Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock package shadowsocks-libev This release includes a few fixes from upstream: - Fix manpage docs. - Update ACL list (remove one line). - Two patches to fix out of bound access issue. Enclosed is the debdiff from 2.6.3+ds-2 (in testing) to 2.6.3+ds-3 (in sid). unblock shadowsocks-libev/2.6.3+ds-3 Thanks and looking forward to the stretch release ahead! Cheers, -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
diff -Nru shadowsocks-libev-2.6.3+ds/debian/changelog shadowsocks-libev-2.6.3+ds/debian/changelog --- shadowsocks-libev-2.6.3+ds/debian/changelog 2017-04-04 21:48:26.000000000 +0900 +++ shadowsocks-libev-2.6.3+ds/debian/changelog 2017-04-20 22:44:32.000000000 +0900 @@ -1,3 +1,14 @@ +shadowsocks-libev (2.6.3+ds-3) unstable; urgency=medium + + * debian/patches: + - Backport a few patches from upstream: + + Fix Upstream BTS#1210 (again): + Update doc (manpages) to fix typos. Thanks to Simon Shi. + + Update ACL list, Upstream BTS#1394. + + Fix two potential out of bound access, Upstream BTS#1465. + + -- Roger Shimizu <[email protected]> Thu, 20 Apr 2017 22:44:32 +0900 + shadowsocks-libev (2.6.3+ds-2) unstable; urgency=medium * debian/patches: diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch --- shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch 2017-04-04 21:48:26.000000000 +0900 +++ shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch 2017-04-20 22:02:31.000000000 +0900 @@ -7,11 +7,14 @@ * Update ss-redir.asciidoc * Update ss-server.asciidoc + +* Update ss-tunnel.asciidoc --- doc/ss-local.asciidoc | 4 ++-- doc/ss-redir.asciidoc | 2 +- doc/ss-server.asciidoc | 4 ++-- - 3 files changed, 5 insertions(+), 5 deletions(-) + doc/ss-tunnel.asciidoc | 4 ++-- + 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/ss-local.asciidoc b/doc/ss-local.asciidoc index a1f2b0f..468d67e 100644 @@ -57,5 +60,21 @@ - [--plugin <plugin_name>] [--plugin_opts <plugin_options] + [--plugin <plugin_name>] [--plugin_opts <plugin_options>] + DESCRIPTION + ----------- +diff --git a/doc/ss-tunnel.asciidoc b/doc/ss-tunnel.asciidoc +index ffd6ed8..754707f 100644 +--- a/doc/ss-tunnel.asciidoc ++++ b/doc/ss-tunnel.asciidoc +@@ -12,9 +12,9 @@ SYNOPSIS + [-s <server_host>] [-p <server_port>] [-l <local_port>] + [-k <password>] [-m <encrypt_method>] [-f <pid_file>] + [-t <timeout>] [-c <config_file>] [-i <interface>] +- [-b <local_addr>] [-a <user_name>] [-n <nofile>] ++ [-b <local_address>] [-a <user_name>] [-n <nofile>] + [-L addr:port] [--mtu <MTU>] +- [--plugin <plugin_name>] [--plugin_opts <plugin_options] ++ [--plugin <plugin_name>] [--plugin_opts <plugin_options>] + DESCRIPTION ----------- diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch --- shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch 1970-01-01 09:00:00.000000000 +0900 +++ shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch 2017-04-20 22:02:31.000000000 +0900 @@ -0,0 +1,21 @@ +From: Heiybb <[email protected]> +Date: Thu, 23 Mar 2017 11:19:12 +0800 +Subject: Update gfwlist.acl + +V2EX has already registered an ICP license and can be visited normally in CHINA +--- + acl/gfwlist.acl | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/acl/gfwlist.acl b/acl/gfwlist.acl +index d732ae4..03b32bb 100644 +--- a/acl/gfwlist.acl ++++ b/acl/gfwlist.acl +@@ -398,7 +398,6 @@ + (^|\.)zynamics\.com$ + (^|\.)kat\.cr$ + (^|\.)naughtyamerica\.com$ +-(^|\.)v2ex\.com$ + (^|\.)0to255\.com$ + (^|\.)100ke\.org$ + (^|\.)1000giri\.net$ diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch --- shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch 1970-01-01 09:00:00.000000000 +0900 +++ shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch 2017-04-20 22:02:31.000000000 +0900 @@ -0,0 +1,22 @@ +From: Max Lv <[email protected]> +Date: Wed, 19 Apr 2017 12:16:41 +0800 +Subject: Fix a potential out of bound access. #1465 + +--- + src/server.