[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#932029: marked as done (stretch-pu: package gnuplot/5.2.6+dfsg1-1+deb10u1)

Your message dated Sun, 14 Jul 2019 13:14:56 +0200
with message-id <CALF6qJkFxR1=cdbtjNxvcpH4j+5bH3G5C4QmUn9=PY3syPxpJg@mail.gmail.com>
and subject line Duplicates
has caused the Debian Bug report #932029,
regarding stretch-pu: package gnuplot/5.2.6+dfsg1-1+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
932029: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932029
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Dear release team,

please consider the following buster-update for the gnuplot package.
This upload fixes the issue #926658.

Thanks

Anton

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAl0q/cARHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wZ/hxAAkMGXgPOoWbKMu/XGgWQ/pmejR7is2ncF
+e98xbUxycNLoL9qioNugf5dF5O7D4QNR2xjwJ7YZAXUQOZMVcKmzeIv3U2pP3Ij
JS/BmfAcBl5hXYW+BRKXO9yEIOmdVfv/n6NJ19ROuH+bTiaQukKsG3tURC0mztJS
soDihB1FKPoh9HzYPsyXxevOQ8OaiD71mwZdudW5r1dCKDR2uC2042DKD85T279T
eIqzzBOn/1PelagXChyoJZA5M2qz/ZpKiUkEHf5SVd89iUoCYuGwiRaTFoJ26Tko
3dNDs2qgFuQkFCwy8grpH7tT+yKzmbWpbpyaGGOGk8gzsYa6CytXsbKEbDsDpxn+
bwL3ikcW4rNhhuzletKzbvHh7i5EjcfX5sBUrQMYIjoD9YIxpFNcHxevA59whYjv
3WS9c6a6TIpFxgeubVskbkbMdLqpu5yki8uWVpYu2/wVC5U0gzwFbaBlL9yFZtPX
7igw7ci3e4vv3qorQjgVt+NjXLLTsxtnFG/2b5HBJxaQx3OXOUg/APcyJj9eBZZg
3lvDjN8+swgnyJCL4Fx6yWOaiLx+e4nItcOvhDDjPp3Ui+tDoxoDv9gljkfPVrsr
OIXZC7S5nGXwsQ1c9Sm0t315cvhCGPwQ5uObo1l7JkOaln4t/399Y1T9wxjuGHBX
CxIVqjY5A+A=
=bcul
-----END PGP SIGNATURE-----

diff -Nru gnuplot-5.2.6+dfsg1/debian/changelog gnuplot-5.2.6+dfsg1/debian/changelog
--- gnuplot-5.2.6+dfsg1/debian/changelog	2019-01-05 23:07:07.000000000 +0100
+++ gnuplot-5.2.6+dfsg1/debian/changelog	2019-07-14 09:49:07.000000000 +0200
@@ -1,3 +1,10 @@
+gnuplot (5.2.6+dfsg1-1+deb10u1) buster; urgency=medium
+
+  * [7b7626a] Fix incomplete/unsafe initialization of ARGV array.
+              (Closes: #926658)
+
+ -- Anton Gladky <gladk@debian.org>  Sun, 14 Jul 2019 09:49:07 +0200
+
 gnuplot (5.2.6+dfsg1-1) unstable; urgency=medium
 
   * [132187c] New upstream version 5.2.6+dfsg1
diff -Nru gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch
--- gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch	2019-07-14 09:48:48.000000000 +0200
@@ -0,0 +1,61 @@
+Description: fix incomplete/unsafe initialization of ARGV array
+Author:  Ethan A Merritt
+Origin: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/732014eefd41235a143626d2bc02d3d34934e1b3/
+Bug-Debian: https://bugs.debian.org/926658
+Bug: https://sourceforge.net/p/gnuplot/bugs/2115/
+
+
+Index: gnuplot-5.2.6+dfsg1/src/misc.c
+===================================================================
+--- gnuplot-5.2.6+dfsg1.orig/src/misc.c
++++ gnuplot-5.2.6+dfsg1/src/misc.c
+@@ -239,6 +239,7 @@ prepare_call(int calltype)
+     udv->udv_value.type = ARRAY;
+     ARGV = udv->udv_value.v.value_array = gp_alloc((argv_size + 1) * sizeof(t_value), "array state");
+     ARGV[0].v.int_val = argv_size;
++    ARGV[0].type = NOTDEFINED;
+ 
+     for (argindex = 1; argindex <= 9; argindex++) {
+ 	char *argstring = call_args[argindex-1];
+@@ -586,9 +587,14 @@ lf_push(FILE *fp, char *name, char *cmdl
+ 	}
+ 	/* Save ARGV[] */
+ 	lf->argv[0].v.int_val = 0;
++	lf->argv[0].type = NOTDEFINED;
+ 	if ((udv = get_udv_by_name("ARGV")) && udv->udv_value.type == ARRAY) {
+-	    for (argindex = 0; argindex <= call_argc; argindex++)
++	    for (argindex = 0; argindex <= call_argc; argindex++) {
+ 		lf->argv[argindex] = udv->udv_value.v.value_array[argindex];
++		if (lf->argv[argindex].type == STRING)
++		    lf->argv[argindex].v.string_val =
++			gp_strdup(lf->argv[argindex].v.string_val);
++	    }
+ 	}
+     }
+     lf->depth = lf_head ? lf_head->depth+1 : 0;	/* recursion depth */
+Index: gnuplot-5.2.6+dfsg1/src/plot.c
+===================================================================
+--- gnuplot-5.2.6+dfsg1.orig/src/plot.c
++++ gnuplot-5.2.6+dfsg1/src/plot.c
+@@ -1,7 +1,3 @@
+-#ifndef lint
+-static char *RCSid() { return RCSid("$Id: plot.c,v 1.174 2017/05/20 16:43:19 markisch Exp $"); }
+-#endif
+-
+ /* GNUPLOT - plot.c */
+ 
+ /*[
+@@ -638,10 +634,11 @@ RECOVER_FROM_ERROR_IN_DASH:
+ 		    fprintf(stderr, "syntax:  gnuplot -c scriptname args\n");
+ 		    gp_exit(EXIT_FAILURE);
+ 		}
+-		for (i=0; i<argc; i++)
++		call_argc = GPMIN(9, argc - 1);
++		for (i=0; i<=call_argc; i++) {
+ 		    /* Need to stash argv[i] somewhere visible to load_file() */
+ 		    call_args[i] = gp_strdup(argv[i+1]);
+-		call_argc = argc - 1;
++		}
+ 
+ 		load_file(loadpath_fopen(*argv, "r"), gp_strdup(*argv), 5);
+ 		gp_exit(EXIT_SUCCESS);
diff -Nru gnuplot-5.2.6+dfsg1/debian/patches/series gnuplot-5.2.6+dfsg1/debian/patches/series
--- gnuplot-5.2.6+dfsg1/debian/patches/series	2017-11-09 05:39:18.000000000 +0100
+++ gnuplot-5.2.6+dfsg1/debian/patches/series	2019-07-14 09:48:48.000000000 +0200
@@ -5,3 +5,4 @@
 10_removepicins.patch
 11_fix_linkage_wx.patch
 13_honour_SOURCE_DATE_EPOCH.patch
+15_fix_incomplete_ARGV_array_init.patch

--- End Message ---
--- Begin Message ---


--- End Message ---
Reply to: