[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#948796: buster-pu: package gnubg/1.06.002-1+deb10u1

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

let's fix a buffer overrun in gnubg that prevents startup in certain
locales. #932351

This is a backport from sid and already uploaded.


Andreas

diff -Nru gnubg-1.06.002/debian/changelog gnubg-1.06.002/debian/changelog
--- gnubg-1.06.002/debian/changelog	2018-08-27 00:02:10.000000000 +0200
+++ gnubg-1.06.002/debian/changelog	2020-01-13 11:27:20.000000000 +0100
@@ -1,3 +1,12 @@
+gnubg (1.06.002-1+deb10u1) buster; urgency=medium
+
+  [ Russ Allbery ]
+  * Increase the size of static buffers used to build messages during
+    program start so that the Spanish translation doesn't overflow a
+    buffer.  (Closes: #932351)
+
+ -- Andreas Beckmann <anbe@debian.org>  Mon, 13 Jan 2020 11:27:20 +0100
+
 gnubg (1.06.002-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru gnubg-1.06.002/debian/patches/0002-Expand-size-of-buffers-for-eval-messages.patch gnubg-1.06.002/debian/patches/0002-Expand-size-of-buffers-for-eval-messages.patch
--- gnubg-1.06.002/debian/patches/0002-Expand-size-of-buffers-for-eval-messages.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnubg-1.06.002/debian/patches/0002-Expand-size-of-buffers-for-eval-messages.patch	2020-01-13 11:27:20.000000000 +0100
@@ -0,0 +1,48 @@
+From: Russ Allbery <rra@debian.org>
+Date: Sun, 21 Jul 2019 11:35:00 -0700
+Subject: Expand size of buffers for eval messages
+
+CommandSetEvalCubeful, CommandSetEvalPrune, and
+CommandSetEvalDeterministic used static buffers of 128 bytes for
+displaying messages, but the Spanish translation for at least
+CommandSetEvalDeterministic used more space than the length of
+that buffer.  This, in turn, triggered a bounds checking error
+during program start.
+
+Double the length of the buffers to work around the immediate
+problem.
+---
+ set.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/set.c b/set.c
+index 4e2e826..09f43e8 100644
+--- a/set.c
++++ b/set.c
+@@ -1024,7 +1024,7 @@ extern void
+ CommandSetEvalCubeful(char *sz)
+ {
+ 
+-    char asz[2][128], szCommand[64];
++    char asz[2][256], szCommand[64];
+     int f = pecSet->fCubeful;
+ 
+     sprintf(asz[0], _("%s will use cubeful evaluation.\n"), szSet);
+@@ -1038,7 +1038,7 @@ extern void
+ CommandSetEvalPrune(char *sz)
+ {
+ 
+-    char asz[2][128], szCommand[64];
++    char asz[2][256], szCommand[64];
+     int f = pecSet->fUsePrune;
+ 
+     sprintf(asz[0], _("%s will use pruning.\n"), szSet);
+@@ -1052,7 +1052,7 @@ extern void
+ CommandSetEvalDeterministic(char *sz)
+ {
+ 
+-    char asz[2][128], szCommand[64];
++    char asz[2][256], szCommand[64];
+     int f = pecSet->fDeterministic;
+ 
+     sprintf(asz[0], _("%s will use deterministic noise.\n"), szSet);
diff -Nru gnubg-1.06.002/debian/patches/series gnubg-1.06.002/debian/patches/series
--- gnubg-1.06.002/debian/patches/series	2018-08-27 00:02:10.000000000 +0200
+++ gnubg-1.06.002/debian/patches/series	2020-01-13 11:27:20.000000000 +0100
@@ -1 +1,2 @@
 0001-Support-finding-databases-in-var-as-well-as-usr.patch
+0002-Expand-size-of-buffers-for-eval-messages.patch
Reply to: