[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#932028: marked as done (stretch-pu: package gnuplot/5.2.6+dfsg1-1+deb10u1)

Your message dated Sun, 14 Jul 2019 13:14:56 +0200
with message-id <CALF6qJkFxR1=cdbtjNxvcpH4j+5bH3G5C4QmUn9=PY3syPxpJg@mail.gmail.com>
and subject line Duplicates
has caused the Debian Bug report #932028,
regarding stretch-pu: package gnuplot/5.2.6+dfsg1-1+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
932028: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932028
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Dear release team,

please consider the following buster-update for the gnuplot package.
This upload fixes the issue #926658.

Thanks,

Anton

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAl0rAo0RHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wamNA//aJ7jiIEW51CfAgpF9gN6CI3bEHN9pLYJ
UALWTP5tIzKesg9oxMXGlg4j6pkNlVV4D8rYFgh1mVTzwmHcWtx88NiO0L7rZnr+
Jsvq0BPhEVfZf10pxPuyYP9f7m4mU6x1LIf+48iMAOw59grP0pu4YlpdGie67Yie
jX99KKKUenZP+zpAafRuiQ+UHggY3J2ofoyjtKWrWPoTuCyyEhfPE3wJgc96qJE8
jKZvqxuoBGyPLb/iX67wJowOFfDo7aXRme9/sybNPWM3QXOdpIxaehOmWCywZ9pP
mqdktLoERdv/yP/w33KeSTilbfu6naqCasBh1DJu44HZQdVNtLuEDJ/rk0X4qv9m
FkG9X7xHHX0FqPuPeru2vc5h71pkZfIpIUodrCOjBmwaSWOfvlK6XP56TrIwDipR
qgjkWKFIbWQLm8pN3OMnk3pByVhanB9MhKcqNBtUKDVUIJEdqmcAqi97STD7kkAC
UL3ef9GGLZcvBmzur9kPNJmOYukH7QW3IkhIP/lbW06BqIarMLEu2COL4raX6Q9F
QH50zdGP4CJIEy7e9fCqKZk4bWpsuiRtTHQni4V2WqdD3zPA22x4dqzSpw31vDEw
5appCh4QBx3OIRxMsvCk1uWJ2K8gme+8Rv2+/rjNTdk47hdJVdS8lvTqfh9yVKt7
zofxD1s7cX4=
=KhD4
-----END PGP SIGNATURE-----

diff -Nru gnuplot-5.2.6+dfsg1/debian/changelog gnuplot-5.2.6+dfsg1/debian/changelog
--- gnuplot-5.2.6+dfsg1/debian/changelog	2019-01-05 23:07:07.000000000 +0100
+++ gnuplot-5.2.6+dfsg1/debian/changelog	2019-07-14 09:49:07.000000000 +0200
@@ -1,3 +1,10 @@
+gnuplot (5.2.6+dfsg1-1+deb10u1) buster; urgency=medium
+
+  * [7b7626a] Fix incomplete/unsafe initialization of ARGV array.
+              (Closes: #926658)
+
+ -- Anton Gladky <gladk@debian.org>  Sun, 14 Jul 2019 09:49:07 +0200
+
 gnuplot (5.2.6+dfsg1-1) unstable; urgency=medium
 
   * [132187c] New upstream version 5.2.6+dfsg1
diff -Nru gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch
--- gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch	2019-07-14 09:48:48.000000000 +0200
@@ -0,0 +1,61 @@
+Description: fix incomplete/unsafe initialization of ARGV array
+Author:  Ethan A Merritt
+Origin: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/732014eefd41235a143626d2bc02d3d34934e1b3/
+Bug-Debian: https://bugs.debian.org/926658
+Bug: https://sourceforge.net/p/gnuplot/bugs/2115/
+
+
+Index: gnuplot-5.2.6+dfsg1/src/misc.c
+===================================================================
+--- gnuplot-5.2.6+dfsg1.orig/src/misc.c
++++ gnuplot-5.2.6+dfsg1/src/misc.c
+@@ -239,6 +239,7 @@ prepare_call(int calltype)
+     udv->udv_value.type = ARRAY;
+     ARGV = udv->udv_value.v.value_array = gp_alloc((argv_size + 1) * sizeof(t_value), "array state");
+     ARGV[0].v.int_val = argv_size;
++    ARGV[0].type = NOTDEFINED;
+ 
+     for (argindex = 1; argindex <= 9; argindex++) {
+ 	char *argstring = call_args[argindex-1];
+@@ -586,9 +587,14 @@ lf_push(FILE *fp, char *name, char *cmdl
+ 	}
+ 	/* Save ARGV[] */
+ 	lf->argv[0].v.int_val = 0;
++	lf->argv[0].type = NOTDEFINED;
+ 	if ((udv = get_udv_by_name("ARGV")) && udv->udv_value.type == ARRAY) {
+-	    for (argindex = 0; argindex <= call_argc; argindex++)
++	    for (argindex = 0; argindex <= call_argc; argindex++) {
+ 		lf->argv[argindex] = udv->udv_value.v.value_array[argindex];
++		if (lf->argv[argindex].type == STRING)
++		    lf->argv[argindex].v.string_val =
++			gp_strdup(lf->argv[argindex].v.string_val);
++	    }
+ 	}
+     }
+     lf->depth = lf_head ? lf_head->depth+1 : 0;	/* recursion depth */
+Index: gnuplot-5.2.6+dfsg1/src/plot.c
+===================================================================
+--- gnuplot-5.2.6+dfsg1.orig/src/plot.c
++++ gnuplot-5.2.6+dfsg1/src/plot.c
+@@ -1,7 +1,3 @@
+-#ifndef lint
+-static char *RCSid() { return RCSid("$Id: plot.c,v 1.174 2017/05/20 16:43:19 markisch Exp $"); }
+-#endif
+-
+ /* GNUPLOT - plot.c */
+ 
+ /*[
+@@ -638,10 +634,11 @@ RECOVER_FROM_ERROR_IN_DASH:
+ 		    fprintf(stderr, "syntax:  gnuplot -c scriptname args\n");
+ 		    gp_exit(EXIT_FAILURE);
+ 		}
+-		for (i=0; i<argc; i++)
++		call_argc = GPMIN(9, argc - 1);
++		for (i=0; i<=call_argc; i++) {
+ 		    /* Need to stash argv[i] somewhere visible to load_file() */
+ 		    call_args[i] = gp_strdup(argv[i+1]);
+-		call_argc = argc - 1;
++		}
+ 
+ 		load_file(loadpath_fopen(*argv, "r"), gp_strdup(*argv), 5);
+ 		gp_exit(EXIT_SUCCESS);
diff -Nru gnuplot-5.2.6+dfsg1/debian/patches/series gnuplot-5.2.6+dfsg1/debian/patches/series
--- gnuplot-5.2.6+dfsg1/debian/patches/series	2017-11-09 05:39:18.000000000 +0100
+++ gnuplot-5.2.6+dfsg1/debian/patches/series	2019-07-14 09:48:48.000000000 +0200
@@ -5,3 +5,4 @@
 10_removepicins.patch
 11_fix_linkage_wx.patch
 13_honour_SOURCE_DATE_EPOCH.patch
+15_fix_incomplete_ARGV_array_init.patch

--- End Message ---
--- Begin Message ---


--- End Message ---
Reply to: