Source: herculesstudio Source-Version: 1.3.0-2 Severity: serious Tags: wheezy Control: fixed -1 1.4.0-1
Hi! This package contains a bogus patch, which makes latest dpkg-source in stable to be unable to correctly unpack the source, due to more strict parsing of patches required to disallow path traversal vulnerabilities. The broken patch has a line-wrapped --- header line. Here's a simple patch fixing this. It would be nice if this could be fixed in stable, otherwise the source cannot be unpacked normally. I'm ready to help with such release if needed, given that the “regression” was caused by the dpkg update. (Unstable is unaffected.) This was found by David Suárez in an archive-wide check: <https://lists.debian.org/debian-dpkg/2014/07/msg00002.html> Thanks, Guillem
diff -Nru herculesstudio-1.3.0/debian/changelog herculesstudio-1.3.0/debian/changelog --- herculesstudio-1.3.0/debian/changelog 2012-04-10 15:45:56.000000000 +0200 +++ herculesstudio-1.3.0/debian/changelog 2014-07-05 23:12:50.000000000 +0200 @@ -1,3 +1,10 @@ +herculesstudio (1.3.0-2.1) UNRELEASED; urgency=low + + * Non-maintainer upload. + * Fix broken patch headers. + + -- Guillem Jover <guil...@debian.org> Sat, 05 Jul 2014 23:12:50 +0200 + herculesstudio (1.3.0-2) unstable; urgency=low * debian/copyright: diff -Nru herculesstudio-1.3.0/debian/patches/fix-ftbfs-g++-4.7.patch herculesstudio-1.3.0/debian/patches/fix-ftbfs-g++-4.7.patch --- herculesstudio-1.3.0/debian/patches/fix-ftbfs-g++-4.7.patch 2012-04-10 14:36:53.000000000 +0200 +++ herculesstudio-1.3.0/debian/patches/fix-ftbfs-g++-4.7.patch 2014-07-05 23:09:36.000000000 +0200 @@ -1,5 +1,6 @@ Description: Fix FTBFS with g++ 4.7 -Origin: upstream, http://hercstudio.svn.sourceforge.net/viewvc/hercstudio?view=revision&revision=139--- a/HercStudio/HerculesExecutor.cpp +Origin: upstream, http://hercstudio.svn.sourceforge.net/viewvc/hercstudio?view=revision&revision=139 +--- a/HercStudio/HerculesExecutor.cpp +++ b/HercStudio/HerculesExecutor.cpp @@ -33,6 +33,7 @@ #include <fcntl.h>
