Bug#795879: curlftpfs misbuilds on 64-bit architectures (missing getpass prototype)
❦ 9 décembre 2015 07:24 +0100, Andreas Beckmann: > do you plan to fix this bug in jessie, too? The next point release will > probably be in January. A simple backport of the sid package should be > sufficient, proposed patch attached. Isn't backports reserved for some special cases? This doesn't matter much here since there is virtually no difference, but wouldn't it better to call this new version 0.9.2-8+deb8u1? I am quite busy now. I'll try to push the patch to the release team but if you want to do it yourself, please do. -- Don't comment bad code - rewrite it. - The Elements of Programming Style (Kernighan & Plauger) signature.asc Description: PGP signature
Bug#795879: curlftpfs misbuilds on 64-bit architectures (missing getpass prototype)
Followup-For: Bug #795879 Hi Vincent, do you plan to fix this bug in jessie, too? The next point release will probably be in January. A simple backport of the sid package should be sufficient, proposed patch attached. Andreas diff -Nru curlftpfs-0.9.2/debian/changelog curlftpfs-0.9.2/debian/changelog --- curlftpfs-0.9.2/debian/changelog 2014-05-15 10:23:06.0 +0200 +++ curlftpfs-0.9.2/debian/changelog 2015-12-09 07:14:10.0 +0100 @@ -1,3 +1,17 @@ +curlftpfs (0.9.2-9~deb8u1) jessie; urgency=medium + + * Non-maintainer upload. + * Rebuild for jessie. + + -- Andreas BeckmannWed, 09 Dec 2015 07:13:25 +0100 + +curlftpfs (0.9.2-9) unstable; urgency=medium + + * Avoid unsafe cast for getpass() on 64-bit archs. Closes: #795879. + * Bump Standards-Version to 3.9.6. + + -- Vincent Bernat Mon, 17 Aug 2015 18:51:14 +0200 + curlftpfs (0.9.2-8) unstable; urgency=medium * Fix inconsistent use of _XOPEN_SOURCE flag. Closes: #748143. diff -Nru curlftpfs-0.9.2/debian/control curlftpfs-0.9.2/debian/control --- curlftpfs-0.9.2/debian/control 2014-05-10 09:47:33.0 +0200 +++ curlftpfs-0.9.2/debian/control 2015-08-17 18:53:36.0 +0200 @@ -6,7 +6,7 @@ libglib2.0-dev, libcurl4-gnutls-dev, libfuse-dev, dh-autoreconf Build-Conflicts: libcurl4-openssl-dev -Standards-Version: 3.9.5 +Standards-Version: 3.9.6 Homepage: http://curlftpfs.sourceforge.net Vcs-Svn: svn://anonscm.debian.org/collab-maint/deb-maint/curlftpfs/trunk/ Vcs-Browser: http://anonscm.debian.org/viewvc/collab-maint/deb-maint/curlftpfs/trunk/ diff -Nru curlftpfs-0.9.2/debian/patches/getpass-prototype.patch curlftpfs-0.9.2/debian/patches/getpass-prototype.patch --- curlftpfs-0.9.2/debian/patches/getpass-prototype.patch 1970-01-01 01:00:00.0 +0100 +++ curlftpfs-0.9.2/debian/patches/getpass-prototype.patch 2015-08-17 18:50:43.0 +0200 @@ -0,0 +1,20 @@ +Description: add getpass() prototype + This function has been deprecated and is not declared with + _XOPEN_SOURCE>=600. To avoid fiddling too much with feature flags, we + just add its prototype to ensure a correct declaration. +Forwarded: no (dead upstream) +Bug: #795879 + +Index: curlftpfs-0.9.2/ftpfs.c +=== +--- curlftpfs-0.9.2.orig/ftpfs.c curlftpfs-0.9.2/ftpfs.c +@@ -36,6 +36,8 @@ + + #define MAX_BUFFER_LEN (300*1024) + ++extern char *getpass(const char *prompt); ++ + struct ftpfs ftpfs; + static char error_buf[CURL_ERROR_SIZE]; + diff -Nru curlftpfs-0.9.2/debian/patches/series curlftpfs-0.9.2/debian/patches/series --- curlftpfs-0.9.2/debian/patches/series 2014-05-15 10:13:21.0 +0200 +++ curlftpfs-0.9.2/debian/patches/series 2015-08-17 18:47:12.0 +0200 @@ -3,3 +3,4 @@ nocache-memleak-fix.patch curlftpfs__no_verify_hostname.patch consistent-feature-flag.patch +getpass-prototype.patch
Bug#795879: curlftpfs misbuilds on 64-bit architectures (missing getpass prototype)
