Bug#1064000: unzip: Unzip fails on Microsoft ZIP64 files
Package: unzip Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu noble ubuntu-patch *** /tmp/tmp5xum1hdh/bug_body unzip rejects Microsoft OneDrive zip files. See the detailed explanation here: https://www.bitsgalore.org/2020/03/11/does-microsoft-onedrive-export-large-ZIP-files-that-are-corrupt tl;dr; Microsoft mishandles the "Total number of disks" field when using the ZIP64 extension. It should start at 1, they use 0, which isn't a valid value. Unzip doesn't properly handle the invalid value. In Ubuntu, the attached patch was applied to achieve the following: * Properly handle Microsoft ZIP64 file (LP: #2051952) - debian/patches/handle_windows_zip64.patch: ignore invalid "Total number of disks" field in process.c. Thanks for considering the patch. -- System Information: Debian Release: bookworm/sid APT prefers jammy-updates APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'), (100, 'jammy-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-1029-oem (SMP w/20 CPU threads; PREEMPT) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -Nru unzip-6.0/debian/patches/handle_windows_zip64.patch unzip-6.0/debian/patches/handle_windows_zip64.patch --- unzip-6.0/debian/patches/handle_windows_zip64.patch 1969-12-31 19:00:00.0 -0500 +++ unzip-6.0/debian/patches/handle_windows_zip64.patch 2024-02-01 10:48:08.0 -0500 @@ -0,0 +1,18 @@ +Description: Properly handle Microsoft ZIP64 file by ignoring invalid + "Total number of disks" field +Origin: https://sourceforge.net/p/infozip/bugs/42/ +Bug: https://sourceforge.net/p/infozip/bugs/42/ +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/2051952 +Author: Roy Tam + +--- a/process.c b/process.c +@@ -1281,7 +1281,7 @@ static int find_ecrec64(__G__ searchlen) + fprintf(stdout,"\nnumber of disks (ECR) %u, (ECLOC64) %lu\n", + G.ecrec.number_this_disk, ecloc64_total_disks); fflush(stdout); + #endif +-if ((G.ecrec.number_this_disk != 0x) && ++if ((G.ecrec.number_this_disk != 0x) && ecloc64_total_disks && + (G.ecrec.number_this_disk != ecloc64_total_disks - 1)) { + /* Note: For some unknown reason, the developers at PKWARE decided to + store the "zip64 total disks" value as a counter starting from 1, diff -Nru unzip-6.0/debian/patches/series unzip-6.0/debian/patches/series --- unzip-6.0/debian/patches/series 2023-05-30 06:34:18.0 -0400 +++ unzip-6.0/debian/patches/series 2024-02-01 10:46:59.0 -0500 @@ -27,3 +27,4 @@ 26-cve-2019-13232-fix-bug-in-uzinflate.patch 27-zipgrep-avoid-test-errors.patch 28-cve-2022-0529-and-cve-2022-0530.patch +handle_windows_zip64.patch
Bug#1011771: logrotate: On Ubuntu, an extra conf file is created
Package: logrotate Version: 3.20.1-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu kinetic ubuntu-patch -- Package-specific info: Contents of /etc/logrotate.d total 84 -rw-r--r-- 1 root root 120 Sep 5 2019 alternatives -rw-r--r-- 1 root root 442 Apr 13 2020 apache2 -rw-r--r-- 1 root root 126 Dec 4 2019 apport -rw-r--r-- 1 root root 173 Apr 9 2020 apt -rw-r--r-- 1 root root 1170 Jan 19 2020 apt-cacher-ng -rw-r--r-- 1 root root 91 Apr 1 2020 bootlog -rw-r--r-- 1 root root 130 Jan 21 2019 btmp -rw-r--r-- 1 root root 181 Feb 17 2020 cups-daemon -rw-r--r-- 1 root root 112 Sep 5 2019 dpkg -rw-r--r-- 1 root root 165 Oct 8 2020 libvirtd -rw-r--r-- 1 root root 149 Oct 8 2020 libvirtd.libxl -rw-r--r-- 1 root root 147 Oct 8 2020 libvirtd.lxc -rw-r--r-- 1 root root 540 Oct 8 2020 libvirtd.qemu -rw-r--r-- 1 root root 94 Feb 8 2019 ppp -rw-r--r-- 1 root root 501 Mar 7 2019 rsyslog -rw-r--r-- 1 root root 677 Nov 28 2019 speech-dispatcher -rw-r--r-- 1 root root 244 Oct 6 2021 ubuntu-advantage-tools -rw-r--r-- 1 root root 178 Jan 21 2020 ufw -rw-r--r-- 1 root root 235 Apr 13 2020 unattended-upgrades -rw-r--r-- 1 root root 297 Jan 5 2020 winbind -rw-r--r-- 1 root root 145 Feb 19 2018 wtmp *** /tmp/tmpmw3qw25y/bug_body In Ubuntu, the attached patch was applied to achieve the following: The sed command in debian/rules was creating an extra "logrotate.confe" backup file by mistake. * debian/rules: fix sed syntax to not end up with a backup file. Thanks for considering the patch. -- System Information: Debian Release: bullseye/sid APT prefers focal-updates APT policy: (500, 'focal-updates'), (500, 'focal-security'), (500, 'focal'), (100, 'focal-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.13.0-39-generic (SMP w/8 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -Nru logrotate-3.20.1/debian/rules logrotate-3.20.1/debian/rules --- logrotate-3.20.1/debian/rules 2022-05-25 18:15:57.0 -0400 +++ logrotate-3.20.1/debian/rules 2022-05-26 10:33:29.0 -0400 @@ -15,6 +15,6 @@ # because that's where Ubuntu had been adding these lines execute_after_dh_install: ifeq ($(shell dpkg-vendor --query vendor),Ubuntu) - sed -ie "6r debian/ubuntu-logrotate.conf" \ + sed -i -e "6r debian/ubuntu-logrotate.conf" \ debian/logrotate/etc/logrotate.conf endif
Bug#956399: pam-ssh-agent-auth: Segfault when using ECDSA keys
Package: pam-ssh-agent-auth Version: 0.10.3-3 Severity: important Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu focal ubuntu-patch *** /tmp/tmpUqD4LH/bug_body The pam module segfaults when being used with ECDSA keys. Please see the following downstream bug for a detailed reproducer: https://bugs.launchpad.net/bugs/1869512 In Ubuntu, the attached patch was applied to achieve the following: * Fix segfault when using ECDSA keys (LP: #1869512) - debian/patches/lp1869512.patch: properly initialize memory in ssh-ecdsa.c. Thanks for considering the patch. -- System Information: Debian Release: buster/sid APT prefers bionic-updates APT policy: (500, 'bionic-updates'), (500, 'bionic-security'), (500, 'bionic'), (100, 'bionic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-91-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -Nru pam-ssh-agent-auth-0.10.3/debian/patches/lp1869512.patch pam-ssh-agent-auth-0.10.3/debian/patches/lp1869512.patch --- pam-ssh-agent-auth-0.10.3/debian/patches/lp1869512.patch1969-12-31 19:00:00.0 -0500 +++ pam-ssh-agent-auth-0.10.3/debian/patches/lp1869512.patch2020-04-10 12:48:24.0 -0400 @@ -0,0 +1,46 @@ +Description: fix segfault when using ECDSA keys. +Author: Marc Deslauriers +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1869512 + +--- a/ssh-ecdsa.c b/ssh-ecdsa.c +@@ -111,7 +111,7 @@ ssh_ecdsa_verify(const Key *key, const u + int rlen, ret; + Buffer b; + #if OPENSSL_VERSION_NUMBER >= 0x1015L +- BIGNUM *r, *s; ++ BIGNUM *r = NULL, *s = NULL; + #endif + + if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) { +@@ -137,20 +137,27 @@ ssh_ecdsa_verify(const Key *key, const u + + /* parse signature */ + if ((sig = ECDSA_SIG_new()) == NULL) +-pamsshagentauth_fatal("ssh_ecdsa_verify: DSA_SIG_new failed"); ++pamsshagentauth_fatal("ssh_ecdsa_verify: ECDSA_SIG_new failed"); + + pamsshagentauth_buffer_init(); + pamsshagentauth_buffer_append(, sigblob, len); + #if OPENSSL_VERSION_NUMBER < 0x1015L + if ((pamsshagentauth_buffer_get_bignum2_ret(, sig->r) == -1) || + (pamsshagentauth_buffer_get_bignum2_ret(, sig->s) == -1)) ++pamsshagentauth_fatal("ssh_ecdsa_verify:" ++"pamsshagentauth_buffer_get_bignum2_ret failed"); + #else +-DSA_SIG_get0(sig, , ); ++if ((r = BN_new()) == NULL) ++pamsshagentauth_fatal("ssh_ecdsa_verify: BN_new failed"); ++if ((s = BN_new()) == NULL) ++pamsshagentauth_fatal("ssh_ecdsa_verify: BN_new failed"); + if ((pamsshagentauth_buffer_get_bignum2_ret(, r) == -1) || + (pamsshagentauth_buffer_get_bignum2_ret(, s) == -1)) +-#endif + pamsshagentauth_fatal("ssh_ecdsa_verify:" + "pamsshagentauth_buffer_get_bignum2_ret failed"); ++if (ECDSA_SIG_set0(sig, r, s) != 1) ++pamsshagentauth_fatal("ssh_ecdsa_verify: ECDSA_SIG_set0 failed"); ++#endif + + /* clean up */ + memset(sigblob, 0, len); diff -Nru pam-ssh-agent-auth-0.10.3/debian/patches/series pam-ssh-agent-auth-0.10.3/debian/patches/series --- pam-ssh-agent-auth-0.10.3/debian/patches/series 2019-01-26 10:40:32.0 -0500 +++ pam-ssh-agent-auth-0.10.3/debian/patches/series 2020-04-10 12:48:24.0 -0400 @@ -1,3 +1,4 @@ 0001-authfd.c-check-return-value-of-seteuid-2.patch openssl-1.1.1-1.patch openssl-1.1.1-2.patch +lp1869512.patch
Bug#920442: (no subject)
Looks like this is caused by texlive-base (2018.20190122-1), reverting to texlive-base (2018.20181214-1) fixes the FTBFS.
Bug#920442: libcaca FTBFS in unstable
Package: libcaca Version: 0.99.beta19-2 Severity: serious Justification: fails to build from source (but built successfully in the past) See: http://debomatic-amd64.debian.net/distribution#unstable/libcaca/0.99.beta19-2/buildlog
Bug#870273: imagemagick: regression in 8:6.8.9.9-5+deb8u10
Package: imagemagick Version: 8:6.8.9.9-5+deb8u10 Severity: normal Ubuntu imagemagick security updates are based on Debian security updates. The latest round of jessie updates introduced a regression. Please see the downstream bug report for a reproducer script: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1707015 I've tracked this down to the 0224-Ensure-token-does-not-overflow.patch patch, but I haven't come up with a fix yet.
Bug#858564: (no subject)
We're hitting the same issue in Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1675698 "follow symlinks = no" is required to reproduce it.
Bug#803012: tar ftbfs everywhere (test suite errors)
Package: tar Version: 1.28-2 Followup-For: Bug #803012 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu xenial ubuntu-patch *** /tmp/tmp70_1Po/bug_body In Ubuntu, the attached patch was applied to achieve the following: * debian/patches/use-sort-in-t-dir-tests.diff: upstream patch to fix test sort order. Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers vivid-updates APT policy: (500, 'vivid-updates'), (500, 'vivid-security'), (500, 'vivid-proposed'), (500, 'vivid'), (100, 'vivid-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.19.0-32-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru tar-1.28/debian/changelog tar-1.28/debian/changelog diff -Nru tar-1.28/debian/patches/series tar-1.28/debian/patches/series --- tar-1.28/debian/patches/series 2015-09-28 17:26:37.0 -0500 +++ tar-1.28/debian/patches/series 2015-11-03 21:57:30.0 -0600 @@ -2,3 +2,4 @@ listed03-linux-only add-clamp-mtime.diff files-from-and-recursive-extract.diff +use-sort-in-t-dir-tests.diff diff -Nru tar-1.28/debian/patches/use-sort-in-t-dir-tests.diff tar-1.28/debian/patches/use-sort-in-t-dir-tests.diff --- tar-1.28/debian/patches/use-sort-in-t-dir-tests.diff 1969-12-31 18:00:00.0 -0600 +++ tar-1.28/debian/patches/use-sort-in-t-dir-tests.diff 2015-11-03 21:57:30.0 -0600 @@ -0,0 +1,48 @@ +From 5e2a1d5b3801d016f51b3f4c476d275a6adff5d7 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff+Date: Mon, 02 Nov 2015 11:54:26 + +Subject: Use sort in T-dir tests. + +--- +diff --git a/tests/T-dir00.at b/tests/T-dir00.at +index 7f89fcf..8ff6ba8 100644 +--- a/tests/T-dir00.at b/tests/T-dir00.at +@@ -28,13 +28,14 @@ + AT_SETUP([recursive extraction from --files-from]) + AT_KEYWORDS([files-from extract T-dir T-dir00]) + AT_TAR_CHECK([ ++AT_SORT_PREREQ + mkdir dir + genfile -f dir/file1 + genfile -f dir/file2 + tar cf archive dir + rm -rf dir + echo dir > list +-tar xfTv archive list ++tar xfTv archive list | sort + ], + [0], + [dir/ +diff --git a/tests/T-dir01.at b/tests/T-dir01.at +index 155a373..db92292 100644 +--- a/tests/T-dir01.at b/tests/T-dir01.at +@@ -28,13 +28,14 @@ + AT_SETUP([trailing slash in --files-from]) + AT_KEYWORDS([files-from extract T-dir T-dir01]) + AT_TAR_CHECK([ ++AT_SORT_PREREQ + mkdir dir + genfile -f dir/file1 + genfile -f dir/file2 + tar cf archive dir + rm -rf dir + echo dir/ > list +-tar xfTv archive list ++tar xfTv archive list | sort + ], + [0], + [dir/ +-- +cgit v0.9.0.2
Bug#775421: logrotate: manpage refers to /var/lib/logrotate.status
Package: logrotate Version: 3.8.7-2 Followup-For: Bug #775421 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu wily ubuntu-patch *** /tmp/tmpaYlMlo/bug_body In Ubuntu, the attached patch was applied to achieve the following: * debian/patches/manpage.patch: fix state file path in FILES section (LP: #772214) Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers vivid-updates APT policy: (500, 'vivid-updates'), (500, 'vivid-security'), (500, 'vivid-proposed'), (500, 'vivid'), (100, 'vivid-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.19.0-29-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru logrotate-3.8.7/debian/changelog logrotate-3.8.7/debian/changelog diff -Nru logrotate-3.8.7/debian/patches/manpage.patch logrotate-3.8.7/debian/patches/manpage.patch --- logrotate-3.8.7/debian/patches/manpage.patch 2015-05-06 00:41:10.0 -0400 +++ logrotate-3.8.7/debian/patches/manpage.patch 2015-09-15 09:06:00.0 -0400 @@ -1,8 +1,10 @@ -Closes: #101272, #335060 -Patches from: J S Bygott- -General fixes to manpages. - +Description: General fixes to manpages. +Author: J S Bygott +Author: Andrey Bondarenko +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=101272 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=335060 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775421 +Last-Update: 2015-09-15 Index: logrotate-3.8.5/logrotate.8 === @@ -150,6 +152,15 @@ overrides the \fBolddir\fR option). .TP +@@ -523,7 +528,7 @@ + .SH FILES + .PD 0 + .TP 27 +-\fI/var/lib/logrotate.status\fR ++\fI/var/lib/logrotate/status\fR + Default state file. + .TP 27 + \fI/etc/logrotate.conf\fR @@ -532,12 +537,15 @@ .SH SEE ALSO .BR gzip (1)
Bug#795429: CVE-2015-5177
Package: openslp-dfsg Version: 1.2.1-10 Followup-For: Bug #795429 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu wily ubuntu-patch *** /tmp/tmpHzlE84/bug_body In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: denial of service via double free flaw - debian/patches/CVE-2015-5177.patch: fix double free if SLPDKnownDAAdd() fails in slpd/slpd_knownda.c. - CVE-2015-5177 Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers vivid-updates APT policy: (500, 'vivid-updates'), (500, 'vivid-security'), (500, 'vivid-proposed'), (500, 'vivid'), (100, 'vivid-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.19.0-27-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru openslp-dfsg-1.2.1/debian/changelog openslp-dfsg-1.2.1/debian/changelog diff -Nru openslp-dfsg-1.2.1/debian/patches/CVE-2015-5177.patch openslp-dfsg-1.2.1/debian/patches/CVE-2015-5177.patch --- openslp-dfsg-1.2.1/debian/patches/CVE-2015-5177.patch 1969-12-31 19:00:00.0 -0500 +++ openslp-dfsg-1.2.1/debian/patches/CVE-2015-5177.patch 2015-08-28 15:29:54.0 -0400 @@ -0,0 +1,30 @@ +Description: fix denial of service via double free flaw +Origin: backport, http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/ +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795429 + +Index: openslp-dfsg-1.2.1/slpd/slpd_knownda.c +=== +--- openslp-dfsg-1.2.1.orig/slpd/slpd_knownda.c 2005-02-08 00:34:31.0 -0500 openslp-dfsg-1.2.1/slpd/slpd_knownda.c 2015-08-28 15:27:26.098428039 -0400 +@@ -823,15 +823,15 @@ + */ + SLPDLogDAAdvertisement(Removed,entry); + } ++/* If we are here, we need to cleanup the message descriptor and the */ ++/* message buffer because they were not added to the database and not */ ++/* cleaning them up would result in a memory leak. This is because we */ ++/* return zero, so the caller thinks it must not do the cleanup. */ ++SLPMessageFree(msg); ++SLPBufferFree(buf); + } + + CLEANUP: +-/* If we are here, we need to cleanup the message descriptor and the */ +-/* message buffer because they were not added to the database and not */ +-/* cleaning them up would result in a memory leak */ +-/* We also need to make sure the Database handle is closed. */ +-SLPMessageFree(msg); +-SLPBufferFree(buf); + if (dh) SLPDatabaseClose(dh); + + return result; diff -Nru openslp-dfsg-1.2.1/debian/patches/series openslp-dfsg-1.2.1/debian/patches/series --- openslp-dfsg-1.2.1/debian/patches/series 2014-07-25 10:14:50.0 -0400 +++ openslp-dfsg-1.2.1/debian/patches/series 2015-08-28 15:23:23.0 -0400 @@ -4,3 +4,4 @@ fix-typo.patch fix-automake-cond-spelling.patch CVE-2012-4428.patch +CVE-2015-5177.patch
Bug#789686: putty: Security fix may get optimized away by compiler
Package: putty Version: 0.62-9+deb7u2 Severity: normal Tags: security -- System Information: Debian Release: jessie/sid APT prefers vivid-updates APT policy: (500, 'vivid-updates'), (500, 'vivid-security'), (500, 'vivid-proposed'), (500, 'vivid'), (100, 'vivid-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.19.0-22-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) The wheezy security update backport for CVE-2015-2157 replaced calls to smemclr() with memset() in private-key-not-wiped-2.patch. This may result in the security fix being optimized away by the compiler. In addition, it appears there are other cases in the codebase where a memset is being used to clear out sensitive information. The following commit should probably be backported: https://github.com/Yasushi/putty/commit/aa5bae89 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#789686: (no subject)
Whoops, that's not the official repo, this is the right URL: http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commit;h=aa5bae89 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#786555: sudo: time stamp files no longer invalidated at boot
Package: sudo Version: 1.8.12-1 Followup-For: Bug #786555 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu wily ubuntu-patch *** /tmp/tmp8y8IwQ/bug_body In Ubuntu, the attached patch was applied to achieve the following: * Use tmpfs location to store timestamp files (LP: #1458031) - debian/rules: change --with-rundir to /var/run/sudo - debian/rules, debian/sudo.service, debian/sudo.sudo.init: stop shipping init script and service file, as they are no longer necessary. - debian/*.preinst, debian/*.postinst, debian/*.postrm: remove old init script with dpkg-maintscript-helper. - debian/*.postinst: remove old /var/run/sudo to /var/lib/sudo transition code, remove old /var/lib/sudo/ts timestamp directory. Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers vivid-updates APT policy: (500, 'vivid-updates'), (500, 'vivid-security'), (500, 'vivid-proposed'), (500, 'vivid'), (100, 'vivid-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.19.0-20-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru sudo-1.8.12/debian/changelog sudo-1.8.12/debian/changelog diff -Nru sudo-1.8.12/debian/control sudo-1.8.12/debian/control --- sudo-1.8.12/debian/control 2015-05-13 16:01:18.0 -0400 +++ sudo-1.8.12/debian/control 2015-06-05 11:34:40.0 -0400 @@ -1,8 +1,7 @@ Source: sudo Section: admin Priority: optional -Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com -XSBC-Original-Maintainer: Bdale Garbee bd...@gag.com +Maintainer: Bdale Garbee bd...@gag.com Build-Depends: debhelper (= 7), libpam0g-dev, libldap2-dev, libsasl2-dev, libselinux1-dev [linux-any], autoconf, autotools-dev, bison, flex, libaudit-dev [linux-any], dh-autoreconf Standards-Version: 3.9.6 Vcs-Git: git://anonscm.debian.org/collab-maint/sudo.git diff -Nru sudo-1.8.12/debian/rules sudo-1.8.12/debian/rules --- sudo-1.8.12/debian/rules 2015-05-13 15:44:04.0 -0400 +++ sudo-1.8.12/debian/rules 2015-06-05 09:45:22.0 -0400 @@ -44,7 +44,7 @@ --disable-root-mailer \ --enable-admin-flag \ --with-sendmail=/usr/sbin/sendmail \ - --with-rundir=/var/lib/sudo \ + --with-rundir=/var/run/sudo \ --mandir=/usr/share/man \ --libexecdir=/usr/lib/sudo \ --with-sssd --with-sssd-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \ @@ -71,7 +71,7 @@ --enable-admin-flag \ --disable-setresuid \ --with-sendmail=/usr/sbin/sendmail \ - --with-rundir=/var/lib/sudo \ + --with-rundir=/var/run/sudo \ --with-ldap-conf-file=/etc/sudo-ldap.conf \ --mandir=/usr/share/man \ --libexecdir=/usr/lib/sudo \ @@ -117,6 +117,7 @@ rm -f debian/sudo*/etc/sudoers \ debian/sudo*/usr/share/doc/sudo/LICENSE* \ debian/sudo*/usr/share/doc/sudo/ChangeLog + rmdir debian/sudo*/var/run/sudo # move upstream-installed docs to the right place for ldap package mv debian/sudo-ldap/usr/share/doc/sudo/* \ @@ -160,10 +161,6 @@ install -o root -g root -m 0440 debian/README \ debian/sudo-ldap/etc/sudoers.d/README - install -o root -g root -m 0644 debian/sudo.service \ - debian/sudo/lib/systemd/system/sudo.service - install -o root -g root -m 0644 debian/sudo.service \ - debian/sudo-ldap/lib/systemd/system/sudo.service binary-indep: build install @@ -171,8 +168,6 @@ dh_testdir dh_testroot dh_installdocs -A - dh_installinit -psudo --name=sudo - dh_installinit -psudo-ldap --name=sudo-ldap dh_installman -A dh_installinfo -A dh_installchangelogs ChangeLog diff -Nru sudo-1.8.12/debian/sudo-ldap.postinst sudo-1.8.12/debian/sudo-ldap.postinst --- sudo-1.8.12/debian/sudo-ldap.postinst 2015-02-23 11:03:03.0 -0500 +++ sudo-1.8.12/debian/sudo-ldap.postinst 2015-06-05 11:10:58.0 -0400 @@ -19,14 +19,6 @@ echo sudoers: files ldap /etc/nsswitch.conf fi -# handle state directory transition from /var/run/sudo to /var/lib/sudo, -# moving any existing content over to avoid re-lecturing existing users -if [ -d /var/run/sudo ];then -mkdir -p /var/lib/sudo -(cd /var/run/sudo ; tar cf - .) | (cd /var/lib/sudo ; tar xf -) -rm -rf /var/run/sudo -fi - # make sure sudoers has the correct permissions and owner/group if [ -f /etc/sudoers ];then chown root:root /etc/sudoers @@ -42,6 +34,12 @@ # if we've gotten this far .. remove the saved, unchanged old sudoers file rm -f /etc/sudoers.pre-conffile +# remove the old init script +dpkg-maintscript-helper rm_conffile /etc/init.d/sudo 1.8.12-1ubuntu2~ sudo-ldap -- $@ + +# remove the old timestamp directory +rm -rf /var/lib/sudo/ts + # make sure we have a sudo group [ -n `getent group sudo` ] exit 0 # we're finished if there is a group sudo: diff -Nru sudo-1.8.12/debian/sudo-ldap.postrm sudo-1.8.12/debian/sudo-ldap.postrm --- sudo-1.8.12/debian/sudo-ldap.postrm 2015-02-23
Bug#786555: sudo: time stamp files no longer invalidated at boot
Package: sudo Version: Severity: normal Tags: security Sudo 1.8.10 switched to a new time stamp file format that uses the monotonic clock. Timestamp files moved from /var/lib/sudo to /var/lib/sudo/ts. At boot, the contents of the /var/lib/sudo/ts directory needs to be deleted, as per the warning in the build log: configure: Warning: the /var/lib/sudo/ts directory must be cleared at boot time. configure: You may need to create a startup item to do this. The sudo package ships with both an init script and a systemd unit file. Unfortunately, the init script sets the date on the timestamp files to epoch, which is no longer the proper way to invalidate them. The systemd unit file doesn't seem to work at all. Downstream bug report: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1458031 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#784773: icu: CVE-2015-8146 and CVE-2015-8147
Package: icu Version: 52.1-8 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu wily ubuntu-patch *** /tmp/tmp8_oq5o/bug_body In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: heap overflow via incorrect isolateCount - debian/patches/CVE-2015-8146.patch: check for valid isolateCount in source/common/ubidi.c. - CVE-2015-8146 * SECURITY UPDATE: integer overflow via incorrect state size - debian/patches/CVE-2015-8147.patch: change state to int32_t in source/common/ubidiimp.h. - CVE-2015-8147 Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers vivid-updates APT policy: (500, 'vivid-updates'), (500, 'vivid-security'), (500, 'vivid-proposed'), (500, 'vivid'), (100, 'vivid-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.19.0-15-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru icu-52.1/debian/changelog icu-52.1/debian/changelog diff -Nru icu-52.1/debian/patches/CVE-2015-8146.patch icu-52.1/debian/patches/CVE-2015-8146.patch --- icu-52.1/debian/patches/CVE-2015-8146.patch 1969-12-31 19:00:00.0 -0500 +++ icu-52.1/debian/patches/CVE-2015-8146.patch 2015-05-08 08:27:11.0 -0400 @@ -0,0 +1,16 @@ +Description: fix heap overflow via incorrect isolateCount +Origin: backport, http://bugs.icu-project.org/trac/changeset/37162 + +Index: icu-52.1/source/common/ubidi.c +=== +--- icu-52.1.orig/source/common/ubidi.c 2013-10-04 16:49:28.0 -0400 icu-52.1/source/common/ubidi.c 2015-05-08 08:19:47.924746439 -0400 +@@ -2049,7 +2049,7 @@ + /* The isolates[] entries contain enough information to +resume the bidi algorithm in the same state as it was +when it was interrupted by an isolate sequence. */ +-if(dirProps[start]==PDI) { ++if(dirProps[start]==PDI pBiDi-isolateCount = 0) { + start1=pBiDi-isolates[pBiDi-isolateCount].start1; + stateImp=pBiDi-isolates[pBiDi-isolateCount].stateImp; + levState.state=pBiDi-isolates[pBiDi-isolateCount].state; diff -Nru icu-52.1/debian/patches/CVE-2015-8147.patch icu-52.1/debian/patches/CVE-2015-8147.patch --- icu-52.1/debian/patches/CVE-2015-8147.patch 1969-12-31 19:00:00.0 -0500 +++ icu-52.1/debian/patches/CVE-2015-8147.patch 2015-05-08 08:27:31.0 -0400 @@ -0,0 +1,17 @@ +Description: fix integer overflow via incorrect state size +Origin: backport, http://bugs.icu-project.org/trac/changeset/37080 + +Index: icu-52.1/source/common/ubidiimp.h +=== +--- icu-52.1.orig/source/common/ubidiimp.h 2013-10-04 16:49:24.0 -0400 icu-52.1/source/common/ubidiimp.h 2015-05-08 08:20:48.901252416 -0400 +@@ -193,8 +193,8 @@ + + typedef struct Isolate { + int32_t start1; ++int32_t state; + int16_t stateImp; +-int16_t state; + } Isolate; + + typedef struct Run { diff -Nru icu-52.1/debian/patches/series icu-52.1/debian/patches/series --- icu-52.1/debian/patches/series 2015-02-15 21:35:11.0 -0500 +++ icu-52.1/debian/patches/series 2015-05-08 08:20:42.0 -0400 @@ -12,3 +12,5 @@ CVE-2014-7923+7926.patch CVE-2014-7940.patch CVE-2014-9654.patch +CVE-2015-8146.patch +CVE-2015-8147.patch
Bug#781526: tiff: More security-relevant commits
Package: tiff Version: 4.0.3-12.3 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu vivid ubuntu-patch *** /tmp/tmpy2ySAQ/bug_body In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: Backport more security-relevant commits - debian/patches/CVE-2014-81xx-9.patch - debian/patches/CVE-2014-9655-1.patch - debian/patches/CVE-2014-9655-3.patch - debian/patches/read_overrun.patch - debian/patches/estimatestripbytecounts_return_code.patch - debian/patches/CVE-2014-8130.patch Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers vivid-updates APT policy: (500, 'vivid-updates'), (500, 'vivid-security'), (500, 'vivid'), (100, 'vivid-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.19.0-10-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru tiff-4.0.3/debian/changelog tiff-4.0.3/debian/changelog diff -Nru tiff-4.0.3/debian/patches/CVE-2014-8130.patch tiff-4.0.3/debian/patches/CVE-2014-8130.patch --- tiff-4.0.3/debian/patches/CVE-2014-8130.patch 1969-12-31 19:00:00.0 -0500 +++ tiff-4.0.3/debian/patches/CVE-2014-8130.patch 2015-03-30 10:19:40.0 -0400 @@ -0,0 +1,42 @@ +From 3c5eb8b1be544e41d2c336191bc4936300ad7543 Mon Sep 17 00:00:00 2001 +From: bfriesen bfriesen +Date: Sun, 18 Nov 2012 17:51:52 + +Subject: [PATCH] * libtiff/tif_{unix,vms,win32}.c (_TIFFmalloc): ANSI C does + not require malloc() to return NULL pointer if requested allocation size is + zero. Assure that _TIFFmalloc does. + +--- + ChangeLog | 6 ++ + libtiff/tif_unix.c | 3 +++ + libtiff/tif_vms.c | 3 +++ + libtiff/tif_win32.c | 3 +++ + 4 files changed, 15 insertions(+) + +Index: tiff-4.0.3/libtiff/tif_unix.c +=== +--- tiff-4.0.3.orig/libtiff/tif_unix.c 2015-03-27 14:47:11.002353413 -0400 tiff-4.0.3/libtiff/tif_unix.c 2015-03-27 14:47:10.998353377 -0400 +@@ -257,6 +257,9 @@ + void* + _TIFFmalloc(tmsize_t s) + { ++if (s == 0) ++return ((void *) NULL); ++ + return (malloc((size_t) s)); + } + +Index: tiff-4.0.3/libtiff/tif_win32.c +=== +--- tiff-4.0.3.orig/libtiff/tif_win32.c 2015-03-27 14:47:11.002353413 -0400 tiff-4.0.3/libtiff/tif_win32.c 2015-03-27 14:47:10.998353377 -0400 +@@ -329,6 +329,9 @@ + void* + _TIFFmalloc(tmsize_t s) + { ++if (s == 0) ++return ((void *) NULL); ++ + return (malloc((size_t) s)); + } + diff -Nru tiff-4.0.3/debian/patches/CVE-2014-81xx-9.patch tiff-4.0.3/debian/patches/CVE-2014-81xx-9.patch --- tiff-4.0.3/debian/patches/CVE-2014-81xx-9.patch 1969-12-31 19:00:00.0 -0500 +++ tiff-4.0.3/debian/patches/CVE-2014-81xx-9.patch 2015-03-30 10:18:36.0 -0400 @@ -0,0 +1,35 @@ +Backport of: + +From 77837423c3a125a3b39ddae246ff904f437cf845 Mon Sep 17 00:00:00 2001 +From: bfriesen bfriesen +Date: Mon, 22 Dec 2014 02:52:38 + +Subject: [PATCH] * tools/tiffdump.c: Guard against arithmetic overflow when + calculating allocation buffer sizes. + +--- + ChangeLog| 5 + + tools/tiffdump.c | 21 ++--- + 2 files changed, 23 insertions(+), 3 deletions(-) + +Index: tiff-4.0.3/tools/tiffdump.c +=== +--- tiff-4.0.3.orig/tools/tiffdump.c 2015-01-29 09:36:19.521556646 -0500 tiff-4.0.3/tools/tiffdump.c 2015-01-29 09:36:19.521556646 -0500 +@@ -34,6 +34,8 @@ + # include unistd.h + #endif + ++#include tiffiop.h ++ + #ifdef HAVE_FCNTL_H + # include fcntl.h + #endif +@@ -303,7 +305,7 @@ + dircount = (uint16)dircount64; + direntrysize = 20; + } +- dirmem = _TIFFmalloc(dircount * direntrysize); ++ dirmem = _TIFFmalloc(TIFFSafeMultiply(tmsize_t,dircount,direntrysize)); + if (dirmem == NULL) { + Fatal(No space for TIFF directory); + goto done; diff -Nru tiff-4.0.3/debian/patches/CVE-2014-9655-1.patch tiff-4.0.3/debian/patches/CVE-2014-9655-1.patch --- tiff-4.0.3/debian/patches/CVE-2014-9655-1.patch 1969-12-31 19:00:00.0 -0500 +++ tiff-4.0.3/debian/patches/CVE-2014-9655-1.patch 2015-03-30 10:18:59.0 -0400 @@ -0,0 +1,26 @@ +From 24a2eee78bb057acb2c3992acd002654c1747718 Mon Sep 17 00:00:00 2001 +From: erouault erouault +Date: Wed, 24 Dec 2014 16:57:18 + +Subject: [PATCH] * libtiff/tif_getimage.c: avoid divide by zero on invalid + YCbCr subsampling. http://bugzilla.maptools.org/show_bug.cgi?id=2235 + +--- + ChangeLog | 5 + + libtiff/tif_getimage.c | 4 + 2 files changed, 9 insertions(+) + +diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c +index 396ad08..417ac7b 100644 +--- a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c +@@ -875,6 +875,10 @@
Bug#776947: nut: Default ups.conf should have maxretry setting above examples section
Package: nut Version: 2.7.1-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu vivid ubuntu-patch *** /tmp/tmpvfdwEw/bug_body In Ubuntu, the attached patch was applied to achieve the following: Default/sample ups.conf has maxretry setting at end. Above that are examples and an empty line. Uncommenting any of the examples or merging with older configs are likely to end up with a broken config file, since the parser will interpret existing maxretries to be inside driver definition. Included patch follows conventions used in other nut config files. * debian/patches/0006-ups-conf-reorder.patch: Move maxretry setting above Examples section, closer to the outside of a driver definition comment. (LP: #1405822) Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers utopic-updates APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 'utopic-proposed'), (500, 'utopic'), (100, 'utopic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-30-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru nut-2.7.1/debian/changelog nut-2.7.1/debian/changelog diff -Nru nut-2.7.1/debian/patches/0006-ups-conf-maxretry.patch nut-2.7.1/debian/patches/0006-ups-conf-maxretry.patch --- nut-2.7.1/debian/patches/0006-ups-conf-maxretry.patch 2013-11-24 14:58:03.0 -0500 +++ nut-2.7.1/debian/patches/0006-ups-conf-maxretry.patch 2015-02-03 08:23:00.0 -0500 @@ -25,10 +25,15 @@ # # These directives are common to all drivers that support ups.conf: # -@@ -102,3 +120,6 @@ +@@ -78,7 +96,10 @@ # - # To find out if your driver supports any extra settings, start it with - # the -h option and/or read the driver's documentation. + # Anything else is passed through to the hardware-specific part of + # the driver. +-# + +# Set maxretry to 3 by default, this should mitigate race with slow devices: +maxretry = 3 ++ + # Examples + # + #
Bug#776589: unzip: CVE-2014-9636 heap overflow via mismatched block sizes
Package: unzip Version: 6.0-13 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu vivid ubuntu-patch *** /tmp/tmp7DfOwv/bug_body In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: heap overflow via mismatched block sizes - debian/patches/12-cve-2014-9636-test-compr-eb: ensure compressed and uncompressed block sizes match when using STORED method in extract.c. - CVE-2014-9636 Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers utopic-updates APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 'utopic-proposed'), (500, 'utopic'), (100, 'utopic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-30-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru unzip-6.0/debian/changelog unzip-6.0/debian/changelog diff -Nru unzip-6.0/debian/patches/12-cve-2014-9636-test-compr-eb unzip-6.0/debian/patches/12-cve-2014-9636-test-compr-eb --- unzip-6.0/debian/patches/12-cve-2014-9636-test-compr-eb 1969-12-31 19:00:00.0 -0500 +++ unzip-6.0/debian/patches/12-cve-2014-9636-test-compr-eb 2015-01-29 11:15:34.0 -0500 @@ -0,0 +1,43 @@ +From a9bfab5b52d08879bbc5e0991684b700127ddcff Mon Sep 17 00:00:00 2001 +From: mancha mancha1 AT zoho DOT com +Date: Mon, 3 Nov 2014 +Subject: Info-ZIP UnZip buffer overflow + +By carefully crafting a corrupt ZIP archive with extra fields that +purport to have compressed blocks larger than the corresponding +uncompressed blocks in STORED no-compression mode, an attacker can +trigger a heap overflow that can result in application crash or +possibly have other unspecified impact. + +This