Package: findutils
Version: 4.4.1-1
Severity: important
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu ubuntu-patch karmic
find's parser fails to declare that -prune needs stat information, so
it's possible for it to end up reading uninitialised data when
determining whether the to-be-pruned path is a directory. This happened
to break Ubuntu's kernel package build in such a way that
/usr/include/asm/* went missing! I don't know whether the same thing
would happen with Debian's kernel package build, but it might be prudent
to incorporate the patch anyway just in case Debian ends up having to
recover build-essential manually as Ubuntu is currently having to do ...
https://bugs.launchpad.net/ubuntu/+source/findutils/+bug/373214
I've sent this upstream and it sounds from James Youngman's reply as
though he's provisionally accepted it, but it may have to wait on me
getting copyright assignment sorted out, so I thought I'd submit a
Debian bug as well. See:
http://lists.gnu.org/archive/html/bug-findutils/2009-05/msg00003.html
(and thread, which isn't in the archives yet but should appear
shortly)
Attached is a reduced patch suitable for the Debian package, with the
test case removed to save on having to rerun automake.
Thanks,
--
Colin Watson [cjwat...@ubuntu.com]
* 20_prune_stat.dpatch: find -prune now makes sure it has valid stat()
information (LP: #373214).
diff -u findutils-4.4.1/debian/patches/00list findutils-4.4.1/debian/patches/00list
--- findutils-4.4.1/debian/patches/00list
+++ findutils-4.4.1/debian/patches/00list
@@ -1,0 +2 @@
+20_prune_stat
only in patch2:
unchanged:
--- findutils-4.4.1.orig/debian/patches/20_prune_stat.dpatch
+++ findutils-4.4.1/debian/patches/20_prune_stat.dpatch
@@ -0,0 +1,42 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 20_prune_stat.dpatch by Colin Watson <cjwat...@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: find -prune now makes sure it has valid stat() information
+## DP: Ubuntu: https://bugs.launchpad.net/ubuntu/+source/findutils/+bug/373214
+## DP: Upstream: sent to bug-findutils and findutils-patches 2009-05-07
+
+...@dpatch@
+diff -urNad findutils-4.4.1~/find/parser.c findutils-4.4.1/find/parser.c
+--- findutils-4.4.1~/find/parser.c 2009-04-21 21:18:13.000000000 +0100
++++ findutils-4.4.1/find/parser.c 2009-05-07 22:16:02.000000000 +0100
+@@ -1982,7 +1982,8 @@
+ (void) arg_ptr;
+
+ our_pred = insert_primary (entry);
+- our_pred->need_stat = our_pred->need_type = false;
++ if (options.do_dir_first == false)
++ our_pred->need_stat = our_pred->need_type = false;
+ /* -prune has a side effect that it does not descend into
+ the current directory. */
+ our_pred->side_effects = true;
+diff -urNad findutils-4.4.1~/find/pred.c findutils-4.4.1/find/pred.c
+--- findutils-4.4.1~/find/pred.c 2009-04-21 21:18:13.000000000 +0100
++++ findutils-4.4.1/find/pred.c 2009-05-07 22:16:02.000000000 +0100
+@@ -1605,10 +1605,12 @@
+ (void) pathname;
+ (void) pred_ptr;
+
+- if (options.do_dir_first == true && /* no effect with -depth */
+- stat_buf != NULL &&
+- S_ISDIR(stat_buf->st_mode))
+- state.stop_at_current_level = true;
++ if (options.do_dir_first == true) { /* no effect with -depth */
++ assert (state.have_stat);
++ if (stat_buf != NULL &&
++ S_ISDIR(stat_buf->st_mode))
++ state.stop_at_current_level = true;
++ }
+
+ /* findutils used to return options.do_dir_first here, so that -prune
+ * returns true only if -depth is not in effect. But POSIX requires
