Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
The version of libpst in stretch does not use AC_USE_SYSTEM_EXTENSIONS,
which means that _GNU_SOURCE is not defined before including unistd.h,
which means that get_current_dir_name is not defined and so gcc
presumes it returns an integer, which means that the returned pointer
gets truncated on some architectures and later when the pointer gets freed a program using libpst could crash.
This issue is warned about by gcc:
https://buildd.debian.org/status/fetch.php?pkg=libpst&arch=amd64&ver=0.6.59-1%2Bb1&stamp=1487989748&raw=0
libpst.c: In function 'pst_getcwd':
libpst.c:295:11: warning: implicit declaration of function 'get_current_dir_name' [-Wimplicit-function-declaration]
cwd = get_current_dir_name();
^~~~~~~~~~~~~~~~~~~~
libpst.c:295:9: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
cwd = get_current_dir_name();
^
The build logs indicate that it was fixed in the version in buster:
https://buildd.debian.org/status/fetch.php?pkg=libpst&arch=amd64&ver=0.6.71-0.1&stamp=1521798059&raw=0
The package is RFA and this bug is affecting us at work, so I took the
liberty of committing to the Debian git repo and submitting this pu.
https://salsa.debian.org/debian/libpst/commit/a141fb154e97660e16455689a00d1781858215f3
I have attached the debdiff for this fix.
--
bye,
pabs
https://wiki.debian.org/PaulWise
diff -Nru libpst-0.6.59/debian/changelog libpst-0.6.59/debian/changelog --- libpst-0.6.59/debian/changelog 2013-05-19 08:50:03.000000000 +0800 +++ libpst-0.6.59/debian/changelog 2019-12-11 09:59:25.000000000 +0800 @@ -1,3 +1,9 @@ +libpst (0.6.59-1+deb9u1) stretch; urgency=medium + + * Fix detection of get_current_dir_name and return truncation + + -- Paul Wise <pabs@debian.org> Wed, 11 Dec 2019 09:59:25 +0800 + libpst (0.6.59-1) unstable; urgency=low * [ec26e2d0] Imported Upstream version 0.6.59 diff -Nru libpst-0.6.59/debian/patches/07-use-system-extensions.patch libpst-0.6.59/debian/patches/07-use-system-extensions.patch --- libpst-0.6.59/debian/patches/07-use-system-extensions.patch 1970-01-01 08:00:00.000000000 +0800 +++ libpst-0.6.59/debian/patches/07-use-system-extensions.patch 2019-12-11 09:59:25.000000000 +0800 @@ -0,0 +1,17 @@ +Description: use AC_USE_SYSTEM_EXTENSIONS to define _GNU_SOURCE + so get_current_dir_name is detected correctly and + its return value is not truncated, breaking free calls. +Origin: upstream +From: http://hg.five-ten-sg.com/libpst/ +Last-Update: 2019-12-11 +Applied-Upstream: changeset: 328:c507af52515a +--- a/configure.in ++++ b/configure.in +@@ -4,6 +4,7 @@ + AC_CONFIG_HEADER([config.h]) + AM_INIT_AUTOMAKE + AC_CANONICAL_HOST ++AC_USE_SYSTEM_EXTENSIONS + + # + # 1. Remember that version-info is current:revision:age, and age <= current. diff -Nru libpst-0.6.59/debian/patches/series libpst-0.6.59/debian/patches/series --- libpst-0.6.59/debian/patches/series 2013-02-21 01:04:13.000000000 +0800 +++ libpst-0.6.59/debian/patches/series 2019-12-11 09:59:25.000000000 +0800 @@ -1 +1,2 @@ 06-ld-no-add-needed.patch +07-use-system-extensions.patch
Attachment:
signature.asc
Description: This is a digitally signed message part