setup.py: Handle python binding instead of cmake

Gbp-Pq: Name 0009-setup.py-Handle-python-binding-instead-of-cmake.patch

[PATCH] Fix two out-of-bounds read issues when handling truncated UTF-8 input (#1005)

Two independent out-of-bounds read issues were identified in OpenCC's UTF-8
processing logic when handling malformed or truncated UTF-8 sequences.

1) MaxMatchSegmentation:
   NextCharLength() could return a value larger than the remaining input size.
   The previous logic subtracted this value from a size_t length counter,
   potentially causing underflow and subsequent out-of-bounds reads.

2) Conversion:
   Similar length handling could allow reads past the end of the input buffer
   during dictionary matching, potentially propagating unintended bytes to the
   conversion output.

This patch fixes both issues by:
- Explicitly tracking the end of the input buffer
- Recomputing remaining length on each iteration
- Clamping matched character and key lengths to the remaining buffer size
- Preventing reads past the null terminator

The changes preserve existing behavior for valid UTF-8 input and add test
coverage for truncated UTF-8 sequences.

These issues may have security implications when processing untrusted input
and are classified as heap out-of-bounds reads (CWE-125).

Co-authored-by: Claude <noreply@anthropic.com>
Applied-Upstream: https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec

Gbp-Pq: Topic backport
Gbp-Pq: Name 345c9a50ab07018f1b4439776bad78a0d40778ec.patch

Fix deprecated declarations in C++17

Gbp-Pq: Topic backport
Gbp-Pq: Name 0007-Fix-deprecated-declarations-in-C-17.patch

Fix build for gcc 15 (#934)

Co-authored-by: Peng Wu <pwu@redhat.com>
Bug-Debian: https://bugs.debian.org/1097512

Gbp-Pq: Topic backport
Gbp-Pq: Name 0006-Fix-build-for-gcc-15-934.patch

Disable build in setup.py

Gbp-Pq: Name 0005-Disable-build-in-setup.py.patch

Use system googletest

Forwarded: not-needed
Last-Update: 2024-07-28

Gbp-Pq: Name 0004-Use-system-googletest.patch

Don't fetch remote images when reading docs on disk

This fixes a privacy breach previously reported as Lintian warnings

Forwarded: not-needed
Last-Update: 2024-07-28

Gbp-Pq: Name 0003-no-remote-images-when-reading-docs-on-disk.patch

Force build with c++17

Needed by googletest.

Gbp-Pq: Name 0002-Force-build-with-c-17.patch

use-cmake-install-libdir

Update 2021-09-18: Also use GNUInstallDirs.

Last-Update: 2024-07-28

Gbp-Pq: Name 0001-use-cmake-install-libdir.patch

opencc (1.1.9+ds1-4) unstable; urgency=medium

  * debian/control: Bump Standards-Version to 4.7.3.
  * Build-dep on python3-all-dev instead of python3-dev. (Closes: #1125410)
  * debian/rules: Enable DH_VERBOSE for better debugging.
  * debian/pybuild.testfiles: Added to enable python binding post-build tests.
  * debian/patches/backport/345c9a50ab07018f1b4439776bad78a0d40778ec.patch:
    Add patch from upstream to fix out-of-bounds read issues when handling
    truncated UTF-8 input.
  * debian/patches/0009-setup.py-Handle-python-binding-instead-of-cmake.patch:
    Add patch so that the python3 binding as well as pybind11 usage is handled
    by setup.py, not CMakeLists.txt. This is required to build for all
    supported python3 versions instead of just the default one.
  * debian/rules: Adjust python-related building accordingly.

[dgit import unpatched opencc 1.1.9+ds1-4]

Import opencc_1.1.9+ds1-4.debian.tar.xz

[dgit import tarball opencc 1.1.9+ds1-4 opencc_1.1.9+ds1-4.debian.tar.xz]

Import opencc_1.1.9+ds1.orig.tar.xz

[dgit import orig opencc_1.1.9+ds1.orig.tar.xz]