--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear release team,
please consider the following buster-update for the gnuplot package.
This upload fixes the issue #926658.
Thanks
Anton
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAl0q/cARHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wZ/hxAAkMGXgPOoWbKMu/XGgWQ/pmejR7is2ncF
+e98xbUxycNLoL9qioNugf5dF5O7D4QNR2xjwJ7YZAXUQOZMVcKmzeIv3U2pP3Ij
JS/BmfAcBl5hXYW+BRKXO9yEIOmdVfv/n6NJ19ROuH+bTiaQukKsG3tURC0mztJS
soDihB1FKPoh9HzYPsyXxevOQ8OaiD71mwZdudW5r1dCKDR2uC2042DKD85T279T
eIqzzBOn/1PelagXChyoJZA5M2qz/ZpKiUkEHf5SVd89iUoCYuGwiRaTFoJ26Tko
3dNDs2qgFuQkFCwy8grpH7tT+yKzmbWpbpyaGGOGk8gzsYa6CytXsbKEbDsDpxn+
bwL3ikcW4rNhhuzletKzbvHh7i5EjcfX5sBUrQMYIjoD9YIxpFNcHxevA59whYjv
3WS9c6a6TIpFxgeubVskbkbMdLqpu5yki8uWVpYu2/wVC5U0gzwFbaBlL9yFZtPX
7igw7ci3e4vv3qorQjgVt+NjXLLTsxtnFG/2b5HBJxaQx3OXOUg/APcyJj9eBZZg
3lvDjN8+swgnyJCL4Fx6yWOaiLx+e4nItcOvhDDjPp3Ui+tDoxoDv9gljkfPVrsr
OIXZC7S5nGXwsQ1c9Sm0t315cvhCGPwQ5uObo1l7JkOaln4t/399Y1T9wxjuGHBX
CxIVqjY5A+A=
=bcul
-----END PGP SIGNATURE-----
diff -Nru gnuplot-5.2.6+dfsg1/debian/changelog gnuplot-5.2.6+dfsg1/debian/changelog
--- gnuplot-5.2.6+dfsg1/debian/changelog 2019-01-05 23:07:07.000000000 +0100
+++ gnuplot-5.2.6+dfsg1/debian/changelog 2019-07-14 09:49:07.000000000 +0200
@@ -1,3 +1,10 @@
+gnuplot (5.2.6+dfsg1-1+deb10u1) buster; urgency=medium
+
+ * [7b7626a] Fix incomplete/unsafe initialization of ARGV array.
+ (Closes: #926658)
+
+ -- Anton Gladky <gladk@debian.org> Sun, 14 Jul 2019 09:49:07 +0200
+
gnuplot (5.2.6+dfsg1-1) unstable; urgency=medium
* [132187c] New upstream version 5.2.6+dfsg1
diff -Nru gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch
--- gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnuplot-5.2.6+dfsg1/debian/patches/15_fix_incomplete_ARGV_array_init.patch 2019-07-14 09:48:48.000000000 +0200
@@ -0,0 +1,61 @@
+Description: fix incomplete/unsafe initialization of ARGV array
+Author: Ethan A Merritt
+Origin: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/732014eefd41235a143626d2bc02d3d34934e1b3/
+Bug-Debian: https://bugs.debian.org/926658
+Bug: https://sourceforge.net/p/gnuplot/bugs/2115/
+
+
+Index: gnuplot-5.2.6+dfsg1/src/misc.c
+===================================================================
+--- gnuplot-5.2.6+dfsg1.orig/src/misc.c
++++ gnuplot-5.2.6+dfsg1/src/misc.c
+@@ -239,6 +239,7 @@ prepare_call(int calltype)
+ udv->udv_value.type = ARRAY;
+ ARGV = udv->udv_value.v.value_array = gp_alloc((argv_size + 1) * sizeof(t_value), "array state");
+ ARGV[0].v.int_val = argv_size;
++ ARGV[0].type = NOTDEFINED;
+
+ for (argindex = 1; argindex <= 9; argindex++) {
+ char *argstring = call_args[argindex-1];
+@@ -586,9 +587,14 @@ lf_push(FILE *fp, char *name, char *cmdl
+ }
+ /* Save ARGV[] */
+ lf->argv[0].v.int_val = 0;
++ lf->argv[0].type = NOTDEFINED;
+ if ((udv = get_udv_by_name("ARGV")) && udv->udv_value.type == ARRAY) {
+- for (argindex = 0; argindex <= call_argc; argindex++)
++ for (argindex = 0; argindex <= call_argc; argindex++) {
+ lf->argv[argindex] = udv->udv_value.v.value_array[argindex];
++ if (lf->argv[argindex].type == STRING)
++ lf->argv[argindex].v.string_val =
++ gp_strdup(lf->argv[argindex].v.string_val);
++ }
+ }
+ }
+ lf->depth = lf_head ? lf_head->depth+1 : 0; /* recursion depth */
+Index: gnuplot-5.2.6+dfsg1/src/plot.c
+===================================================================
+--- gnuplot-5.2.6+dfsg1.orig/src/plot.c
++++ gnuplot-5.2.6+dfsg1/src/plot.c
+@@ -1,7 +1,3 @@
+-#ifndef lint
+-static char *RCSid() { return RCSid("$Id: plot.c,v 1.174 2017/05/20 16:43:19 markisch Exp $"); }
+-#endif
+-
+ /* GNUPLOT - plot.c */
+
+ /*[
+@@ -638,10 +634,11 @@ RECOVER_FROM_ERROR_IN_DASH:
+ fprintf(stderr, "syntax: gnuplot -c scriptname args\n");
+ gp_exit(EXIT_FAILURE);
+ }
+- for (i=0; i<argc; i++)
++ call_argc = GPMIN(9, argc - 1);
++ for (i=0; i<=call_argc; i++) {
+ /* Need to stash argv[i] somewhere visible to load_file() */
+ call_args[i] = gp_strdup(argv[i+1]);
+- call_argc = argc - 1;
++ }
+
+ load_file(loadpath_fopen(*argv, "r"), gp_strdup(*argv), 5);
+ gp_exit(EXIT_SUCCESS);
diff -Nru gnuplot-5.2.6+dfsg1/debian/patches/series gnuplot-5.2.6+dfsg1/debian/patches/series
--- gnuplot-5.2.6+dfsg1/debian/patches/series 2017-11-09 05:39:18.000000000 +0100
+++ gnuplot-5.2.6+dfsg1/debian/patches/series 2019-07-14 09:48:48.000000000 +0200
@@ -5,3 +5,4 @@
10_removepicins.patch
11_fix_linkage_wx.patch
13_honour_SOURCE_DATE_EPOCH.patch
+15_fix_incomplete_ARGV_array_init.patch
--- End Message ---