Bug#639114: marked as done (texinfo: Increase stack buffer size for sprintf of numeric values)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Wed, 24 Aug 2011 15:47:23 +0000
with message-id <E1QwFfn-0004Sk-EF@franck.debian.org>
and subject line Bug#639114: fixed in texinfo 4.13a.dfsg.1-8
has caused the Debian Bug report #639114,
regarding texinfo: Increase stack buffer size for sprintf of numeric values
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
639114: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639114
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: texinfo: Increase stack buffer size for sprintf of numeric values
• From: أحمد المحمودي <aelmahmoudy@sabily.org>
• Date: Wed, 24 Aug 2011 10:49:36 +0200
• Message-id: <[🔎] 20110824084936.16856.62685.reportbug@ants>

Package: texinfo
Version: 4.13a.dfsg.1-6
Severity: normal
Tags: patch
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu oneiric ubuntu-patch



*** /tmp/tmpthmH7S
In Ubuntu, the attached patch was applied to achieve the following:

Fix a bug filed on Launchpad that makeinfo fails on sparc with buffer 
overflow detected, causing other packages FTBFS: 
https://bugs.launchpad.net/ubuntu/+source/texinfo/+bug/569802


  * debian/patches/minor-buffer-size-fix: increase stack buffer size
    for sprintf of numeric values (LP: #569802).


Thanks for considering the patch.


-- System Information:
Debian Release: squeeze/sid
  APT prefers natty-updates
  APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty-proposed'), (500, 'natty'), (100, 'natty-backports')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38-11-generic (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -u texinfo-4.13a.dfsg.1/debian/changelog texinfo-4.13a.dfsg.1/debian/changelog
diff -u texinfo-4.13a.dfsg.1/debian/patches/series texinfo-4.13a.dfsg.1/debian/patches/series
--- texinfo-4.13a.dfsg.1/debian/patches/series
+++ texinfo-4.13a.dfsg.1/debian/patches/series
@@ -7,0 +8 @@
+minor-buffer-size-fix
only in patch2:
unchanged:
--- texinfo-4.13a.dfsg.1.orig/debian/patches/minor-buffer-size-fix
+++ texinfo-4.13a.dfsg.1/debian/patches/minor-buffer-size-fix
@@ -0,0 +1,26 @@
+Author: Kees Cook <kees@ubuntu.com>
+Description: extend stack buffers to be large enough for the type values
+ they are expected to hold.
+Bug: https://savannah.gnu.org/bugs/?32122
+Bug-Ubuntu: https://launchpad.net/bugs/569802
+
+Index: texinfo-4.13a.dfsg.1/makeinfo/sectioning.c
+===================================================================
+--- texinfo-4.13a.dfsg.1.orig/makeinfo/sectioning.c	2011-01-13 14:12:35.382016526 -0800
++++ texinfo-4.13a.dfsg.1/makeinfo/sectioning.c	2011-01-13 14:14:41.285127427 -0800
+@@ -256,13 +256,13 @@
+     return xstrdup ("");
+   else if (enum_marker == APPENDIX_MAGIC)
+     {
+-      char s[1];
++      char s[2];
+       sprintf (s, "%c", numbers[0] + 64);
+       return xstrdup (s);
+     }
+   else
+     {
+-      char s[5];
++      char s[32];
+       sprintf (s, "%d", numbers[0]);
+       return xstrdup (s);
+     }

--- End Message ---

--- Begin Message ---

• To: 639114-close@bugs.debian.org
• Subject: Bug#639114: fixed in texinfo 4.13a.dfsg.1-8
• From: Norbert Preining <preining@debian.org>
• Date: Wed, 24 Aug 2011 15:47:23 +0000
• Message-id: <E1QwFfn-0004Sk-EF@franck.debian.org>

