reopen 690895 thanks Hello again,
On Thursday 18 October 2012, you wrote: > On 2012-10-18 23:23, Thibaut Gridel wrote: > > Hi! > > Please unblock giflib > > Thank you for your interest. > > We can allow a minimal patch for the hardning fixes (/without/ a > debhelper compat bump) if it goes via unstable, if needed. Please find enclosed proposed new debdiff, only for enabling hardening and fixes. Best Regards, Thibaut
diff -Nru giflib-4.1.6/debian/changelog giflib-4.1.6/debian/changelog --- giflib-4.1.6/debian/changelog 2012-04-28 18:30:07.000000000 +0200 +++ giflib-4.1.6/debian/changelog 2012-10-19 23:04:11.000000000 +0200 @@ -1,3 +1,11 @@ +giflib (4.1.6-10) unstable; urgency=low + + * Fixing fprintf issues by YunQiang Su. + * Hardening build flags (Closes: #673660). + * Updating Standards (no change). + + -- Thibaut Gridel <[email protected]> Fri, 19 Oct 2012 23:03:46 +0200 + giflib (4.1.6-9.1) unstable; urgency=low * Non-maintainer upload. diff -Nru giflib-4.1.6/debian/control giflib-4.1.6/debian/control --- giflib-4.1.6/debian/control 2012-04-28 18:29:49.000000000 +0200 +++ giflib-4.1.6/debian/control 2012-10-19 23:04:11.000000000 +0200 @@ -1,9 +1,9 @@ Source: giflib Section: libs Priority: optional -Maintainer: Thibaut GRIDEL <[email protected]> +Maintainer: Thibaut Gridel <[email protected]> Build-Depends: debhelper (>= 7.0.50~), autotools-dev, automake, autoconf, libtool (>=2.2.6) -Standards-Version: 3.8.3 +Standards-Version: 3.9.3 Homepage: http://giflib.sourceforge.net/ Vcs-Browser: http://git.debian.org/?p=collab-maint/giflib.git;a=summary Vcs-Git: git://git.debian.org/collab-maint/giflib.git diff -Nru giflib-4.1.6/debian/patches/04-fprintf_format_error.patch giflib-4.1.6/debian/patches/04-fprintf_format_error.patch --- giflib-4.1.6/debian/patches/04-fprintf_format_error.patch 1970-01-01 01:00:00.000000000 +0100 +++ giflib-4.1.6/debian/patches/04-fprintf_format_error.patch 2012-10-19 23:04:11.000000000 +0200 @@ -0,0 +1,377 @@ +Index: giflib-4.1.6/util/gif2epsn.c +=================================================================== +--- giflib-4.1.6.orig/util/gif2epsn.c 2011-11-03 17:58:55.451972034 +0800 ++++ giflib-4.1.6/util/gif2epsn.c 2011-11-03 18:02:13.000000000 +0800 +@@ -146,7 +146,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s",VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gif2iris.c +=================================================================== +--- giflib-4.1.6.orig/util/gif2iris.c 2011-11-03 17:58:55.475972156 +0800 ++++ giflib-4.1.6/util/gif2iris.c 2011-11-03 18:02:13.000000000 +0800 +@@ -111,7 +111,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gif2ps.c +=================================================================== +--- giflib-4.1.6.orig/util/gif2ps.c 2011-11-03 17:58:55.503972298 +0800 ++++ giflib-4.1.6/util/gif2ps.c 2011-11-03 18:02:13.000000000 +0800 +@@ -129,7 +129,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gif2rgb.c +=================================================================== +--- giflib-4.1.6.orig/util/gif2rgb.c 2011-11-03 17:58:55.539972474 +0800 ++++ giflib-4.1.6/util/gif2rgb.c 2011-11-03 18:02:13.000000000 +0800 +@@ -108,7 +108,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gif2rle.c +=================================================================== +--- giflib-4.1.6.orig/util/gif2rle.c 2011-11-03 17:58:55.567972612 +0800 ++++ giflib-4.1.6/util/gif2rle.c 2011-11-03 18:02:13.000000000 +0800 +@@ -103,7 +103,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gifasm.c +=================================================================== +--- giflib-4.1.6.orig/util/gifasm.c 2011-11-03 17:58:55.587972712 +0800 ++++ giflib-4.1.6/util/gifasm.c 2011-11-03 18:02:13.000000000 +0800 +@@ -98,7 +98,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gifbg.c +=================================================================== +--- giflib-4.1.6.orig/util/gifbg.c 