tags 314700 patch thanks Hi Jon,
On Fri, Jun 24, 2005 at 10:39:49PM +0200, Jonathan Quick wrote: > Steve Langasek wrote: > >It's not clear to me from your message whether this bug affects only the > >version in woody, or if it also affects the version in sarge. Could you > >please clarify, so that we can tag this bug correctly? > The version in Sarge does not seem to be affected - only Woody ie. 3.0r6 > is affected. The confusion comes from the other bug about it segfaulting > on m68k which was in testing at the time. Unfortunately this bug is > affecting the compilation of a control system used by many radio telescopes > around the world to perform coordinated observing - a technique known as > Very Long Baseline Interferometry (VLBI) and switching multiple machines > owned by multiple observatories to sarge to fix it is a little bit beyond > our capabilities right now !! Ok, I've pushed a package out to http://people.debian.org/~vorlon/f2c/ which should be fixed. Do you want to give it a try and let me know if there are any problems? Security team, could you please review and accept this fixed f2c security update into woody, correcting the grave bug introduced by DSA-661? The signed changes file and package diff are attached; the source package is at the above URL. Thanks, -- Steve Langasek postmodern programmer
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 6 Jul 2005 03:19:31 -0700
Source: f2c
Binary: f2c
Architecture: source i386
Version: 20010821-3.3
Distribution: oldstable-security
Urgency: low
Maintainer: Steve Langasek <[EMAIL PROTECTED]>
Changed-By: Steve Langasek <[EMAIL PROTECTED]>
Description:
f2c - A FORTRAN 77 to C/C++ translator, plus static & shared libs.
Closes: 314700
Changes:
f2c (20010821-3.3) oldstable-security; urgency=low
.
* Non-maintainer upload
* Backport the fixed security patch from sarge for CAN-2005-0017; the
previous version of the patch renders f2c completely unusable.
Closes: #314700.
Files:
5dad803e81bbaf4c7a88d55cd60070bd 519 devel optional f2c_20010821-3.3.dsc
9fd568d2a89870dae47081cff42f0d70 29711 devel optional f2c_20010821-3.3.diff.gz
59349f0ed8989457a60fd79d010646bb 423326 devel optional
f2c_20010821-3.3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCy7dZKN6ufymYLloRAvRUAJ4v1n1Ah1V3Po9WPGoqIHNQLo+U6ACgi7HV
sB64Lh13rI9eAttYq0V/Ykc=
=PaD3
-----END PGP SIGNATURE-----
diff -u f2c-20010821/debian/changelog f2c-20010821/debian/changelog
--- f2c-20010821/debian/changelog
+++ f2c-20010821/debian/changelog
@@ -1,3 +1,12 @@
+f2c (20010821-3.3) oldstable-security; urgency=low
+
+ * Non-maintainer upload
+ * Backport the fixed security patch from sarge for CAN-2005-0017; the
+ previous version of the patch renders f2c completely unusable.
+ Closes: #314700.
+
+ -- Steve Langasek <[EMAIL PROTECTED]> Wed, 6 Jul 2005 03:19:31 -0700
+
f2c (20010821-3.2) stable-security; urgency=high
* Non-maintainer upload by the Security Team
diff -u f2c-20010821/patches/patch.CAN-2005-0017.f2c
f2c-20010821/patches/patch.CAN-2005-0017.f2c
--- f2c-20010821/patches/patch.CAN-2005-0017.f2c
+++ f2c-20010821/patches/patch.CAN-2005-0017.f2c
@@ -1,6 +1,54 @@
---- f2c-20010821.orig/src/sysdep.c 2005-04-13 20:33:04.000000000 +0200
-+++ f2c-20010821/src/sysdep.c 2005-04-13 20:41:14.000000000 +0200
-@@ -22,6 +22,7 @@ use or performance of this software.
