[SCM] Debian packaging of libcrypt-openssl-dsa-perl branch, master, updated. debian/0.13-5-2-g4394352

Dominic Hargreaves dom at earth.li
Tue Mar 6 19:50:33 UTC 2012 

The following commit has been merged in the master branch:
commit 4394352bf48b8bf8afdc7d9b6a37508ffc766d7e
Author: Dominic Hargreaves <dom at earth.li>
Date:   Tue Mar 6 19:50:04 2012 +0000

    Apply patch from Niko Tyni fixing FTBFS with -Werror=format-security (Closes: #661382)

diff --git a/debian/changelog b/debian/changelog
index 9152ab7..92d6daf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ libcrypt-openssl-dsa-perl (0.13-6) UNRELEASED; urgency=low
   WAITS-FOR: debhelper 9 hardening flags fix (#662666)
 
   * Bump debhelper compat level to 9
+  * Apply patch from Niko Tyni fixing FTBFS with -Werror=format-security
+    (Closes: #661382)
 
  -- Dominic Hargreaves <dom at earth.li>  Tue, 06 Mar 2012 19:46:15 +0000
 
diff --git a/debian/patches/format_string_fix.patch b/debian/patches/format_string_fix.patch
new file mode 100644
index 0000000..7c6f42b
--- /dev/null
+++ b/debian/patches/format_string_fix.patch
@@ -0,0 +1,30 @@
+From e8ef75498c12e3ce46f219ba54a0b129ce37b679 Mon Sep 17 00:00:00 2001
+From: Niko Tyni <ntyni at debian.org>
+Date: Sat, 3 Mar 2012 21:00:54 +0200
+Subject: [PATCH] Explicitly croak() with a controlled format string
+
+This fixes builds with 'gcc -Werror=format-security'.
+
+As ERR_reason_error_string() returns one of fixed OpenSSL error strings,
+not an uncontrolled format string, the issue does not seem to have any
+actual security impact.
+---
+ DSA.xs |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/DSA.xs b/DSA.xs
+index 0370b0e..85657ca 100644
+--- a/DSA.xs
++++ b/DSA.xs
+@@ -54,7 +54,7 @@ generate_parameters(CLASS, bits, seed = NULL)
+         }
+         dsa = DSA_generate_parameters(bits, seedpv, seed_len, NULL, NULL, NULL, NULL);
+         if (!dsa)
+-          croak(ERR_reason_error_string(ERR_get_error()));
++          croak("%s", ERR_reason_error_string(ERR_get_error()));
+         RETVAL = dsa;
+     OUTPUT:
+         RETVAL
+-- 
+1.7.9.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 189b306..363ced7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ Makefile.PL-no-ssl-in-LIBS.patch
 security_croak-in-do_verify-too.patch
 fix-manpage-errors.patch
 use-Digest-SHA.patch
+format_string_fix.patch

-- 
Debian packaging of libcrypt-openssl-dsa-perl

More information about the Pkg-perl-cvs-commits mailing list