2011-11-03 18:02:13.000000000 +0800 ++++ giflib-4.1.6/util/gifbg.c 2011-11-03 18:04:31.945640624 +0800 +@@ -130,7 +130,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gifclip.c +=================================================================== +--- giflib-4.1.6.orig/util/gifclip.c 2011-11-03 17:58:55.643972986 +0800 ++++ giflib-4.1.6/util/gifclip.c 2011-11-03 18:02:13.000000000 +0800 +@@ -92,7 +92,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gifclrmp.c +=================================================================== +--- giflib-4.1.6.orig/util/gifclrmp.c 2011-11-03 17:58:55.667973112 +0800 ++++ giflib-4.1.6/util/gifclrmp.c 2011-11-03 18:02:13.000000000 +0800 +@@ -111,7 +111,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gifcolor.c +=================================================================== +--- giflib-4.1.6.orig/util/gifcolor.c 2011-11-03 17:58:55.687973208 +0800 ++++ giflib-4.1.6/util/gifcolor.c 2011-11-03 18:02:13.000000000 +0800 +@@ -89,7 +89,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gifcomb.c +=================================================================== +--- giflib-4.1.6.orig/util/gifcomb.c 2011-11-03 17:58:55.707973306 +0800 ++++ giflib-4.1.6/util/gifcomb.c 2011-11-03 18:02:13.000000000 +0800 +@@ -93,7 +93,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/giffix.c +=================================================================== +--- giflib-4.1.6.orig/util/giffix.c 2011-11-03 17:58:55.863974080 +0800 ++++ giflib-4.1.6/util/giffix.c 2011-11-03 18:02:13.000000000 +0800 +@@ -90,7 +90,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gifflip.c +=================================================================== +--- giflib-4.1.6.orig/util/gifflip.c 2011-11-03 17:58:55.891974218 +0800 ++++ giflib-4.1.6/util/gifflip.c 2011-11-03 18:02:13.000000000 +0800 +@@ -104,7 +104,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gifhisto.c +=================================================================== +--- giflib-4.1.6.orig/util/gifhisto.c 2011-11-03 17:58:55.931974418 +0800 ++++ giflib-4.1.6/util/gifhisto.c 2011-11-03 18:02:13.000000000 +0800 +@@ -112,7 +112,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gifinfo.c +=================================================================== +--- giflib-4.1.6.orig/util/gifinfo.c 2011-11-03 17:58:55.963974576 +0800 ++++ giflib-4.1.6/util/gifinfo.c 2011-11-03 18:02:13.000000000 +0800 +@@ -104,7 +104,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + printf("Format: quoted text string used for formating of information\n"); + printf(" Special characters for various information can be used\n"); +Index: giflib-4.1.6/util/gifinter.c +=================================================================== +--- giflib-4.1.6.orig/util/gifinter.c 2011-11-03 17:58:56.003974774 +0800 ++++ giflib-4.1.6/util/gifinter.c 2011-11-03 18:02:13.000000000 +0800 +@@ -98,7 +98,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gifinto.c +=================================================================== +--- giflib-4.1.6.orig/util/gifinto.c 2011-11-03 17:58:56.039974952 +0800 ++++ giflib-4.1.6/util/gifinto.c 2011-11-03 18:02:13.000000000 +0800 +@@ -96,7 +96,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gifovly.c +=================================================================== +--- giflib-4.1.6.orig/util/gifovly.c 2011-11-03 17:58:56.059975052 +0800 ++++ giflib-4.1.6/util/gifovly.c 2011-11-03 18:02:13.000000000 +0800 +@@ -73,7 +73,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gifpos.c +=================================================================== +--- giflib-4.1.6.orig/util/gifpos.c 2011-11-03 17:58:56.083975170 +0800 ++++ giflib-4.1.6/util/gifpos.c 2011-11-03 18:02:13.000000000 +0800 +@@ -90,7 +90,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gifrotat.c +=================================================================== +--- giflib-4.1.6.orig/util/gifrotat.c 2011-11-03 17:58:56.111975310 +0800 ++++ giflib-4.1.6/util/gifrotat.c 2011-11-03 18:02:13.000000000 +0800 +@@ -117,7 +117,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gifrsize.c +=================================================================== +--- giflib-4.1.6.orig/util/gifrsize.c 2011-11-03 17:58:56.143975468 +0800 ++++ giflib-4.1.6/util/gifrsize.c 2011-11-03 18:02:13.000000000 +0800 +@@ -113,7 +113,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/giftext.c +=================================================================== +--- giflib-4.1.6.orig/util/giftext.c 2011-11-03 17:58:56.183975670 +0800 ++++ giflib-4.1.6/util/giftext.c 2011-11-03 18:02:13.000000000 +0800 +@@ -102,7 +102,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gifwedge.c +=================================================================== +--- giflib-4.1.6.orig/util/gifwedge.c 2011-11-03 17:58:56.215975826 +0800 ++++ giflib-4.1.6/util/gifwedge.c 2011-11-03 18:02:13.000000000 +0800 +@@ -94,7 +94,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/icon2gif.c +=================================================================== +--- giflib-4.1.6.orig/util/icon2gif.c 2011-11-03 17:58:56.243975968 +0800 ++++ giflib-4.1.6/util/icon2gif.c 2011-11-03 18:02:13.000000000 +0800 +@@ -94,7 +94,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/raw2gif.c +=================================================================== +--- giflib-4.1.6.orig/util/raw2gif.c 2011-11-03 17:58:56.263976064 +0800 ++++ giflib-4.1.6/util/raw2gif.c 2011-11-03 18:02:13.000000000 +0800 +@@ -118,7 +118,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/rgb2gif.c +=================================================================== +--- giflib-4.1.6.orig/util/rgb2gif.c 2011-11-03 17:58:56.287976186 +0800 ++++ giflib-4.1.6/util/rgb2gif.c 2011-11-03 18:02:13.000000000 +0800 +@@ -111,7 +111,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/rle2gif.c +=================================================================== +--- giflib-4.1.6.orig/util/rle2gif.c 2011-11-03 17:58:56.311976302 +0800 ++++ giflib-4.1.6/util/rle2gif.c 2011-11-03 18:02:13.000000000 +0800 +@@ -105,7 +105,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/text2gif.c +=================================================================== +--- giflib-4.1.6.orig/util/text2gif.c 2011-11-03 17:58:56.335976420 +0800 ++++ giflib-4.1.6/util/text2gif.c 2011-11-03 18:02:13.000000000 +0800 +@@ -107,7 +107,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } +Index: giflib-4.1.6/util/gif2x11.c +=================================================================== +--- giflib-4.1.6.orig/util/gif2x11.c 2011-11-03 17:58:56.363976560 +0800 ++++ giflib-4.1.6/util/gif2x11.c 2011-11-03 18:02:13.000000000 +0800 +@@ -143,7 +143,7 @@ + } + + if (HelpFlag) { +- fprintf(stderr, VersionStr); ++ fprintf(stderr, "%s", VersionStr); + GAPrintHowTo(CtrlStr); + exit(EXIT_SUCCESS); + } diff -Nru giflib-4.1.6/debian/patches/series giflib-4.1.6/debian/patches/series --- giflib-4.1.6/debian/patches/series 2010-01-13 21:22:18.000000000 +0100 +++ giflib-4.1.6/debian/patches/series 2012-10-19 23:04:11.000000000 +0200 @@ -1,3 +1,4 @@ 01-cve.patch 02-doc_fixes.patch 03-spelling_fixes.patch +04-fprintf_format_error.patch diff -Nru giflib-4.1.6/debian/rules giflib-4.1.6/debian/rules --- giflib-4.1.6/debian/rules 2010-01-13 21:22:18.000000000 +0100 +++ giflib-4.1.6/debian/rules 2012-10-19 23:04:11.000000000 +0200 @@ -26,7 +26,8 @@ override_dh_auto_configure: autoreconf -fi - dh_auto_configure -- --disable-x11 --disable-rpath + dh_auto_configure -- --disable-x11 --disable-rpath \ + $(shell dpkg-buildflags --export=configure) override_dh_auto_install: dh_auto_install