+diff -uNr f2c-20010821.orig/src/defs.h f2c-20010821/src/defs.h
+--- f2c-20010821.orig/src/defs.h 2001-11-05 11:19:59.000000000 -0800
++++ f2c-20010821/src/defs.h 2005-07-06 03:16:05.044617337 -0700
+@@ -64,7 +64,7 @@
+ extern int current_ftn_file;
+ extern int maxcontin;
+
+-extern char *blkdfname, *initfname, *sortfname;
++extern char blkdfname[], initfname[], sortfname[];
+ extern long headoffset; /* Since the header block requires data
we
+ don't know about until AFTER each
+ function has been processed, we keep a
+diff -uNr f2c-20010821.orig/src/format.c f2c-20010821/src/format.c
+--- f2c-20010821.orig/src/format.c 2001-11-05 11:20:03.000000000 -0800
++++ f2c-20010821/src/format.c 2005-07-06 03:16:05.046616986 -0700
+@@ -90,7 +90,7 @@
+ FILE *infile;
+ static int wrote_one = 0;
+ extern int usedefsforcommon;
+- extern char *p1_file, *p1_bakfile;
++ extern char p1_file[], p1_bakfile[];
+
+ this_proc_name[0] = '\0';
+ last_was_label = 0;
+diff -uNr f2c-20010821.orig/src/main.c f2c-20010821/src/main.c
+--- f2c-20010821.orig/src/main.c 2001-11-05 11:20:38.000000000 -0800
++++ f2c-20010821/src/main.c 2005-07-06 03:16:05.047616811 -0700
+@@ -214,13 +214,13 @@
+ f2c_entry ("dneg", P_NO_ARGS, P_INT, &dneg, YES)
+ }; /* table */
+
+-extern char *c_functions; /* "c_functions" */
++extern char c_functions[]; /* "c_functions" */
+ extern char *coutput; /* "c_output" */
+-extern char *initfname; /* "raw_data" */
+-extern char *blkdfname; /* "block_data" */
+-extern char *p1_file; /* "p1_file" */
+-extern char *p1_bakfile; /* "p1_file.BAK" */
+-extern char *sortfname; /* "init_file" */
++extern char initfname[]; /* "raw_data" */
++extern char blkdfname[]; /* "block_data" */
++extern char p1_file[]; /* "p1_file" */
++extern char p1_bakfile[]; /* "p1_file.BAK" */
++extern char sortfname[]; /* "init_file" */
+ extern char *proto_fname; /* "proto_file" */
+ FILE *protofile;
+
+diff -uNr f2c-20010821.orig/src/sysdep.c f2c-20010821/src/sysdep.c
+--- f2c-20010821.orig/src/sysdep.c 2001-11-05 11:20:49.000000000 -0800
++++ f2c-20010821/src/sysdep.c 2005-07-06 03:16:05.042617688 -0700
+@@ -22,17 +22,18 @@
****************************************************************/
#include "defs.h"
#include "usignal.h"
@@ -8,7 +56,25 @@
char binread[] = "rb", textread[] = "r";
char binwrite[] = "wb", textwrite[] = "w";
-@@ -96,7 +97,9 @@ Un_link_all(int cdelete)
+-char *c_functions = "c_functions";
++char c_functions[64];
+ char *coutput = "c_output";
+-char *initfname = "raw_data";
+-char *initbname = "raw_data.b";
+-char *blkdfname = "block_data";
+-char *p1_file = "p1_file";
+-char *p1_bakfile = "p1_file.BAK";
+-char *sortfname = "init_file";
++char initfname[64];
++char initbname[64];
++char blkdfname[64];
++char p1_file[64];
++char p1_bakfile[64];
++char sortfname[64];
+ char *proto_fname = "proto_file";
+
+ char link_msg[] = "-lf2c -lm"; /* was "-lF77 -lI77 -lm -lc"; */
+@@ -96,7 +97,9 @@
if (!debugflag) {
unlink(c_functions);
unlink(initfname);
@@ -18,7 +84,7 @@
unlink(sortfname);
unlink(blkdfname);
if (cdelete && coutput)
-@@ -107,6 +110,7 @@ Un_link_all(int cdelete)
+@@ -107,6 +110,7 @@
void
set_tmp_names(Void)
{
@@ -26,23 +92,23 @@
int k;
if (debugflag == 1)
return;
-@@ -118,6 +122,15 @@ set_tmp_names(Void)
+@@ -118,6 +122,15 @@
p1_file = blkdfname + k;
p1_bakfile = p1_file + k;
sortfname = p1_bakfile + k;
+#else
-+ sprintf(c_functions, "%s/f2c_func_XXXXXX", tmpdir);
-+ sprintf(initfname, "%s/f2c_rc_XXXXXX", tmpdir);
-+ sprintf(initbname, "%s/f2c_rc.b_XXXXXX", tmpdir);
-+ sprintf(blkdfname, "%s/f2c_blkd_XXXXXX", tmpdir);
-+ sprintf(p1_file, "%s/f2c_p1f_XXXXXX", tmpdir);
-+ sprintf(p1_bakfile, "%s/f2c_p1fb_XXXXXX", tmpdir);
-+ sprintf(sortfname, "%s/f2c_sort_XXXXXX", tmpdir);
++ snprintf(c_functions, sizeof(c_functions), "%s/f2c_func_XXXXXX",
tmpdir);
++ snprintf(initfname, sizeof(initfname), "%s/f2c_rc_XXXXXX", tmpdir);
++ snprintf(initbname, sizeof(initbname), "%s/f2c_rc.b_XXXXXX", tmpdir);
++ snprintf(blkdfname, sizeof(blkdfname), "%s/f2c_blkd_XXXXXX", tmpdir);
++ snprintf(p1_file, sizeof(p1_file), "%s/f2c_p1f_XXXXXX", tmpdir);
++ snprintf(p1_bakfile, sizeof(p1_bakfile), "%s/f2c_p1fb_XXXXXX", tmpdir);
++ snprintf(sortfname, sizeof(sortfname), "%s/f2c_sort_XXXXXX", tmpdir);
+#endif
{
#ifdef MSDOS
char buf[64], *s, *t;
-@@ -156,16 +169,21 @@ set_tmp_names(Void)
+@@ -156,16 +169,21 @@
sprintf(p1_file, "%s%sp1f", t, f2c);
sprintf(p1_bakfile, "%s%sp1fb", t, f2c);
sprintf(sortfname, "%s%ssort", t, f2c);
signature.asc
Description: Digital signature
