[rrdtool-maint] Bug#952964: Security update breaks graph generation: 'range out of order in character class'

Hans van Kranenburg hans at knorrie.org
Mon Mar 2 12:26:34 GMT 2020

Package: rrdtool
Version: 1.4.8-1.2+deb8u1

Hi, the patch in the Jessie security update that was just released
properly breaks creating graphs.

The patch contains the following line:

#define FLOAT_STRING "%[+- 0#]?[0-9]*([.][0-9]+)?l[eEfF]"

Now, [+- 0#] is not a valid character class for a regex, because the -
defines a range, and a range from '+' to ' ' is not valid.

[RRD ERROR] Unable to graph
/var/lib/munin/cgi-tmp/munin-cgi-graph/[...].png : cannot compile
regular expression: Error while compiling regular expression
0#]?[0-9]*([.][0-9]+)?l[eEfF](?:[^%]+|%%)*%s(?:[^%]+|%%)*$ at char 18:
range out of order in character class (^(?:[^%]+|%%)*%[+-

Upstream did a fixup commit, 1615689e259bfd67e43cf7711948abc23f998ca9
which you missed to include:


Hans van Kranenburg

More information about the pkg-rrdtool-maint mailing list