Package: mini-httpd Version: 1.21-1 Severity: important Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu xenial ubuntu-patch
Hi José, The Ubuntu autobuilders have detected a problem with your package on 64-bit architectures. The code is using the crypt() function, without including <crypt.h>, which means there's an implicit declaration. Implicit declarations are treated as returning an int, but crypt returns a pointer. This means that on 64-bit architectures the return value will be truncated, typically resulting in a segfault. I have only marked this bug as 'important' because I don't know how important the password handling is to mini-httpd. Maybe the bug should be treated as 'serious' or 'grave'. Regardless, such segfault bugs are treated as build failures in Ubuntu, so I've applied the attached patch in Ubuntu to fix the failure. Thanks for considering the patch. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
diff -Nru mini-httpd-1.21/debian/patches/missing-prototypes mini-httpd-1.21/debian/patches/missing-prototypes --- mini-httpd-1.21/debian/patches/missing-prototypes 1969-12-31 16:00:00.000000000 -0800 +++ mini-httpd-1.21/debian/patches/missing-prototypes 2016-03-23 17:00:49.000000000 -0700 @@ -0,0 +1,33 @@ +Description: include missing headers to ensure proper declarations + mini_httpd uses several standard C functions without including the proper + headers needed to pick up their declarations. One of these functions, + crypt(), returns a pointer. Failure to include the header means the return + type is assumed to be an int, which means the pointer is implicitly cast to + an int, which loses data on 64-bit architectures. +Author: Steve Langasek <steve.langa...@ubuntu.com> + +Index: mini-httpd-1.21/mini_httpd.c +=================================================================== +--- mini-httpd-1.21.orig/mini_httpd.c ++++ mini-httpd-1.21/mini_httpd.c +@@ -52,6 +52,8 @@ + #include <arpa/inet.h> + #include <netdb.h> + #include <dirent.h> ++#include <crypt.h> ++#include <grp.h> + + #include "port.h" + #include "match.h" +Index: mini-httpd-1.21/htpasswd.c +=================================================================== +--- mini-httpd-1.21.orig/htpasswd.c ++++ mini-httpd-1.21/htpasswd.c +@@ -15,6 +15,7 @@ + #include <stdlib.h> + #include <time.h> + #include <unistd.h> ++#include <crypt.h> + + #define LF 10 + #define CR 13 diff -Nru mini-httpd-1.21/debian/patches/series mini-httpd-1.21/debian/patches/series --- mini-httpd-1.21/debian/patches/series 2015-09-14 07:43:55.000000000 -0700 +++ mini-httpd-1.21/debian/patches/series 2016-03-23 16:58:39.000000000 -0700 @@ -4,3 +4,4 @@ 03-cgi-php fix-makefile 05-manpage-hyphen +missing-prototypes