diff -Nru libmysofa-1.2~dfsg0/CMakeLists.txt libmysofa-1.2.1~dfsg0/CMakeLists.txt --- libmysofa-1.2~dfsg0/CMakeLists.txt 2021-01-24 17:20:42.000000000 +0000 +++ libmysofa-1.2.1~dfsg0/CMakeLists.txt 2021-10-03 16:03:49.000000000 +0000 @@ -82,7 +82,9 @@ 135 136 137 - 138) + 138 + 156 + 163) # issues with osx 96) add_test(fail-issue-${ISSUE} ${PROJECT_SOURCE_DIR}/tests/notcrashed.sh ${PROJECT_SOURCE_DIR}/tests/fail-issue-${ISSUE}) diff -Nru libmysofa-1.2~dfsg0/debian/changelog libmysofa-1.2.1~dfsg0/debian/changelog --- libmysofa-1.2~dfsg0/debian/changelog 2021-01-29 23:03:30.000000000 +0000 +++ libmysofa-1.2.1~dfsg0/debian/changelog 2021-11-16 11:33:49.000000000 +0000 @@ -1,3 +1,12 @@ +libmysofa (1.2.1~dfsg0-1) unstable; urgency=medium + + * New upstream version 1.2.1~dfsg0 + * Refresh patches + * Patch to use 'command -v' instead of 'which' + * Bump standards version to 4.6.0 + + -- IOhannes m zmölnig (Debian/GNU) Tue, 16 Nov 2021 12:33:49 +0100 + libmysofa (1.2~dfsg0-1) unstable; urgency=medium * New upstream version 1.2~dfsg0 diff -Nru libmysofa-1.2~dfsg0/debian/control libmysofa-1.2.1~dfsg0/debian/control --- libmysofa-1.2~dfsg0/debian/control 2021-01-29 23:03:30.000000000 +0000 +++ libmysofa-1.2.1~dfsg0/debian/control 2021-11-16 11:33:49.000000000 +0000 @@ -8,7 +8,7 @@ cmake, zlib1g-dev | libz-dev, libcunit1-dev, -Standards-Version: 4.5.1 +Standards-Version: 4.6.0 Rules-Requires-Root: no Section: devel Homepage: https://github.com/hoene/libmysofa diff -Nru libmysofa-1.2~dfsg0/debian/patches/drop_which.patch libmysofa-1.2.1~dfsg0/debian/patches/drop_which.patch --- libmysofa-1.2~dfsg0/debian/patches/drop_which.patch 1970-01-01 00:00:00.000000000 +0000 +++ libmysofa-1.2.1~dfsg0/debian/patches/drop_which.patch 2021-11-16 11:33:49.000000000 +0000 @@ -0,0 +1,31 @@ +Description: replace 'which' with 'command -v' + Debian started to fade out 'which' and it is now writing a warning to stderr. + This in turn makes the autopkgtests fail... +Author: IOhannes m zmölnig +Origin: Debian +Bug: https://github.com/hoene/libmysofa/issues/175 +Last-Update: 2021-11-16 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- libmysofa.orig/tests/compare.sh ++++ libmysofa/tests/compare.sh +@@ -1,7 +1,7 @@ + #!/bin/sh + + SCRIPTDIR=${0%/*} +-NODEJS=$(which node nodejs false | head -1) ++NODEJS=$(command -v node nodejs false | head -1) + + ${MYSOFA2JSON:-${SCRIPTDIR}/../build/src/mysofa2json} -c -s "$1".sofa >tmp1.json 2>tmp1.txt + +--- libmysofa.orig/tests/compareIgnoreNew.sh ++++ libmysofa/tests/compareIgnoreNew.sh +@@ -1,7 +1,7 @@ + #!/bin/sh + + SCRIPTDIR=${0%/*} +-NODEJS=$(which node nodejs false | head -1) ++NODEJS=$(command -v node nodejs false | head -1) + + ${MYSOFA2JSON:-${SCRIPTDIR}/../build/src/mysofa2json} -c -s "$1".sofa >tmp1.json 2>tmp1.txt + diff -Nru libmysofa-1.2~dfsg0/debian/patches/dynamically-link-tools.patch libmysofa-1.2.1~dfsg0/debian/patches/dynamically-link-tools.patch --- libmysofa-1.2~dfsg0/debian/patches/dynamically-link-tools.patch 2021-01-29 23:03:30.000000000 +0000 +++ libmysofa-1.2.1~dfsg0/debian/patches/dynamically-link-tools.patch 