--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package shadowsocks-libev
This release includes a few fixes from upstream:
- Fix manpage docs.
- Update ACL list (remove one line).
- Two patches to fix out of bound access issue.
Enclosed is the debdiff from 2.6.3+ds-2 (in testing) to 2.6.3+ds-3 (in
sid).
unblock shadowsocks-libev/2.6.3+ds-3
Thanks and looking forward to the stretch release ahead!
Cheers,
--
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 4096R/6C6ACD6417B3ACB1
diff -Nru shadowsocks-libev-2.6.3+ds/debian/changelog
shadowsocks-libev-2.6.3+ds/debian/changelog
--- shadowsocks-libev-2.6.3+ds/debian/changelog 2017-04-04 21:48:26.000000000
+0900
+++ shadowsocks-libev-2.6.3+ds/debian/changelog 2017-04-20 22:44:32.000000000
+0900
@@ -1,3 +1,14 @@
+shadowsocks-libev (2.6.3+ds-3) unstable; urgency=medium
+
+ * debian/patches:
+ - Backport a few patches from upstream:
+ + Fix Upstream BTS#1210 (again):
+ Update doc (manpages) to fix typos. Thanks to Simon Shi.
+ + Update ACL list, Upstream BTS#1394.
+ + Fix two potential out of bound access, Upstream BTS#1465.
+
+ -- Roger Shimizu <[email protected]> Thu, 20 Apr 2017 22:44:32 +0900
+
shadowsocks-libev (2.6.3+ds-2) unstable; urgency=medium
* debian/patches:
diff -Nru
shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch
shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch
--- shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch
2017-04-04 21:48:26.000000000 +0900
+++ shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch
2017-04-20 22:02:31.000000000 +0900
@@ -7,11 +7,14 @@
* Update ss-redir.asciidoc
* Update ss-server.asciidoc
+
+* Update ss-tunnel.asciidoc
---
doc/ss-local.asciidoc | 4 ++--
doc/ss-redir.asciidoc | 2 +-
doc/ss-server.asciidoc | 4 ++--
- 3 files changed, 5 insertions(+), 5 deletions(-)
+ doc/ss-tunnel.asciidoc | 4 ++--
+ 4 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/doc/ss-local.asciidoc b/doc/ss-local.asciidoc
index a1f2b0f..468d67e 100644
@@ -57,5 +60,21 @@
- [--plugin <plugin_name>] [--plugin_opts <plugin_options]
+ [--plugin <plugin_name>] [--plugin_opts <plugin_options>]
+ DESCRIPTION
+ -----------
+diff --git a/doc/ss-tunnel.asciidoc b/doc/ss-tunnel.asciidoc
+index ffd6ed8..754707f 100644
+--- a/doc/ss-tunnel.asciidoc
++++ b/doc/ss-tunnel.asciidoc
+@@ -12,9 +12,9 @@ SYNOPSIS
+ [-s <server_host>] [-p <server_port>] [-l <local_port>]
+ [-k <password>] [-m <encrypt_method>] [-f <pid_file>]
+ [-t <timeout>] [-c <config_file>] [-i <interface>]
+- [-b <local_addr>] [-a <user_name>] [-n <nofile>]
++ [-b <local_address>] [-a <user_name>] [-n <nofile>]
+ [-L addr:port] [--mtu <MTU>]
+- [--plugin <plugin_name>] [--plugin_opts <plugin_options]
++ [--plugin <plugin_name>] [--plugin_opts <plugin_options>]
+
DESCRIPTION
-----------
diff -Nru
shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch
shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch
---
shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch
1970-01-01 09:00:00.000000000 +0900
+++
shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch
2017-04-20 22:02:31.000000000 +0900
@@ -0,0 +1,21 @@
+From: Heiybb <[email protected]>
+Date: Thu, 23 Mar 2017 11:19:12 +0800
+Subject: Update gfwlist.acl
+
+V2EX has already registered an ICP license and can be visited normally in CHINA
+---
+ acl/gfwlist.acl | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/acl/gfwlist.acl b/acl/gfwlist.acl
+index d732ae4..03b32bb 100644
+--- a/acl/gfwlist.acl
++++ b/acl/gfwlist.acl
+@@ -398,7 +398,6 @@
+ (^|\.)zynamics\.com$
+ (^|\.)kat\.cr$
+ (^|\.)naughtyamerica\.com$
+-(^|\.)v2ex\.com$
+ (^|\.)0to255\.com$
+ (^|\.)100ke\.org$
+ (^|\.)1000giri\.net$
diff -Nru
shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch
shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch
---
shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch
1970-01-01 09:00:00.000000000 +0900
+++
shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch
2017-04-20 22:02:31.000000000 +0900
@@ -0,0 +1,22 @@
+From: Max Lv <[email protected]>
