. There is test/testim_c.ics and the corresponding .ids file.
> > The thing is that I can't even open the file with the imview version
> > from wheezy. With the patch imview fails differenctly but still doesn't
> > display the image.
> 
> If the sign of the representation in testim_c.isc is changed to signed,
> imview from wheezy is able to display the image. -11 fails to do so.
> 
> > So instead of fixing the ICS support I'd just drop it and if there is
> > real interest in imview and the capability to read ICS files, the code
> > should be rewritten to use libics instead. But that's clearly something
> > for jessie.
> > 
> > I'm sorry for this horrible patch.
> 
> I'll prepare a new and hopefully much saner patch.
> 
Added a removal hint for now.  If a new patch appears in the next few
days we can reconsider.

Cheers,
Julien
Attachment: signature.asc
Description: Digital signature

--- End Message ---

Reply to:

Prev by Date: Re: request freeze exception for slony1-2
Next by Date: Bug#703158: unblock: calligra/1:2.4.4-3 (pre-approval)
Previous by thread: Re: Bug#678979: request freeze exception for slony1-2
Next by thread: Bug#700338: closed by Julien Cristau <jcristau@debian.org> (Re: Bug#700338: unblock: imview/1.1.9c-11)
Index(es):
- Date
- Thread