Bug#795937: NMU uploaded to DELAYED/5

Thu, 10 Sep 2015 14:33:39 -0700 

Heyya!

I've sponsored Bradley's NMU to DELAYED/5 -- feel free to dcut cancel
the upload or beat it to sid.

Debdiff attached!
   Paul

diff -Nru mairix-0.23+git20131125/debian/changelog 
mairix-0.23+git20131125/debian/changelog
--- mairix-0.23+git20131125/debian/changelog    2014-08-03 04:41:40.000000000 
-0400
+++ mairix-0.23+git20131125/debian/changelog    2015-09-10 17:23:34.000000000 
-0400
@@ -1,3 +1,12 @@
+mairix (0.23+git20131125-0.4) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add fix-256-char-limit-on-filenames.patch to handle some of the
+    stack-smashing bugs that have been mentioned in upstream's
+    bugtracker. Closes: #795937
+
+ -- Bradley M. Kuhn <bk...@ebb.org>  Wed, 09 Sep 2015 13:34:04 -0700
+
 mairix (0.23+git20131125-0.3) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru 
mairix-0.23+git20131125/debian/patches/fix-256-char-limit-on-filenames.patch 
mairix-0.23+git20131125/debian/patches/fix-256-char-limit-on-filenames.patch
--- 
mairix-0.23+git20131125/debian/patches/fix-256-char-limit-on-filenames.patch    
    1969-12-31 19:00:00.000000000 -0500
+++ 
mairix-0.23+git20131125/debian/patches/fix-256-char-limit-on-filenames.patch    
    2015-09-10 17:25:22.000000000 -0400
@@ -0,0 +1,25 @@
+Description: Partial fix for stack smashing bug.
+ As the author of the patch mentions, this may not be the only
+ place in mairix where a stack smash may occur, but this change does
+ correct a few static-sized buffers to be dynamically sized based on
+ inputs.
+Bug: https://github.com/rc0/mairix/issues/10
+Bug-Debian: http://bugs.debian.org/795937
+Author: Daniel Silverstone <dsilv...@digital-scurf.org>
+Last-Update: 2015-08-18
+
+--- mairix-0.23+git20131125.orig/nvp.c
++++ mairix-0.23+git20131125/nvp.c
+@@ -146,9 +146,9 @@ struct nvp *make_nvp(struct msg_src *src
+   unsigned int tok;
+   char *q;
+   unsigned char qq;
+-  char name[256];
+-  char minor[256];
+-  char value[256];
++  char name[strlen(s)+1];
++  char minor[strlen(s)+1];
++  char value[strlen(s)+1];
+   enum nvp_action last_action, current_action;
+   struct nvp *result;
+   size_t pfxlen;
diff -Nru mairix-0.23+git20131125/debian/patches/series 
mairix-0.23+git20131125/debian/patches/series
--- mairix-0.23+git20131125/debian/patches/series       2014-08-03 
04:24:52.000000000 -0400
+++ mairix-0.23+git20131125/debian/patches/series       2015-09-10 
17:24:21.000000000 -0400
@@ -1,2 +1,3 @@
 #fix-test-suite.patch
 fix-search-with-equal-in-msgid.patch
+fix-256-char-limit-on-filenames.patch

Attachment: signature.asc
Description: Digital signature

Reply via email to