2021-11-16 11:33:49.000000000 +0000 @@ -6,7 +6,7 @@ This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- libmysofa.orig/src/CMakeLists.txt +++ libmysofa/src/CMakeLists.txt -@@ -140,7 +140,7 @@ +@@ -141,7 +141,7 @@ if(BUILD_TESTS) add_executable(mysofa2json tests/sofa2json.c tests/json.c) if(BUILD_STATIC_LIBS) diff -Nru libmysofa-1.2~dfsg0/debian/patches/series libmysofa-1.2.1~dfsg0/debian/patches/series --- libmysofa-1.2~dfsg0/debian/patches/series 2021-01-29 23:03:30.000000000 +0000 +++ libmysofa-1.2.1~dfsg0/debian/patches/series 2021-11-16 11:33:49.000000000 +0000 @@ -1 +1,2 @@ dynamically-link-tools.patch +drop_which.patch diff -Nru libmysofa-1.2~dfsg0/README.md libmysofa-1.2.1~dfsg0/README.md --- libmysofa-1.2~dfsg0/README.md 2021-01-24 17:20:42.000000000 +0000 +++ libmysofa-1.2.1~dfsg0/README.md 2021-10-03 16:03:49.000000000 +0000 @@ -56,7 +56,7 @@ > export ASAN_OPTIONS=symbolize=1 -> cmake -DCMAKE_BUILD_TYPE=Debug -DADDRESS_SANITIZE=ON .. +> cmake -DCMAKE_BUILD_TYPE=Debug -DADDRESS_SANITIZE=ON -DVDEBUG=1 .. > make all test diff -Nru libmysofa-1.2~dfsg0/SECURITY.md libmysofa-1.2.1~dfsg0/SECURITY.md --- libmysofa-1.2~dfsg0/SECURITY.md 1970-01-01 00:00:00.000000000 +0000 +++ libmysofa-1.2.1~dfsg0/SECURITY.md 2021-10-03 16:03:49.000000000 +0000 @@ -0,0 +1,29 @@ +# Security Policies and Procedures + +This document outlines security procedures and general policies for the `libmysofa` project. + + * [Reporting a Bug](#reporting-a-bug) + * [Disclosure Policy](#disclosure-policy) + * [Comments on this Policy](#comments-on-this-policy) + +## Reporting a Bug + +The `libmysofa` team and community take all security bugs in `libmysofa` seriously. Thank you for improving the security of `libmysofa`. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions. + +Report security bugs by emailing the lead maintainer at christian.hoene@symonics.com. + +The lead maintainer will acknowledge your email within 4 days and will send a more detailed response within 4 days indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. + +Report security bugs in third-party modules to the person or team maintaining the module. + +## Disclosure Policy + +When the security team receives a security bug report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps: + + * Confirm the problem and determine whether it affects the main branch. + * Audit code to find any potential similar problems. + * Prepare a fix for the main branch. This fix will be released as fast as possible to github. + +## Comments on this Policy + +If you have suggestions on how this process could be improved please submit a pull request. diff -Nru libmysofa-1.2~dfsg0/src/CMakeLists.txt libmysofa-1.2.1~dfsg0/src/CMakeLists.txt --- libmysofa-1.2~dfsg0/src/CMakeLists.txt 2021-01-24 17:20:42.000000000 +0000 +++ libmysofa-1.2.1~dfsg0/src/CMakeLists.txt 2021-10-03 16:03:49.000000000 +0000 @@ -129,6 +129,7 @@ install( TARGETS mysofa-shared RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} + ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}) else() generate_export_header(mysofa-static