Package: release.debian.org Severity: normal Tags: stretch User: release.debian.org@packages.debian.org Usertags: pu The version of libpst in stretch does not use AC_USE_SYSTEM_EXTENSIONS, which means that _GNU_SOURCE is not defined before including unistd.h, which means that get_current_dir_name is not defined and so gcc presumes it returns an integer, which means that the returned pointer gets truncated on some architectures and later when the pointer gets freed a program using libpst could crash. This issue is warned about by gcc: https://buildd.debian.org/status/fetch.php?pkg=libpst&arch=amd64&ver=0.6.59-1%2Bb1&stamp=1487989748&raw=0 libpst.c: In function 'pst_getcwd': libpst.c:295:11: warning: implicit declaration of function 'get_current_dir_name' [-Wimplicit-function-declaration] cwd = get_current_dir_name(); ^~~~~~~~~~~~~~~~~~~~ libpst.c:295:9: warning: assignment makes pointer from integer without a cast [-Wint-conversion] cwd = get_current_dir_name(); ^ The build logs indicate that it was fixed in the version in buster: https://buildd.debian.org/status/fetch.php?pkg=libpst&arch=amd64&ver=0.6.71-0.1&stamp=1521798059&raw=0 The package is RFA and this bug is affecting us at work, so I took the liberty of committing to the Debian git repo and submitting this pu. https://salsa.debian.org/debian/libpst/commit/a141fb154e97660e16455689a00d1781858215f3 I have attached the debdiff for this fix. -- bye, pabs https://wiki.debian.org/PaulWise
diff -Nru libpst-0.6.59/debian/changelog libpst-0.6.59/debian/changelog --- libpst-0.6.59/debian/changelog 2013-05-19 08:50:03.000000000 +0800 +++ libpst-0.6.59/debian/changelog 2019-12-11 09:59:25.000000000 +0800 @@ -1,3 +1,9 @@ +libpst (0.6.59-1+deb9u1) stretch; urgency=medium + + * Fix detection of get_current_dir_name and return truncation + + -- Paul Wise <pabs@debian.org> Wed, 11 Dec 2019 09:59:25 +0800 + libpst (0.6.59-1) unstable; urgency=low * [ec26e2d0] Imported Upstream version 0.6.59 diff -Nru libpst-0.6.59/debian/patches/07-use-system-extensions.patch libpst-0.6.59/debian/patches/07-use-system-extensions.patch --- libpst-0.6.59/debian/patches/07-use-system-extensions.patch 1970-01-01 08:00:00.000000000 +0800 +++ libpst-0.6.59/debian/patches/07-use-system-extensions.patch 2019-12-11 09:59:25.000000000 +0800 @@ -0,0 +1,17 @@ +Description: use AC_USE_SYSTEM_EXTENSIONS to define _GNU_SOURCE + so get_current_dir_name is detected correctly and + its return value is not truncated, breaking free calls. +Origin: upstream +From: http://hg.five-ten-sg.com/libpst/ +Last-Update: 2019-12-11 +Applied-Upstream: changeset: 328:c507af52515a +--- a/configure.in ++++ b/configure.in +@@ -4,6 +4,7 @@ + AC_CONFIG_HEADER([config.h]) + AM_INIT_AUTOMAKE + AC_CANONICAL_HOST ++AC_USE_SYSTEM_EXTENSIONS + + # + # 1. Remember that version-info is current:revision:age, and age <= current. diff -Nru libpst-0.6.59/debian/patches/series libpst-0.6.59/debian/patches/series --- libpst-0.6.59/debian/patches/series 2013-02-21 01:04:13.000000000 +0800 +++ libpst-0.6.59/debian/patches/series 2019-12-11 09:59:25.000000000 +0800 @@ -1 +1,2 @@ 06-ld-no-add-needed.patch +07-use-system-extensions.patch
Attachment:
signature.asc
Description: This is a digitally signed message part