--- Begin Message ---
Package: texinfo
Version: 4.13a.dfsg.1-6
Severity: normal
Tags: patch
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu oneiric ubuntu-patch
*** /tmp/tmpthmH7S
In Ubuntu, the attached patch was applied to achieve the following:
Fix a bug filed on Launchpad that makeinfo fails on sparc with buffer
overflow detected, causing other packages FTBFS:
https://bugs.launchpad.net/ubuntu/+source/texinfo/+bug/569802
* debian/patches/minor-buffer-size-fix: increase stack buffer size
for sprintf of numeric values (LP: #569802).
Thanks for considering the patch.
-- System Information:
Debian Release: squeeze/sid
APT prefers natty-updates
APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty-proposed'), (500, 'natty'), (100, 'natty-backports')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38-11-generic (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u texinfo-4.13a.dfsg.1/debian/changelog texinfo-4.13a.dfsg.1/debian/changelog
diff -u texinfo-4.13a.dfsg.1/debian/patches/series texinfo-4.13a.dfsg.1/debian/patches/series
--- texinfo-4.13a.dfsg.1/debian/patches/series
+++ texinfo-4.13a.dfsg.1/debian/patches/series
@@ -7,0 +8 @@
+minor-buffer-size-fix
only in patch2:
unchanged:
--- texinfo-4.13a.dfsg.1.orig/debian/patches/minor-buffer-size-fix
+++ texinfo-4.13a.dfsg.1/debian/patches/minor-buffer-size-fix
@@ -0,0 +1,26 @@
+Author: Kees Cook <kees@ubuntu.com>
+Description: extend stack buffers to be large enough for the type values
+ they are expected to hold.
+Bug: https://savannah.gnu.org/bugs/?32122
+Bug-Ubuntu: https://launchpad.net/bugs/569802
+
+Index: texinfo-4.13a.dfsg.1/makeinfo/sectioning.c
+===================================================================
+--- texinfo-4.13a.dfsg.1.orig/makeinfo/sectioning.c 2011-01-13 14:12:35.382016526 -0800
++++ texinfo-4.13a.dfsg.1/makeinfo/sectioning.c 2011-01-13 14:14:41.285127427 -0800
+@@ -256,13 +256,13 @@
+ return xstrdup ("");
+ else if (enum_marker == APPENDIX_MAGIC)
+ {
+- char s[1];
++ char s[2];
+ sprintf (s, "%c", numbers[0] + 64);
+ return xstrdup (s);
+ }
+ else
+ {
+- char s[5];
++ char s[32];
+ sprintf (s, "%d", numbers[0]);
+ return xstrdup (s);
+ }
--- End Message ---
--- Begin Message ---
Source: texinfo
Source-Version: 4.13a.dfsg.1-8
We believe that the bug you reported is fixed in the latest version of
texinfo, which is due to be installed in the Debian FTP archive:
info_4.13a.dfsg.1-8_amd64.deb
to main/t/texinfo/info_4.13a.dfsg.1-8_amd64.deb
install-info_4.13a.dfsg.1-8_amd64.deb
to main/t/texinfo/install-info_4.13a.dfsg.1-8_amd64.deb
texinfo_4.13a.dfsg.1-8.diff.gz
to main/t/texinfo/texinfo_4.13a.dfsg.1-8.diff.gz
texinfo_4.13a.dfsg.1-8.dsc
to main/t/texinfo/texinfo_4.13a.dfsg.1-8.dsc
texinfo_4.13a.dfsg.1-8_amd64.deb
to main/t/texinfo/texinfo_4.13a.dfsg.1-8_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 639114@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Norbert Preining <preining@debian.org> (supplier of updated texinfo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 24 Aug 2011 23:56:17 +0900
Source: texinfo
Binary: texinfo info install-info
Architecture: source amd64
Version: 4.13a.dfsg.1-8
Distribution: unstable
Urgency: low
Maintainer: Debian TeX maintainers <debian-tex-maint@lists.debian.org>
Changed-By: Norbert Preining <preining@debian.org>
Description:
info - Standalone GNU Info documentation browser
install-info - Manage installed documentation in info format
texinfo - Documentation system for on-line information and printed output
Closes: 584191 639114
Changes:
texinfo (4.13a.dfsg.1-8) unstable; urgency=low
.
[ Hilmar Preusse ]
* Actually apply patch texi2dvi_non-C_locale, really (Closes: #584191)
* debian/patches/minor-buffer-size-fix: increase stack buffer size
for sprintf of numeric values (Closes: #639114).
Checksums-Sha1:
961ff324c8f5906d72fb3887615a1780411f2dd3 1293 texinfo_4.13a.dfsg.1-8.dsc
9c0d664fed3f0bd62cf5f09536438ce4e7de2af6 29206 texinfo_4.13a.dfsg.1-8.diff.gz
be1c78b9b1a4f3ba7ecc0e5ede22fe0871fa73bc 982812 texinfo_4.13a.dfsg.1-8_amd64.deb
fc37a971220e0b4dd68b13386e79c8a99e80ffb0 226234 info_4.13a.dfsg.1-8_amd64.deb
d7fa999e395ec865ad0f4f842b70f9e51aa0c63d 147904 install-info_4.13a.dfsg.1-8_amd64.deb
Checksums-Sha256:
8857e348fc7a27cd5b1186df0be94c5fc48434b60159f4afe25072ab64a67e22 1293 texinfo_4.13a.dfsg.1-8.dsc
c981b587f755f951f5a5e03f70527c096e45bcd68261102d9da205a3623e6ac1 29206 texinfo_4.13a.dfsg.1-8.diff.gz
7d7e5ac0cc9544b5d1de39ddee3a26cb75ad41ee80f079dac16df684059bc30b 982812 texinfo_4.13a.dfsg.1-8_amd64.deb
11dc26ae67bf12fb9b0cea632cf6eb79934df8d975ac9047d79da4521ffcdd5e 226234 info_4.13a.dfsg.1-8_amd64.deb
ecf11443d0386f9a8d5c2085d300b1a82aeb5f989bdcb38c0ff174b15251387d 147904 install-info_4.13a.dfsg.1-8_amd64.deb
Files:
b189694a4bff741fcc49b499ce1b649b 1293 doc standard texinfo_4.13a.dfsg.1-8.dsc
348f258cb8c44d2e43200590cd082c4a 29206 doc standard texinfo_4.13a.dfsg.1-8.diff.gz
7eaa230cd32ff190ed45712556c1706f 982812 text standard texinfo_4.13a.dfsg.1-8_amd64.deb
71f74bf7aea433d5b56a2f95789af2fc 226234 doc important info_4.13a.dfsg.1-8_amd64.deb
699324061bdf4b3723d6aeb6957717a2 147904 doc important install-info_4.13a.dfsg.1-8_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD4DBQFOVRLo0r9KownFsJQRAl6lAJ0QqmI+/kMGWAiIzavsDKbYqWqooQCTB9vV
UU9knQlHAJSYZBKg9k+elg==
=0mm0
-----END PGP SIGNATURE-----
--- End Message ---