Source: texinfo
Source-Version: 4.13a.dfsg.1-8

We believe that the bug you reported is fixed in the latest version of
texinfo, which is due to be installed in the Debian FTP archive:

info_4.13a.dfsg.1-8_amd64.deb
  to main/t/texinfo/info_4.13a.dfsg.1-8_amd64.deb
install-info_4.13a.dfsg.1-8_amd64.deb
  to main/t/texinfo/install-info_4.13a.dfsg.1-8_amd64.deb
texinfo_4.13a.dfsg.1-8.diff.gz
  to main/t/texinfo/texinfo_4.13a.dfsg.1-8.diff.gz
texinfo_4.13a.dfsg.1-8.dsc
  to main/t/texinfo/texinfo_4.13a.dfsg.1-8.dsc
texinfo_4.13a.dfsg.1-8_amd64.deb
  to main/t/texinfo/texinfo_4.13a.dfsg.1-8_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 639114@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Norbert Preining <preining@debian.org> (supplier of updated texinfo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 24 Aug 2011 23:56:17 +0900
Source: texinfo
Binary: texinfo info install-info
Architecture: source amd64
Version: 4.13a.dfsg.1-8
Distribution: unstable
Urgency: low
Maintainer: Debian TeX maintainers <debian-tex-maint@lists.debian.org>
Changed-By: Norbert Preining <preining@debian.org>
Description: 
 info       - Standalone GNU Info documentation browser
 install-info - Manage installed documentation in info format
 texinfo    - Documentation system for on-line information and printed output
Closes: 584191 639114
Changes: 
 texinfo (4.13a.dfsg.1-8) unstable; urgency=low
 .
   [ Hilmar Preusse ]
   * Actually apply patch texi2dvi_non-C_locale, really (Closes: #584191)
   * debian/patches/minor-buffer-size-fix: increase stack buffer size
     for sprintf of numeric values (Closes: #639114).
Checksums-Sha1: 
 961ff324c8f5906d72fb3887615a1780411f2dd3 1293 texinfo_4.13a.dfsg.1-8.dsc
 9c0d664fed3f0bd62cf5f09536438ce4e7de2af6 29206 texinfo_4.13a.dfsg.1-8.diff.gz
 be1c78b9b1a4f3ba7ecc0e5ede22fe0871fa73bc 982812 texinfo_4.13a.dfsg.1-8_amd64.deb
 fc37a971220e0b4dd68b13386e79c8a99e80ffb0 226234 info_4.13a.dfsg.1-8_amd64.deb
 d7fa999e395ec865ad0f4f842b70f9e51aa0c63d 147904 install-info_4.13a.dfsg.1-8_amd64.deb
Checksums-Sha256: 
 8857e348fc7a27cd5b1186df0be94c5fc48434b60159f4afe25072ab64a67e22 1293 texinfo_4.13a.dfsg.1-8.dsc
 c981b587f755f951f5a5e03f70527c096e45bcd68261102d9da205a3623e6ac1 29206 texinfo_4.13a.dfsg.1-8.diff.gz
 7d7e5ac0cc9544b5d1de39ddee3a26cb75ad41ee80f079dac16df684059bc30b 982812 texinfo_4.13a.dfsg.1-8_amd64.deb
 11dc26ae67bf12fb9b0cea632cf6eb79934df8d975ac9047d79da4521ffcdd5e 226234 info_4.13a.dfsg.1-8_amd64.deb
 ecf11443d0386f9a8d5c2085d300b1a82aeb5f989bdcb38c0ff174b15251387d 147904 install-info_4.13a.dfsg.1-8_amd64.deb
Files: 
 b189694a4bff741fcc49b499ce1b649b 1293 doc standard texinfo_4.13a.dfsg.1-8.dsc
 348f258cb8c44d2e43200590cd082c4a 29206 doc standard texinfo_4.13a.dfsg.1-8.diff.gz
 7eaa230cd32ff190ed45712556c1706f 982812 text standard texinfo_4.13a.dfsg.1-8_amd64.deb
 71f74bf7aea433d5b56a2f95789af2fc 226234 doc important info_4.13a.dfsg.1-8_amd64.deb
 699324061bdf4b3723d6aeb6957717a2 147904 doc important install-info_4.13a.dfsg.1-8_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD4DBQFOVRLo0r9KownFsJQRAl6lAJ0QqmI+/kMGWAiIzavsDKbYqWqooQCTB9vV
UU9knQlHAJSYZBKg9k+elg==
=0mm0
-----END PGP SIGNATURE-----

--- End Message ---