❦ 17 août 2015 18:32 +0200, Steve Langasek vor...@debian.org : The latest version of curlftpfs is misbuilding on 64-bit architectures, due to a missing prototype for the getpass() function: ftpfs.c: In function 'checkpasswd': ftpfs.c:1691:5: warning: implicit declaration of function 'getpass' [-Wimplicit-function-declaration] passwd = getpass(prompt); ^ ftpfs.c:1691:12: warning: assignment makes pointer from integer without a cast [enabled by default] passwd = getpass(prompt); ^ (https://buildd.debian.org/status/fetch.php?pkg=curlftpfsarch=s390xver=0.9.2-8stamp=1400148134) Just uploaded a fix. To avoid too much fiddling with feature flags, I simply add the appropriate forward-declaration in ftpfs.c. -- Take care to branch the right way on equality. - The Elements of Programming Style (Kernighan Plauger) signature.asc Description: PGP signature
Bug#795879: curlftpfs misbuilds on 64-bit architectures (missing getpass prototype)
Package: curlftpfs Version: 0.9.2-8 Severity: serious The latest version of curlftpfs is misbuilding on 64-bit architectures, due to a missing prototype for the getpass() function: ftpfs.c: In function 'checkpasswd': ftpfs.c:1691:5: warning: implicit declaration of function 'getpass' [-Wimplicit-function-declaration] passwd = getpass(prompt); ^ ftpfs.c:1691:12: warning: assignment makes pointer from integer without a cast [enabled by default] passwd = getpass(prompt); ^ (https://buildd.debian.org/status/fetch.php?pkg=curlftpfsarch=s390xver=0.9.2-8stamp=1400148134) This error was detected by the Ubuntu buildds, where such wrong casts are treated as fatal errors, but the problem is present on Debian as well. I'm not sure why this problem was not seen in version 0.9.2-7, but it's definitely a new issue between -7 and -8. So either this is a regression in the curlftpfs source or a regression caused by a change in behavior of the system headers. I'm filing this bug at severity: serious because this is a latent crasher bug (truncating a pointer and then dereferencing it will give a segfault, and this will happen on at least some 64-bit architectures). However, it's possible that the particular crash is in an uncommon code path in which case you may prefer to downgrade the bug severity. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: Digital signature
Bug#795879: curlftpfs misbuilds on 64-bit architectures (missing getpass prototype)
❦ 17 août 2015 18:32 +0200, Steve Langasek vor...@debian.org : The latest version of curlftpfs is misbuilding on 64-bit architectures, due to a missing prototype for the getpass() function: ftpfs.c: In function 'checkpasswd': ftpfs.c:1691:5: warning: implicit declaration of function 'getpass' [-Wimplicit-function-declaration] passwd = getpass(prompt); ^ ftpfs.c:1691:12: warning: assignment makes pointer from integer without a cast [enabled by default] passwd = getpass(prompt); ^ (https://buildd.debian.org/status/fetch.php?pkg=curlftpfsarch=s390xver=0.9.2-8stamp=1400148134) This error was detected by the Ubuntu buildds, where such wrong casts are treated as fatal errors, but the problem is present on Debian as well. I'm not sure why this problem was not seen in version 0.9.2-7, but it's definitely a new issue between -7 and -8. So either this is a regression in the curlftpfs source or a regression caused by a change in behavior of the system headers. This is due to the use of -D_XOPEN_SOURCE=600 for the whole codebase which was added due to #748143. However, getpass() gets deprecated in the process. I'll try to find a solution to this. -- Let the data structure the program. - The Elements of Programming Style (Kernighan Plauger) signature.asc Description: PGP signature