Your message dated Tue, 14 Apr 2015 17:43:08 +0200
with message-id <[email protected]>
and subject line Re: Bug#782556: unblock: lintian/2.5.30+deb8u4
has caused the Debian Bug report #782556,
regarding unblock: lintian/2.5.30+deb8u4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
782556: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782556
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package lintian. It fixes a bug in the parsing of GPG
headers in control files (e.g. .changes).
Please note that the BTS / Britney believes this version of lintian to
introduce #775760. This behaviour was already present in previous
versions of Lintian. I have reassigned it and put a more accurate
found version on it.
unblock lintian/2.5.30+deb8u4
Thanks,
~Niels
diff -Nru lintian-2.5.30+deb8u3/debian/changelog lintian-2.5.30+deb8u4/debian/changelog
--- lintian-2.5.30+deb8u3/debian/changelog 2014-11-28 23:21:10.000000000 +0100
+++ lintian-2.5.30+deb8u4/debian/changelog 2015-04-09 22:09:32.000000000 +0200
@@ -1,3 +1,12 @@
+lintian (2.5.30+deb8u4) unstable; urgency=medium
+
+ * lib/Lintian/Util.pm:
+ + [NT] Stricten the permitted whitespace at the end of GPG
+ marker lines. This is the same issue as CVE-2015-0840,
+ except lintian never attempted to validate the signature.
+
+ -- Niels Thykier <[email protected]> Thu, 09 Apr 2015 22:09:29 +0200
+
lintian (2.5.30+deb8u3) unstable; urgency=medium
* helpers/coll/objdump-info-helper:
diff -Nru lintian-2.5.30+deb8u3/lib/Lintian/Util.pm lintian-2.5.30+deb8u4/lib/Lintian/Util.pm
--- lintian-2.5.30+deb8u3/lib/Lintian/Util.pm 2014-11-28 23:18:08.000000000 +0100
+++ lintian-2.5.30+deb8u4/lib/Lintian/Util.pm 2015-04-09 22:05:41.000000000 +0200
@@ -412,7 +412,7 @@
# According to http://tools.ietf.org/html/rfc4880#section-6.2
# The header MUST start at the beginning of the line and MUST NOT have
# any other text (except whitespace) after the header.
- elsif (m/^-----BEGIN PGP SIGNATURE-----\s*$/)
+ elsif (m/^-----BEGIN PGP SIGNATURE-----[ \r\t]*$/)
{ # skip until end of signature
my $saw_end = 0;
if (not $signed or $signature) {
@@ -426,7 +426,7 @@
}
$signature = $.;
while (<$CONTROL>) {
- if (m/^-----END PGP SIGNATURE-----\s*$/o) {
+ if (m/^-----END PGP SIGNATURE-----[ \r\t]*$/o) {
$saw_end = 1;
last;
}
@@ -450,7 +450,7 @@
# - Valid, but we don't support partial messages, so
# bail on those.
- unless (m/^-----BEGIN PGP SIGNED MESSAGE-----\s*$/) {
+ unless (m/^-----BEGIN PGP SIGNED MESSAGE-----[ \r\t]*$/) {
# Not a (full) PGP MESSAGE; reject.
my $key = qr/(?:BEGIN|END) PGP (?:PUBLIC|PRIVATE) KEY BLOCK/;
@@ -458,7 +458,7 @@
my $msg
= qr/(?:BEGIN|END) PGP (?:(?:COMPRESSED|ENCRYPTED) )?MESSAGE/;
- if (m/^-----($key|$msgpart|$msg)-----\s*$/o) {
+ if (m/^-----($key|$msgpart|$msg)-----[ \r\t]*$/o) {
die "syntax error at line $.: Unexpected $1 header\n";
} else {
die "syntax error at line $.: Malformed PGP header\n";
@@ -475,7 +475,7 @@
# allow two paragraphs to merge. Consider:
#
# Field-P1: some-value
- # -----BEGIN PGP SIGANTURE----
+ # -----BEGIN PGP SIGNATURE-----
#
# Field-P2: another value
#
@@ -505,9 +505,9 @@
# two paragraphs to merge. Consider:
#
# Field-P1: some-value
- # -----BEGIN PGP SIGANTURE----
+ # -----BEGIN PGP SIGNATURE-----
# [...]
- # -----END PGP SIGANTURE----
+ # -----END PGP SIGNATURE-----
# Field-P2: another value
#
# At the time of writing: If $open_section is true, it
--- End Message ---
--- Begin Message ---
Hi,
On Tue, Apr 14, 2015 at 08:24:12AM +0200, Niels Thykier wrote:
> unblock lintian/2.5.30+deb8u4
Unblocked.
Cheers,
Ivo
--- End Message ---