BASE_NAME mysofa EXPORT_FILE_NAME diff -Nru libmysofa-1.2~dfsg0/src/hdf/dataobject.c libmysofa-1.2.1~dfsg0/src/hdf/dataobject.c --- libmysofa-1.2~dfsg0/src/hdf/dataobject.c 2021-01-24 17:20:42.000000000 +0000 +++ libmysofa-1.2.1~dfsg0/src/hdf/dataobject.c 2021-10-03 16:03:49.000000000 +0000 @@ -67,7 +67,7 @@ if (i < 4) { ds->dimension_size[i] = readValue(reader, reader->superblock.size_of_lengths); - if (ds->dimension_size[i] < 0 || ds->dimension_size[i] > 1000000) { + if (ds->dimension_size[i] > 1000000) { mylog("dimension_size is too large\n"); // LCOV_EXCL_LINE return MYSOFA_INVALID_FORMAT; // LCOV_EXCL_LINE } @@ -500,14 +500,17 @@ store = ftell(reader->fhd); if (fseek(reader->fhd, data_address, SEEK_SET) < 0) return errno; // LCOV_EXCL_LINE - if (!data->data) { - if (data_size > 0x10000000) - return MYSOFA_INVALID_FORMAT; - data->data_len = data_size; - data->data = calloc(1, data_size); - if (!data->data) - return MYSOFA_NO_MEMORY; // LCOV_EXCL_LINE + if (data->data) { + free(data->data); + data->data = NULL; } + if (data_size > 0x10000000) + return MYSOFA_INVALID_FORMAT; + data->data_len = data_size; + data->data = calloc(1, data_size); + if (!data->data) + return MYSOFA_NO_MEMORY; // LCOV_EXCL_LINE + err = fread(data->data, 1, data_size, reader->fhd); if (err != data_size) return MYSOFA_READ_ERROR; // LCOV_EXCL_LINE @@ -881,7 +884,7 @@ offset = readValue(reader, reader->superblock.size_of_offsets); length = readValue(reader, reader->superblock.size_of_lengths); - if (offset > 0x1000000 || length > 0x10000000) + if (offset > 0x2000000 || length > 0x10000000) return MYSOFA_UNSUPPORTED_FORMAT; // LCOV_EXCL_LINE mylog(" continue %08" PRIX64 " %08" PRIX64 "\n", offset, length); diff -Nru libmysofa-1.2~dfsg0/src/hdf/fractalhead.c libmysofa-1.2.1~dfsg0/src/hdf/fractalhead.c --- libmysofa-1.2~dfsg0/src/hdf/fractalhead.c 2021-01-24 17:20:42.000000000 +0000 +++ libmysofa-1.2.1~dfsg0/src/hdf/fractalhead.c 2021-10-03 16:03:49.000000000 +0000 @@ -609,7 +609,6 @@ if (fread(fractalheap->filter_information, 1, fractalheap->encoded_length, reader->fhd) != fractalheap->encoded_length) { - free(fractalheap->filter_information); return MYSOFA_READ_ERROR; } } Binary files /tmp/tmpp_nmqm_f/aG5B8oNswt/libmysofa-1.2~dfsg0/tests/fail-issue-156.sofa and /tmp/tmpp_nmqm_f/ba7Xc5RXWs/libmysofa-1.2.1~dfsg0/tests/fail-issue-156.sofa differ Binary files /tmp/tmpp_nmqm_f/aG5B8oNswt/libmysofa-1.2~dfsg0/tests/fail-issue-163.sofa and /tmp/tmpp_nmqm_f/ba7Xc5RXWs/libmysofa-1.2.1~dfsg0/tests/fail-issue-163.sofa differ diff -Nru libmysofa-1.2~dfsg0/tests/notcrashed.sh libmysofa-1.2.1~dfsg0/tests/notcrashed.sh --- libmysofa-1.2~dfsg0/tests/notcrashed.sh 2021-01-24 17:20:42.000000000 +0000 +++ libmysofa-1.2.1~dfsg0/tests/notcrashed.sh 2021-10-03 16:03:49.000000000 +0000 @@ -1,12 +1,10 @@ #!/bin/sh - +test -f "$1".sofa || exit 128 ../build/src/mysofa2json "$1".sofa >/dev/null 2>/dev/null ret=$? if [ "$ret" -ge 128 ]; then - if [ "$ret" -ge 128 ]; then echo mysofa2json crashed with $ret opening$1.sofa exit $ret - fi fi echo good exit 0