Bug#810542: jessie-pu: package curlftpfs/0.9.2-9~deb8u1
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
curlftpfs is misbuilt on 64-bit architectures due to a missing prototype
for getpass() (the implicit prototype causes a pointer-to-integer
truncation), see #795879
My proposed fix is just a rebuild of the sid package for jessie.
Andreas
diff -Nru curlftpfs-0.9.2/debian/changelog curlftpfs-0.9.2/debian/changelog
--- curlftpfs-0.9.2/debian/changelog 2014-05-15 10:23:06.000000000 +0200
+++ curlftpfs-0.9.2/debian/changelog 2016-01-09 19:39:13.000000000 +0100
@@ -1,3 +1,17 @@
+curlftpfs (0.9.2-9~deb8u1) jessie; urgency=medium
+
+ * Non-maintainer upload with maintainer approval.
+ * Rebuild for jessie.
+
+ -- Andreas Beckmann <anbe@debian.org> Sat, 09 Jan 2016 19:38:52 +0100
+
+curlftpfs (0.9.2-9) unstable; urgency=medium
+
+ * Avoid unsafe cast for getpass() on 64-bit archs. Closes: #795879.
+ * Bump Standards-Version to 3.9.6.
+
+ -- Vincent Bernat <bernat@debian.org> Mon, 17 Aug 2015 18:51:14 +0200
+
curlftpfs (0.9.2-8) unstable; urgency=medium
* Fix inconsistent use of _XOPEN_SOURCE flag. Closes: #748143.
diff -Nru curlftpfs-0.9.2/debian/control curlftpfs-0.9.2/debian/control
--- curlftpfs-0.9.2/debian/control 2014-05-10 09:47:33.000000000 +0200
+++ curlftpfs-0.9.2/debian/control 2015-08-17 18:53:36.000000000 +0200
@@ -6,7 +6,7 @@
libglib2.0-dev, libcurl4-gnutls-dev, libfuse-dev,
dh-autoreconf
Build-Conflicts: libcurl4-openssl-dev
-Standards-Version: 3.9.5
+Standards-Version: 3.9.6
Homepage: http://curlftpfs.sourceforge.net
Vcs-Svn: svn://anonscm.debian.org/collab-maint/deb-maint/curlftpfs/trunk/
Vcs-Browser: http://anonscm.debian.org/viewvc/collab-maint/deb-maint/curlftpfs/trunk/
diff -Nru curlftpfs-0.9.2/debian/patches/getpass-prototype.patch curlftpfs-0.9.2/debian/patches/getpass-prototype.patch
--- curlftpfs-0.9.2/debian/patches/getpass-prototype.patch 1970-01-01 01:00:00.000000000 +0100
+++ curlftpfs-0.9.2/debian/patches/getpass-prototype.patch 2015-08-17 18:50:43.000000000 +0200
@@ -0,0 +1,20 @@
+Description: add getpass() prototype
+ This function has been deprecated and is not declared with
+ _XOPEN_SOURCE>=600. To avoid fiddling too much with feature flags, we
+ just add its prototype to ensure a correct declaration.
+Forwarded: no (dead upstream)
+Bug: #795879
+
+Index: curlftpfs-0.9.2/ftpfs.c
+===================================================================
+--- curlftpfs-0.9.2.orig/ftpfs.c
++++ curlftpfs-0.9.2/ftpfs.c
+@@ -36,6 +36,8 @@
+
+ #define MAX_BUFFER_LEN (300*1024)
+
++extern char *getpass(const char *prompt);
++
+ struct ftpfs ftpfs;
+ static char error_buf[CURL_ERROR_SIZE];
+
diff -Nru curlftpfs-0.9.2/debian/patches/series curlftpfs-0.9.2/debian/patches/series
--- curlftpfs-0.9.2/debian/patches/series 2014-05-15 10:13:21.000000000 +0200
+++ curlftpfs-0.9.2/debian/patches/series 2015-08-17 18:47:12.000000000 +0200
@@ -3,3 +3,4 @@
nocache-memleak-fix.patch
curlftpfs__no_verify_hostname.patch
consistent-feature-flag.patch
+getpass-prototype.patch
Reply to: