[SCM] Debian packaging of libcrypt-openssl-dsa-perl branch, master, updated. debian/0.13-5-2-g4394352
Dominic Hargreaves
dom at earth.li
Tue Mar 6 19:50:33 UTC 2012
The following commit has been merged in the master branch:
commit 4394352bf48b8bf8afdc7d9b6a37508ffc766d7e
Author: Dominic Hargreaves <dom at earth.li>
Date: Tue Mar 6 19:50:04 2012 +0000
Apply patch from Niko Tyni fixing FTBFS with -Werror=format-security (Closes: #661382)
diff --git a/debian/changelog b/debian/changelog
index 9152ab7..92d6daf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ libcrypt-openssl-dsa-perl (0.13-6) UNRELEASED; urgency=low
WAITS-FOR: debhelper 9 hardening flags fix (#662666)
* Bump debhelper compat level to 9
+ * Apply patch from Niko Tyni fixing FTBFS with -Werror=format-security
+ (Closes: #661382)
-- Dominic Hargreaves <dom at earth.li> Tue, 06 Mar 2012 19:46:15 +0000
diff --git a/debian/patches/format_string_fix.patch b/debian/patches/format_string_fix.patch
new file mode 100644
index 0000000..7c6f42b
--- /dev/null
+++ b/debian/patches/format_string_fix.patch
@@ -0,0 +1,30 @@
+From e8ef75498c12e3ce46f219ba54a0b129ce37b679 Mon Sep 17 00:00:00 2001
+From: Niko Tyni <ntyni at debian.org>
+Date: Sat, 3 Mar 2012 21:00:54 +0200
+Subject: [PATCH] Explicitly croak() with a controlled format string
+
+This fixes builds with 'gcc -Werror=format-security'.
+
+As ERR_reason_error_string() returns one of fixed OpenSSL error strings,
+not an uncontrolled format string, the issue does not seem to have any
+actual security impact.
+---
+ DSA.xs | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/DSA.xs b/DSA.xs
+index 0370b0e..85657ca 100644
+--- a/DSA.xs
++++ b/DSA.xs
+@@ -54,7 +54,7 @@ generate_parameters(CLASS, bits, seed = NULL)
+ }
+ dsa = DSA_generate_parameters(bits, seedpv, seed_len, NULL, NULL, NULL, NULL);
+ if (!dsa)
+- croak(ERR_reason_error_string(ERR_get_error()));
++ croak("%s", ERR_reason_error_string(ERR_get_error()));
+ RETVAL = dsa;
+ OUTPUT:
+ RETVAL
+--
+1.7.9.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 189b306..363ced7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ Makefile.PL-no-ssl-in-LIBS.patch
security_croak-in-do_verify-too.patch
fix-manpage-errors.patch
use-Digest-SHA.patch
+format_string_fix.patch
--
Debian packaging of libcrypt-openssl-dsa-perl
More information about the Pkg-perl-cvs-commits
mailing list