Bug#948796: buster-pu: package gnubg/1.06.002-1+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
Hi,
let's fix a buffer overrun in gnubg that prevents startup in certain
locales. #932351
This is a backport from sid and already uploaded.
Andreas
diff -Nru gnubg-1.06.002/debian/changelog gnubg-1.06.002/debian/changelog
--- gnubg-1.06.002/debian/changelog 2018-08-27 00:02:10.000000000 +0200
+++ gnubg-1.06.002/debian/changelog 2020-01-13 11:27:20.000000000 +0100
@@ -1,3 +1,12 @@
+gnubg (1.06.002-1+deb10u1) buster; urgency=medium
+
+ [ Russ Allbery ]
+ * Increase the size of static buffers used to build messages during
+ program start so that the Spanish translation doesn't overflow a
+ buffer. (Closes: #932351)
+
+ -- Andreas Beckmann <anbe@debian.org> Mon, 13 Jan 2020 11:27:20 +0100
+
gnubg (1.06.002-1) unstable; urgency=medium
* New upstream release.
diff -Nru gnubg-1.06.002/debian/patches/0002-Expand-size-of-buffers-for-eval-messages.patch gnubg-1.06.002/debian/patches/0002-Expand-size-of-buffers-for-eval-messages.patch
--- gnubg-1.06.002/debian/patches/0002-Expand-size-of-buffers-for-eval-messages.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnubg-1.06.002/debian/patches/0002-Expand-size-of-buffers-for-eval-messages.patch 2020-01-13 11:27:20.000000000 +0100
@@ -0,0 +1,48 @@
+From: Russ Allbery <rra@debian.org>
+Date: Sun, 21 Jul 2019 11:35:00 -0700
+Subject: Expand size of buffers for eval messages
+
+CommandSetEvalCubeful, CommandSetEvalPrune, and
+CommandSetEvalDeterministic used static buffers of 128 bytes for
+displaying messages, but the Spanish translation for at least
+CommandSetEvalDeterministic used more space than the length of
+that buffer. This, in turn, triggered a bounds checking error
+during program start.
+
+Double the length of the buffers to work around the immediate
+problem.
+---
+ set.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/set.c b/set.c
+index 4e2e826..09f43e8 100644
+--- a/set.c
++++ b/set.c
+@@ -1024,7 +1024,7 @@ extern void
+ CommandSetEvalCubeful(char *sz)
+ {
+
+- char asz[2][128], szCommand[64];
++ char asz[2][256], szCommand[64];
+ int f = pecSet->fCubeful;
+
+ sprintf(asz[0], _("%s will use cubeful evaluation.\n"), szSet);
+@@ -1038,7 +1038,7 @@ extern void
+ CommandSetEvalPrune(char *sz)
+ {
+
+- char asz[2][128], szCommand[64];
++ char asz[2][256], szCommand[64];
+ int f = pecSet->fUsePrune;
+
+ sprintf(asz[0], _("%s will use pruning.\n"), szSet);
+@@ -1052,7 +1052,7 @@ extern void
+ CommandSetEvalDeterministic(char *sz)
+ {
+
+- char asz[2][128], szCommand[64];
++ char asz[2][256], szCommand[64];
+ int f = pecSet->fDeterministic;
+
+ sprintf(asz[0], _("%s will use deterministic noise.\n"), szSet);
diff -Nru gnubg-1.06.002/debian/patches/series gnubg-1.06.002/debian/patches/series
--- gnubg-1.06.002/debian/patches/series 2018-08-27 00:02:10.000000000 +0200
+++ gnubg-1.06.002/debian/patches/series 2020-01-13 11:27:20.000000000 +0100
@@ -1 +1,2 @@
0001-Support-finding-databases-in-var-as-well-as-usr.patch
+0002-Expand-size-of-buffers-for-eval-messages.patch
Reply to: