Your message dated Sat, 02 Jun 2012 15:29:52 +0000
with message-id <e1saqh2-00055y...@franck.debian.org>
and subject line Bug#673778: fixed in rxtx 2.2pre2-11
has caused the Debian Bug report #673778,
regarding librxtx-java: Crashes with buffer overflow when trying to open a 
locked device
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
673778: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673778
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: librxtx-java
Version: 2.2pre2-10
Severity: normal
Tags: upstream patch

As reported in:

  http://mailman.qbang.org/pipermail/rxtx/2009-May/10897125.html

java fails with a buffer overflow when a locked serial device is opened from
the library.

I'm attaching a patch that uses snprintf when reporting fhs_lock errors.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages librxtx-java depends on:
ii  libc6  2.13-32

librxtx-java recommends no packages.

librxtx-java suggests no packages.

-- no debconf information

-- 
Sergio Talens-Oliag <s...@debian.org>   <http://people.debian.org/~sto/>
Key fingerprint = 29DF 544F  1BD9 548C  8F15 86EF  6770 052B  B8C1 FA69
Description: Java fails with a buffer overflow when there's a locked serial
device, see http://mailman.qbang.org/pipermail/rxtx/2009-May/10897125.html.
Author: Sergio Talens-Oliag <s...@debian.org>

Index: rxtx-2.2pre2/CNI/SerialImp.c
===================================================================
--- rxtx-2.2pre2.orig/CNI/SerialImp.c	2012-05-21 13:13:43.000000000 +0200
+++ rxtx-2.2pre2/CNI/SerialImp.c	2012-05-21 13:24:05.876652630 +0200
@@ -4752,7 +4752,7 @@
 	fd = open( file, O_CREAT | O_WRONLY | O_EXCL, 0444 );
 	if( fd < 0 )
 	{
-		sprintf( message,
+		snprintf( message, 79,
 			"RXTX fhs_lock() Error: creating lock file: %s: %s\n",
 			file, strerror(errno) );
 		report_error( message );
Index: rxtx-2.2pre2/src/SerialImp.c
===================================================================
--- rxtx-2.2pre2.orig/src/SerialImp.c	2012-05-21 13:13:43.000000000 +0200
+++ rxtx-2.2pre2/src/SerialImp.c	2012-05-21 13:26:50.184644233 +0200
@@ -5307,7 +5307,7 @@
 	}
 	if ( dev_lock( filename ) )
 	{
-		sprintf( message,
+		snprintf( message, 79,
 			"RXTX fhs_lock() Error: creating lock file for: %s: %s\n",
 			filename, strerror(errno) );
 		report_error( message );
@@ -5367,7 +5367,7 @@
 	fd = open( file, O_CREAT | O_WRONLY | O_EXCL, 0444 );
 	if( fd < 0 )
 	{
-		sprintf( message,
+		snprintf( message, 79,
 			"RXTX fhs_lock() Error: creating lock file: %s: %s\n",
 			file, strerror(errno) );
 		report_error( message );
Index: rxtx-2.2pre2/src/lfd/lockdaemon.c
===================================================================
--- rxtx-2.2pre2.orig/src/lfd/lockdaemon.c	2007-04-26 07:26:07.000000000 +0200
+++ rxtx-2.2pre2/src/lfd/lockdaemon.c	2012-05-21 13:25:35.396648055 +0200
@@ -145,7 +145,7 @@
 	fd = open( file, O_CREAT | O_WRONLY | O_EXCL, 0444 );
 	if( fd < 0 )
 	{
-		sprintf( message,
+		snprintf( message, 79,
 			"RXTX fhs_lock() Error: creating lock file: %s: %s\n",
 			file, strerror(errno) );
 		syslog( LOG_INFO, message );
Index: rxtx-2.2pre2/src/lfd/lockdaemon.c.noinetd
===================================================================
--- rxtx-2.2pre2.orig/src/lfd/lockdaemon.c.noinetd	2007-04-26 07:26:07.000000000 +0200
+++ rxtx-2.2pre2/src/lfd/lockdaemon.c.noinetd	2012-05-21 13:25:55.748647017 +0200
@@ -144,7 +144,7 @@
 	fd = open( file, O_CREAT | O_WRONLY | O_EXCL, 0444 );
 	if( fd < 0 )
 	{
-		sprintf( message,
+		snprintf( message, 79,
 			"RXTX fhs_lock() Error: creating lock file: %s: %s\n",
 			file, strerror(errno) );
 		syslog( LOG_INFO, message );

--- End Message ---
--- Begin Message ---
Source: rxtx
Source-Version: 2.2pre2-11

We believe that the bug you reported is fixed in the latest version of
rxtx, which is due to be installed in the Debian FTP archive:

librxtx-java-dbg_2.2pre2-11_i386.deb
  to main/r/rxtx/librxtx-java-dbg_2.2pre2-11_i386.deb
librxtx-java_2.2pre2-11_i386.deb
  to main/r/rxtx/librxtx-java_2.2pre2-11_i386.deb
rxtx_2.2pre2-11.debian.tar.gz
  to main/r/rxtx/rxtx_2.2pre2-11.debian.tar.gz
rxtx_2.2pre2-11.dsc
  to main/r/rxtx/rxtx_2.2pre2-11.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 673...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Scott Howard <show...@debian.org> (supplier of updated rxtx package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 02 Jun 2012 10:13:50 -0400
Source: rxtx
Binary: librxtx-java librxtx-java-dbg
Architecture: source i386
Version: 2.2pre2-11
Distribution: unstable
Urgency: low
Maintainer: Debian Java maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Scott Howard <show...@debian.org>
Description: 
 librxtx-java - Full Java CommAPI implementation
 librxtx-java-dbg - Full Java CommAPI implementation, Debugging Symbols
Closes: 673778 674975
Changes: 
 rxtx (2.2pre2-11) unstable; urgency=low
 .
   * debian/patches/MonitorThread-daemon.patch
     - Mark threads created by RXTX as daemon so JVM can shut down
       gracefully. Thanks to Christopher Wellons (Closes: #674975)
   * debian/patches/fhs_lock_buffer_overflow_fix.patch
     - Prevents java from failing with buffer overflow when a locked serial
       debice is opened. Thanks to Sergio Talens-Oliag (Closes: #673778)
Checksums-Sha1: 
 f1d782bcc2009be01a5e130c2cc21d28f573801d 1378 rxtx_2.2pre2-11.dsc
 3f2f43f3d388bbb0d839bd8ea07d85c9481de9b7 19102 rxtx_2.2pre2-11.debian.tar.gz
 3ae5df4413ed3e75b950bc74b164b07c73a506f1 196032 
librxtx-java_2.2pre2-11_i386.deb
 49fae8c3cae0e78c807f86e9424545091a569068 124666 
librxtx-java-dbg_2.2pre2-11_i386.deb
Checksums-Sha256: 
 0b30d6c8b9c1a339d97d4a1d1f7ebdfbcd9dcfe0596f9d899d6b9c6e1b574b1e 1378 
rxtx_2.2pre2-11.dsc
 2cc5768548cbc5c4d8e3d3d2bceff25ce5c887f51056be8a5c78aa282435416b 19102 
rxtx_2.2pre2-11.debian.tar.gz
 4e608fe3a415035d20c42f368734f22bcf962a9b3445549993b9def6a300168e 196032 
librxtx-java_2.2pre2-11_i386.deb
 3297b9fbb660a71c36c025e734c48b9cacc524a54fe8a57029b7ae987054fc5f 124666 
librxtx-java-dbg_2.2pre2-11_i386.deb
Files: 
 d53424c85d9f1808ce00d60743867f19 1378 java optional rxtx_2.2pre2-11.dsc
 77af7499cb45b62adec0dbd001318744 19102 java optional 
rxtx_2.2pre2-11.debian.tar.gz
 95c61a6e34c842189db97e1c278075a7 196032 java optional 
librxtx-java_2.2pre2-11_i386.deb
 32cc20853984cc54f0fc3a7a15e74557 124666 debug extra 
librxtx-java-dbg_2.2pre2-11_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk/KJZAACgkQuqVp0MvxKmq4RACgv2QUsEI3bqRzbJhDF+XWEfeX
ekoAn2rK/iMYB0Jyu/K28+4kjK9quHvo
=FYMP
-----END PGP SIGNATURE-----



--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to