Bug#795879: curlftpfs misbuilds on 64-bit architectures (missing getpass prototype)

2015-12-14 Thread Vincent Bernat 
 ❦  9 décembre 2015 07:24 +0100, Andreas Beckmann  :

> do you plan to fix this bug in jessie, too? The next point release will
> probably be in January. A simple backport of the sid package should be
> sufficient, proposed patch attached.

Isn't backports reserved for some special cases? This doesn't matter
much here since there is virtually no difference, but wouldn't it better
to call this new version 0.9.2-8+deb8u1?

I am quite busy now. I'll try to push the patch to the release team but
if you want to do it yourself, please do.
-- 
Don't comment bad code - rewrite it.
- The Elements of Programming Style (Kernighan & Plauger)


signature.asc
Description: PGP signature

Bug#795879: curlftpfs misbuilds on 64-bit architectures (missing getpass prototype)

2015-12-08 Thread Andreas Beckmann 
Followup-For: Bug #795879

Hi Vincent,

do you plan to fix this bug in jessie, too? The next point release will
probably be in January. A simple backport of the sid package should be
sufficient, proposed patch attached.


Andreas
diff -Nru curlftpfs-0.9.2/debian/changelog curlftpfs-0.9.2/debian/changelog
--- curlftpfs-0.9.2/debian/changelog	2014-05-15 10:23:06.0 +0200
+++ curlftpfs-0.9.2/debian/changelog	2015-12-09 07:14:10.0 +0100
@@ -1,3 +1,17 @@
+curlftpfs (0.9.2-9~deb8u1) jessie; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for jessie.
+
+ -- Andreas Beckmann   Wed, 09 Dec 2015 07:13:25 +0100
+
+curlftpfs (0.9.2-9) unstable; urgency=medium
+
+  * Avoid unsafe cast for getpass() on 64-bit archs. Closes: #795879.
+  * Bump Standards-Version to 3.9.6.
+
+ -- Vincent Bernat   Mon, 17 Aug 2015 18:51:14 +0200
+
 curlftpfs (0.9.2-8) unstable; urgency=medium
 
   * Fix inconsistent use of _XOPEN_SOURCE flag. Closes: #748143.
diff -Nru curlftpfs-0.9.2/debian/control curlftpfs-0.9.2/debian/control
--- curlftpfs-0.9.2/debian/control	2014-05-10 09:47:33.0 +0200
+++ curlftpfs-0.9.2/debian/control	2015-08-17 18:53:36.0 +0200
@@ -6,7 +6,7 @@
 	   libglib2.0-dev, libcurl4-gnutls-dev, libfuse-dev,
dh-autoreconf
 Build-Conflicts: libcurl4-openssl-dev
-Standards-Version: 3.9.5
+Standards-Version: 3.9.6
 Homepage: http://curlftpfs.sourceforge.net
 Vcs-Svn: svn://anonscm.debian.org/collab-maint/deb-maint/curlftpfs/trunk/
 Vcs-Browser: http://anonscm.debian.org/viewvc/collab-maint/deb-maint/curlftpfs/trunk/
diff -Nru curlftpfs-0.9.2/debian/patches/getpass-prototype.patch curlftpfs-0.9.2/debian/patches/getpass-prototype.patch
--- curlftpfs-0.9.2/debian/patches/getpass-prototype.patch	1970-01-01 01:00:00.0 +0100
+++ curlftpfs-0.9.2/debian/patches/getpass-prototype.patch	2015-08-17 18:50:43.0 +0200
@@ -0,0 +1,20 @@
+Description: add getpass() prototype
+ This function has been deprecated and is not declared with
+ _XOPEN_SOURCE>=600. To avoid fiddling too much with feature flags, we
+ just add its prototype to ensure a correct declaration.
+Forwarded: no (dead upstream)
+Bug: #795879
+
+Index: curlftpfs-0.9.2/ftpfs.c
+===
+--- curlftpfs-0.9.2.orig/ftpfs.c
 curlftpfs-0.9.2/ftpfs.c
+@@ -36,6 +36,8 @@
+ 
+ #define MAX_BUFFER_LEN (300*1024)
+ 
++extern char *getpass(const char *prompt);
++
+ struct ftpfs ftpfs;
+ static char error_buf[CURL_ERROR_SIZE];
+ 
diff -Nru curlftpfs-0.9.2/debian/patches/series curlftpfs-0.9.2/debian/patches/series
--- curlftpfs-0.9.2/debian/patches/series	2014-05-15 10:13:21.0 +0200
+++ curlftpfs-0.9.2/debian/patches/series	2015-08-17 18:47:12.0 +0200
@@ -3,3 +3,4 @@
 nocache-memleak-fix.patch
 curlftpfs__no_verify_hostname.patch
 consistent-feature-flag.patch
+getpass-prototype.patch

Bug#795879: curlftpfs misbuilds on 64-bit architectures (missing getpass prototype)

2015-08-17 Thread Vincent Bernat 
 ❦ 17 août 2015 18:32 +0200, Steve Langasek vor...@debian.org :

 The latest version of curlftpfs is misbuilding on 64-bit architectures, due
 to a missing prototype for the getpass() function:

 ftpfs.c: In function 'checkpasswd':
 ftpfs.c:1691:5: warning: implicit declaration of function 'getpass' 
 [-Wimplicit-function-declaration]
  passwd = getpass(prompt);
  ^
 ftpfs.c:1691:12: warning: assignment makes pointer from integer without a 
 cast [enabled by default]
  passwd = getpass(prompt);
 ^

 (https://buildd.debian.org/status/fetch.php?pkg=curlftpfsarch=s390xver=0.9.2-8stamp=1400148134)

Just uploaded a fix. To avoid too much fiddling with feature flags, I
simply add the appropriate forward-declaration in ftpfs.c.
-- 
Take care to branch the right way on equality.
- The Elements of Programming Style (Kernighan  Plauger)


signature.asc
Description: PGP signature

Bug#795879: curlftpfs misbuilds on 64-bit architectures (missing getpass prototype)

2015-08-17 Thread Steve Langasek 
Package: curlftpfs
Version: 0.9.2-8
Severity: serious

The latest version of curlftpfs is misbuilding on 64-bit architectures, due
to a missing prototype for the getpass() function:

ftpfs.c: In function 'checkpasswd':
ftpfs.c:1691:5: warning: implicit declaration of function 'getpass' 
[-Wimplicit-function-declaration]
 passwd = getpass(prompt);
 ^
ftpfs.c:1691:12: warning: assignment makes pointer from integer without a cast 
[enabled by default]
 passwd = getpass(prompt);
^

(https://buildd.debian.org/status/fetch.php?pkg=curlftpfsarch=s390xver=0.9.2-8stamp=1400148134)

This error was detected by the Ubuntu buildds, where such wrong casts are
treated as fatal errors, but the problem is present on Debian as well.

I'm not sure why this problem was not seen in version 0.9.2-7, but it's
definitely a new issue between -7 and -8.  So either this is a regression
in the curlftpfs source or a regression caused by a change in behavior of
the system headers.

I'm filing this bug at severity: serious because this is a latent crasher
bug (truncating a pointer and then dereferencing it will give a segfault,
and this will happen on at least some 64-bit architectures).  However, it's
possible that the particular crash is in an uncommon code path in which case
you may prefer to downgrade the bug severity.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: Digital signature

Bug#795879: curlftpfs misbuilds on 64-bit architectures (missing getpass prototype)

2015-08-17 Thread Vincent Bernat 
 ❦ 17 août 2015 18:32 +0200, Steve Langasek vor...@debian.org :

 The latest version of curlftpfs is misbuilding on 64-bit architectures, due
 to a missing prototype for the getpass() function:

 ftpfs.c: In function 'checkpasswd':
 ftpfs.c:1691:5: warning: implicit declaration of function 'getpass' 
 [-Wimplicit-function-declaration]
  passwd = getpass(prompt);
  ^
 ftpfs.c:1691:12: warning: assignment makes pointer from integer without a 
 cast [enabled by default]
  passwd = getpass(prompt);
 ^

 (https://buildd.debian.org/status/fetch.php?pkg=curlftpfsarch=s390xver=0.9.2-8stamp=1400148134)

 This error was detected by the Ubuntu buildds, where such wrong casts are
 treated as fatal errors, but the problem is present on Debian as well.

 I'm not sure why this problem was not seen in version 0.9.2-7, but it's
 definitely a new issue between -7 and -8.  So either this is a regression
 in the curlftpfs source or a regression caused by a change in behavior of
 the system headers.

This is due to the use of -D_XOPEN_SOURCE=600 for the whole codebase
which was added due to #748143. However, getpass() gets deprecated in
the process. I'll try to find a solution to this.
-- 
Let the data structure the program.
- The Elements of Programming Style (Kernighan  Plauger)


signature.asc
Description: PGP signature