Your message dated Sat, 16 Jan 2016 11:32:07 +0000
with message-id <[email protected]>
and subject line Bug#795879: fixed in curlftpfs 0.9.2-9~deb8u1
has caused the Debian Bug report #795879,
regarding curlftpfs misbuilds on 64-bit architectures (missing getpass 
prototype)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
795879: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795879
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: curlftpfs
Version: 0.9.2-8
Severity: serious

The latest version of curlftpfs is misbuilding on 64-bit architectures, due
to a missing prototype for the getpass() function:

ftpfs.c: In function 'checkpasswd':
ftpfs.c:1691:5: warning: implicit declaration of function 'getpass' 
[-Wimplicit-function-declaration]
     passwd = getpass(prompt);
     ^
ftpfs.c:1691:12: warning: assignment makes pointer from integer without a cast 
[enabled by default]
     passwd = getpass(prompt);
            ^

(https://buildd.debian.org/status/fetch.php?pkg=curlftpfs&arch=s390x&ver=0.9.2-8&stamp=1400148134)

This error was detected by the Ubuntu buildds, where such wrong casts are
treated as fatal errors, but the problem is present on Debian as well.

I'm not sure why this problem was not seen in version 0.9.2-7, but it's
definitely a new issue between -7 and -8.  So either this is a regression
in the curlftpfs source or a regression caused by a change in behavior of
the system headers.

I'm filing this bug at severity: serious because this is a latent crasher
bug (truncating a pointer and then dereferencing it will give a segfault,
and this will happen on at least some 64-bit architectures).  However, it's
possible that the particular crash is in an uncommon code path in which case
you may prefer to downgrade the bug severity.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
[email protected]                                     [email protected]

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message ---
Source: curlftpfs
Source-Version: 0.9.2-9~deb8u1

We believe that the bug you reported is fixed in the latest version of
curlftpfs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <[email protected]> (supplier of updated curlftpfs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 15 Jan 2016 23:28:36 +0100
Source: curlftpfs
Binary: curlftpfs
Architecture: source
Version: 0.9.2-9~deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Vincent Bernat <[email protected]>
Changed-By: Andreas Beckmann <[email protected]>
Description:
 curlftpfs  - filesystem to access FTP hosts based on FUSE and cURL
Closes: 795879
Changes:
 curlftpfs (0.9.2-9~deb8u1) jessie; urgency=medium
 .
   * Non-maintainer upload with maintainer approval.
   * Rebuild for jessie.
 .
 curlftpfs (0.9.2-9) unstable; urgency=medium
 .
   * Avoid unsafe cast for getpass() on 64-bit archs. Closes: #795879.
   * Bump Standards-Version to 3.9.6.
Checksums-Sha1:
 6f00dc434a866287382557d376a0bef2ef4c30ab 2014 curlftpfs_0.9.2-9~deb8u1.dsc
 fce19791e179fe04ff024ca57f2bd5b7386ede80 5068 
curlftpfs_0.9.2-9~deb8u1.debian.tar.xz
Checksums-Sha256:
 60d7a5c07f5777c66b2836a54f1aa2123d983b55f31f25895790bae98ce8e439 2014 
curlftpfs_0.9.2-9~deb8u1.dsc
 dc1d4984bc486680e60e5c864dfa9f2d7e08692e2bb5837e9815a054494e5f1f 5068 
curlftpfs_0.9.2-9~deb8u1.debian.tar.xz
Files:
 e45d601faa39955cf37f9543a6ea07a4 2014 utils optional 
curlftpfs_0.9.2-9~deb8u1.dsc
 d948a71c32c38cf7fd35da17a44e45c0 5068 utils optional 
curlftpfs_0.9.2-9~deb8u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWmXO5AAoJEF+zP5NZ6e0I/v8P/RbMERfVvLz5DQuhDEp5OFOX
1mqtulVwDVxHByIKZ20XyEKeMLUqjmtz+Dk6KzNdwMK4Fygz6N0V8N6ZLR9n4FST
BUxKlPlonZMhS31kkz4Iv63MFqnXUxvQWmMHpuW3XHfcmlyzACWG1ODcDDwvIK2O
V6If//lHLbwTKzU6BjmPmlYY6iq5ZRJB6CJ/LWRYVrT5F9GGsTLJecSIVowDs/IM
yBqdVL4ZeEJBgE9EWxEd6vYcv84Uxi0jbB1DRsBVWBF3Tv2XXPERJ+IDvgoxKDhx
oFee5cnJA35Cj3fTelAMjuC+rFVOEEal8DhCTHjE1SIPXQIRv9c/viTCI/wJ2NV0
cjwUYFBYAw6cmIF+IwyhM+aijWxib++H9uWl8PSey6KcvWOJ97I0YqgzKj8uH6bK
PIb8BwTe7nn3UVezQS1GfrtmCw4JHTG0EzWb5agccDnevNLX3GdqAPzWCptNb/RQ
yxUeI0i/VzjziAC7S8ipIwffji54jKqFKjEvuH1Bxm4zaU6MAoAO6EEemtC0q2ye
ec1uiCqD52Ij537RiqxYGYbSMxPpZ1Q5NTr5nCKU/SZV6boYf5BcooKRYfeOvOb2
1F8f9vqhQZmwoP+CdtzRc8V+sC13tNdXuvIKn9drnwCuqugnSAlQ7foIzjZOswr/
9urLn4bh/914QAL62RWB
=z7bW
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to