+Date: Wed, 19 Apr 2017 12:16:41 +0800
+Subject: Fix a potential out of bound access. #1465
+
+---
+ src/server.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/server.c b/src/server.c
+index 588fb46..e868504 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -1129,8 +1129,7 @@ server_resolve_cb(struct sockaddr *addr, void *data)
+
+ // XXX: should handle buffer carefully
+ if (server->buf->len > 0) {
+- memcpy(remote->buf->data, server->buf->data +
server->buf->idx,
+- server->buf->len);
++ memcpy(remote->buf->data, server->buf->data,
server->buf->len);
+ remote->buf->len = server->buf->len;
+ remote->buf->idx = 0;
+ server->buf->len = 0;
diff -Nru
shadowsocks-libev-2.6.3+ds/debian/patches/backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch
shadowsocks-libev-2.6.3+ds/debian/patches/backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch
---
shadowsocks-libev-2.6.3+ds/debian/patches/backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch
1970-01-01 09:00:00.000000000 +0900
+++
shadowsocks-libev-2.6.3+ds/debian/patches/backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch
2017-04-20 22:02:31.000000000 +0900
@@ -0,0 +1,69 @@
+From: Max Lv <[email protected]>
+Date: Wed, 19 Apr 2017 12:46:59 +0800
+Subject: Fix another potential out of bound access. #1465
+
+---
+ src/server.c | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/src/server.c b/src/server.c
+index e868504..cf524f7 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -551,7 +551,7 @@ connect_to_remote(EV_P_ struct addrinfo *res,
+ endpoints.sae_dstaddrlen = res->ai_addrlen;
+
+ struct iovec iov;
+- iov.iov_base = server->buf->data + server->buf->idx;
++ iov.iov_base = server->buf->data;
+ iov.iov_len = server->buf->len;
+ size_t len;
+ int s = connectx(sockfd, &endpoints, SAE_ASSOCID_ANY,
CONNECT_DATA_IDEMPOTENT,
+@@ -560,9 +560,8 @@ connect_to_remote(EV_P_ struct addrinfo *res,
+ s = len;
+ }
+ #else
+- ssize_t s = sendto(sockfd, server->buf->data + server->buf->idx,
+- server->buf->len, MSG_FASTOPEN, res->ai_addr,
+- res->ai_addrlen);
++ ssize_t s = sendto(sockfd, server->buf->data, server->buf->len,
++ MSG_FASTOPEN, res->ai_addr, res->ai_addrlen);
+ #endif
+ if (s == -1) {
+ if (errno == CONNECT_IN_PROGRESS || errno == EAGAIN
+@@ -577,12 +576,9 @@ connect_to_remote(EV_P_ struct addrinfo *res,
+ } else {
+ ERROR("sendto");
+ }
+- } else if (s <= server->buf->len) {
++ } else {
+ server->buf->idx += s;
+ server->buf->len -= s;
+- } else {
+- server->buf->idx = 0;
+- server->buf->len = 0;
+ }
+ }
+ #endif
+@@ -964,7 +960,9 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
+
+ // XXX: should handle buffer carefully
+ if (server->buf->len > 0) {
+- memcpy(remote->buf->data, server->buf->data,
server->buf->len);
++ brealloc(remote->buf, server->buf->len, BUF_SIZE);
++ memcpy(remote->buf->data, server->buf->data +
server->buf->idx,
++ server->buf->len);
+ remote->buf->len = server->buf->len;
+ remote->buf->idx = 0;
+ server->buf->len = 0;
+@@ -1129,7 +1127,9 @@ server_resolve_cb(struct sockaddr *addr, void *data)
+
+ // XXX: should handle buffer carefully
+ if (server->buf->len > 0) {
+- memcpy(remote->buf->data, server->buf->data,
server->buf->len);
++ brealloc(remote->buf, server->buf->len, BUF_SIZE);
++ memcpy(remote->buf->data, server->buf->data +
server->buf->idx,
++ server->buf->len);
+ remote->buf->len = server->buf->len;
+ remote->buf->idx = 0;
+ server->buf->len = 0;
diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/series
shadowsocks-libev-2.6.3+ds/debian/patches/series
--- shadowsocks-libev-2.6.3+ds/debian/patches/series 2017-04-04
21:48:26.000000000 +0900
+++ shadowsocks-libev-2.6.3+ds/debian/patches/series 2017-04-20
22:02:31.000000000 +0900
@@ -8,3 +8,6 @@
backport/0008-Refine-1133-second-time-1136.patch
backport/0009-Fix-1148.patch
backport/0010-Fix-typo-1210.patch
+backport/0011-Update-gfwlist.acl.patch
+backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch
+backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch
--- End Message ---