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/server.c b/src/server.c +index 588fb46..e868504 100644 +--- a/src/server.c ++++ b/src/server.c +@@ -1129,8 +1129,7 @@ server_resolve_cb(struct sockaddr *addr, void *data) + + // XXX: should handle buffer carefully + if (server->buf->len > 0) { +- memcpy(remote->buf->data, server->buf->data + server->buf->idx, +- server->buf->len); ++ memcpy(remote->buf->data, server->buf->data, server->buf->len); + remote->buf->len = server->buf->len; + remote->buf->idx = 0; + server->buf->len = 0; diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch shadowsocks-libev-2.6.3+ds/debian/patches/backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch --- shadowsocks-libev-2.6.3+ds/debian/patches/backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch 1970-01-01 09:00:00.000000000 +0900 +++ shadowsocks-libev-2.6.3+ds/debian/patches/backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch 2017-04-20 22:02:31.000000000 +0900 @@ -0,0 +1,69 @@ +From: Max Lv <[email protected]> +Date: Wed, 19 Apr 2017 12:46:59 +0800 +Subject: Fix another potential out of bound access. #1465 + +--- + src/server.c | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +diff --git a/src/server.c b/src/server.c +index e868504..cf524f7 100644 +--- a/src/server.c ++++ b/src/server.c +@@ -551,7 +551,7 @@ connect_to_remote(EV_P_ struct addrinfo *res, + endpoints.sae_dstaddrlen = res->ai_addrlen; + + struct iovec iov; +- iov.iov_base = server->buf->data + server->buf->idx; ++ iov.iov_base = server->buf->data; + iov.iov_len = server->buf->len; + size_t len; + int s = connectx(sockfd, &endpoints, SAE_ASSOCID_ANY, CONNECT_DATA_IDEMPOTENT, +@@ -560,9 +560,8 @@ connect_to_remote(EV_P_ struct addrinfo *res, + s = len; + } + #else +- ssize_t s = sendto(sockfd, server->buf->data + server->buf->idx, +- server->buf->len, MSG_FASTOPEN, res->ai_addr, +- res->ai_addrlen); ++ ssize_t s = sendto(sockfd, server->buf->data, server->buf->len, ++ MSG_FASTOPEN, res->ai_addr, res->ai_addrlen); + #endif + if (s == -1) { + if (errno == CONNECT_IN_PROGRESS || errno == EAGAIN +@@ -577,12 +576,9 @@ connect_to_remote(EV_P_ struct addrinfo *res, + } else { + ERROR("sendto"); + } +- } else if (s <= server->buf->len) { ++ } else { + server->buf->idx += s; + server->buf->len -= s; +- } else { +- server->buf->idx = 0; +- server->buf->len = 0; + } + } + #endif +@@ -964,7 +960,9 @@ server_recv_cb(EV_P_ ev_io *w, int revents) + + // XXX: should handle buffer carefully + if (server->buf->len > 0) { +- memcpy(remote->buf->data, server->buf->data, server->buf->len); ++ brealloc(remote->buf, server->buf->len, BUF_SIZE); ++ memcpy(remote->buf->data, server->buf->data + server->buf->idx, ++ server->buf->len); + remote->buf->len = server->buf->len; + remote->buf->idx = 0; + server->buf->len = 0; +@@ -1129,7 +1127,9 @@ server_resolve_cb(struct sockaddr *addr, void *data) + + // XXX: should handle buffer carefully + if (server->buf->len > 0) { +- memcpy(remote->buf->data, server->buf->data, server->buf->len); ++ brealloc(remote->buf, server->buf->len, BUF_SIZE); ++ memcpy(remote->buf->data, server->buf->data + server->buf->idx, ++ server->buf->len); + remote->buf->len = server->buf->len; + remote->buf->idx = 0; + server->buf->len = 0; diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/series shadowsocks-libev-2.6.3+ds/debian/patches/series --- shadowsocks-libev-2.6.3+ds/debian/patches/series 2017-04-04 21:48:26.000000000 +0900 +++ shadowsocks-libev-2.6.3+ds/debian/patches/series 2017-04-20 22:02:31.000000000 +0900 @@ -8,3 +8,6 @@ backport/0008-Refine-1133-second-time-1136.patch backport/0009-Fix-1148.patch backport/0010-Fix-typo-1210.patch +backport/0011-Update-gfwlist.acl.patch +backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch +backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch
