[SCM] Debian packaging of libdata-alias-perl branch, master, updated. debian/1.16-1-2-g96b78ce
Dominic Hargreaves
dom at earth.li
Tue Mar 6 19:44:00 UTC 2012
The following commit has been merged in the master branch:
commit 96b78ce17e3ce37c8d2749883465401b783492d1
Author: Dominic Hargreaves <dom at earth.li>
Date: Tue Mar 6 19:43:09 2012 +0000
Apply patch from Niko Tyni fixing FTBFS with -Werror=format-security (Closes: 661398)
diff --git a/debian/changelog b/debian/changelog
index be4e8a6..af682ab 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ libdata-alias-perl (1.16-2) UNRELEASED; urgency=low
WAITS-FOR: debhelper 9 hardening flags fix (#662666)
* Bump debhelper compat level to 9
+ * Apply patch from Niko Tyni fixing FTBFS with -Werror=format-security
+ (Closes: 661398)
-- Dominic Hargreaves <dom at earth.li> Tue, 06 Mar 2012 19:39:33 +0000
diff --git a/debian/patches/format_string_fix.diff b/debian/patches/format_string_fix.diff
new file mode 100644
index 0000000..9580468
--- /dev/null
+++ b/debian/patches/format_string_fix.diff
@@ -0,0 +1,33 @@
+From d1c304e955e25c7a12a67cf3a1e6907a1d5a5171 Mon Sep 17 00:00:00 2001
+From: Niko Tyni <ntyni at debian.org>
+Date: Sat, 3 Mar 2012 20:36:26 +0200
+Subject: [PATCH] Explicitly DIE() with a controlled format string
+
+Bug-Debian: http://bugs.debian.org/661398
+Bug: https://rt.cpan.org/Public/Bug/Display.html?id=75569
+
+This fixes builds with 'gcc -Werror=format-security'.
+
+As PL_no_localize_ref is an 'extern const' variable from the Perl core,
+not an uncontrolled format string, the issue does not seem to have any
+actual security impact.
+---
+ Alias.xs | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/Alias.xs b/Alias.xs
+index f619da5..23a6ca8 100644
+--- a/Alias.xs
++++ b/Alias.xs
+@@ -780,7 +780,7 @@ STATIC OP *DataAlias_pp_rv2sv(pTHX) {
+ sv = (SV *) (GvEGV(sv) ? GvEGV(sv) : fixglob(aTHX_ (GV *) sv));
+ if (PL_op->op_private & OPpLVAL_INTRO) {
+ if (SvTYPE(sv) != SVt_PVGV || SvFAKE(sv))
+- DIE(aTHX_ PL_no_localize_ref);
++ DIE(aTHX_ "%s", PL_no_localize_ref);
+ switch (PL_op->op_type) {
+ case OP_RV2AV:
+ da_localize_gvar(aTHX_ GvGP(sv), (SV **) &GvAV(sv));
+--
+1.7.9.1
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..a8ab736
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+format_string_fix.diff
--
Debian packaging of libdata-alias-perl
More information about the Pkg-perl-cvs-commits
mailing list