Heyya! I've sponsored Bradley's NMU to DELAYED/5 -- feel free to dcut cancel the upload or beat it to sid.
Debdiff attached! Paul
diff -Nru mairix-0.23+git20131125/debian/changelog mairix-0.23+git20131125/debian/changelog --- mairix-0.23+git20131125/debian/changelog 2014-08-03 04:41:40.000000000 -0400 +++ mairix-0.23+git20131125/debian/changelog 2015-09-10 17:23:34.000000000 -0400 @@ -1,3 +1,12 @@ +mairix (0.23+git20131125-0.4) unstable; urgency=medium + + * Non-maintainer upload. + * Add fix-256-char-limit-on-filenames.patch to handle some of the + stack-smashing bugs that have been mentioned in upstream's + bugtracker. Closes: #795937 + + -- Bradley M. Kuhn <bk...@ebb.org> Wed, 09 Sep 2015 13:34:04 -0700 + mairix (0.23+git20131125-0.3) unstable; urgency=medium * Non-maintainer upload. diff -Nru mairix-0.23+git20131125/debian/patches/fix-256-char-limit-on-filenames.patch mairix-0.23+git20131125/debian/patches/fix-256-char-limit-on-filenames.patch --- mairix-0.23+git20131125/debian/patches/fix-256-char-limit-on-filenames.patch 1969-12-31 19:00:00.000000000 -0500 +++ mairix-0.23+git20131125/debian/patches/fix-256-char-limit-on-filenames.patch 2015-09-10 17:25:22.000000000 -0400 @@ -0,0 +1,25 @@ +Description: Partial fix for stack smashing bug. + As the author of the patch mentions, this may not be the only + place in mairix where a stack smash may occur, but this change does + correct a few static-sized buffers to be dynamically sized based on + inputs. +Bug: https://github.com/rc0/mairix/issues/10 +Bug-Debian: http://bugs.debian.org/795937 +Author: Daniel Silverstone <dsilv...@digital-scurf.org> +Last-Update: 2015-08-18 + +--- mairix-0.23+git20131125.orig/nvp.c ++++ mairix-0.23+git20131125/nvp.c +@@ -146,9 +146,9 @@ struct nvp *make_nvp(struct msg_src *src + unsigned int tok; + char *q; + unsigned char qq; +- char name[256]; +- char minor[256]; +- char value[256]; ++ char name[strlen(s)+1]; ++ char minor[strlen(s)+1]; ++ char value[strlen(s)+1]; + enum nvp_action last_action, current_action; + struct nvp *result; + size_t pfxlen; diff -Nru mairix-0.23+git20131125/debian/patches/series mairix-0.23+git20131125/debian/patches/series --- mairix-0.23+git20131125/debian/patches/series 2014-08-03 04:24:52.000000000 -0400 +++ mairix-0.23+git20131125/debian/patches/series 2015-09-10 17:24:21.000000000 -0400 @@ -1,2 +1,3 @@ #fix-test-suite.patch fix-search-with-equal-in-msgid.patch +fix-256-char-limit-on-filenames.patch
signature.asc
Description: Digital signature