patch ensures that when extra fields use STORED mode, the +compressed and uncompressed block sizes match. + +--- + extract.c |8 + 1 file changed, 8 insertions(+) + +Index: unzip-6.0/extract.c +=== +--- unzip-6.0.orig/extract.c 2015-01-29 11:15:31.118569464 -0500 unzip-6.0/extract.c 2015-01-29 11:15:31.114569431 -0500 +@@ -2230,6 +2230,7 @@ + ulg eb_ucsize; + uch *eb_ucptr; + int r; ++ush method; + + if (compr_offset 4)/* field is not compressed: */ + return PK_OK;/* do nothing and signal OK */ +@@ -2246,6 +2247,12 @@ + ((eb_ucsize 0L) (eb_size = (compr_offset + EB_CMPRHEADLEN + return IZ_EF_TRUNC; /* no/bad compressed data! */ + ++method = makeword(eb + (EB_HEADSIZE + compr_offset)); ++if ((method == STORED) (eb_size - compr_offset != eb_ucsize)) ++ return PK_ERR; /* compressed uncompressed ++ * should match in STORED ++ * method */ ++ + if ( + #ifdef INT_16BIT + (((ulg)(extent)eb_ucsize) != eb_ucsize) || diff -Nru unzip-6.0/debian/patches/series unzip-6.0/debian/patches/series --- unzip-6.0/debian/patches/series 2014-12-25 07:37:44.0 -0500 +++ unzip-6.0/debian/patches/series 2015-01-29 11:25:49.0 -0500 @@ -9,4 +9,5 @@ 09-cve-2014-8139-crc-overflow 10-cve-2014-8140-test-compr-eb 11-cve-2014-8141-getzip64data +12-cve-2014-9636-test-compr-eb 20-unzip60-alt-iconv-utf8
Bug#772648: graphviz: format string vulnerability (CVE-2014-9157)
Package: graphviz Version: 2.38.0-6 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu vivid ubuntu-patch *** /tmp/tmp5q_TKj/bug_body In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: Format string vulnerability may allow attackers to cause a denial of service or possibly execute code. - debian/patches/CVE-2014-9157.patch: Fix format string vulnerability in lib/cgraph/scan.l yyerror() routine. - CVE-2014-9157 Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers utopic-updates APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 'utopic-proposed'), (500, 'utopic'), (100, 'utopic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-26-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru graphviz-2.38.0/debian/changelog graphviz-2.38.0/debian/changelog diff -Nru graphviz-2.38.0/debian/patches/CVE-2014-9157.patch graphviz-2.38.0/debian/patches/CVE-2014-9157.patch --- graphviz-2.38.0/debian/patches/CVE-2014-9157.patch 1969-12-31 19:00:00.0 -0500 +++ graphviz-2.38.0/debian/patches/CVE-2014-9157.patch 2014-12-09 09:09:43.0 -0500 @@ -0,0 +1,21 @@ +Subject: Fix format string vulnerability (CVE-2014-9157) in yyerror() routine +Origin: https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081 +Author: Emden R. Gansner + +--- + lib/cgraph/scan.l |2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: b/lib/cgraph/scan.l +=== +--- a/lib/cgraph/scan.l b/lib/cgraph/scan.l +@@ -225,7 +225,7 @@ + agxbput (xb, buf); + agxbput (xb, yytext); + agxbput (xb,'\n); +- agerr(AGERR,agxbuse(xb)); ++ agerr(AGERR, %s, agxbuse(xb)); + agxbfree(xb); + } + /* must be here to see flex's macro defns */ diff -Nru graphviz-2.38.0/debian/patches/series graphviz-2.38.0/debian/patches/series --- graphviz-2.38.0/debian/patches/series 2014-09-01 17:13:51.0 -0400 +++ graphviz-2.38.0/debian/patches/series 2014-12-09 09:09:43.0 -0500 @@ -11,3 +11,4 @@ reduce-lab-color.patch add-libm-to-dot-link.patch versioned-plugin-config-file.diff +CVE-2014-9157.patch
Bug#770033: partman-efi: Should force umask in mount options
Package: partman-efi Version: 25 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu vivid ubuntu-patch *** /tmp/tmpryAK4b/bug_body In Ubuntu, the attached patch was applied to achieve the following: * fstab.d/efi: force umask in mount options to ensure directory never ends up with incorrect permissions. (LP: #1390183) Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers utopic-updates APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 'utopic-proposed'), (500, 'utopic'), (100, 'utopic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-25-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru partman-efi-25ubuntu6/debian/changelog partman-efi-25ubuntu7/debian/changelog diff -Nru partman-efi-25ubuntu6/fstab.d/efi partman-efi-25ubuntu7/fstab.d/efi --- partman-efi-25ubuntu6/fstab.d/efi 2010-09-03 08:40:28.0 -0400 +++ partman-efi-25ubuntu7/fstab.d/efi 2014-11-18 08:38:31.0 -0500 @@ -23,7 +23,7 @@ [ -f $id/method ] || continue method=$(cat $id/method) [ $method = efi ] || continue - echo $path /boot/efi vfat defaults 0 1 + echo $path /boot/efi vfat umask=0077 0 1 seen_efi=1 done close_dialog
Bug#751860: (no subject)
I've attached a patch to the upstream bug I've filed about this issue: https://bugzilla.gnome.org/show_bug.cgi?id=739895 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#767403: chkrootkit: incorrect PID length smashes stack
Package: chkrootkit Version: 0.50-2 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu vivid ubuntu-patch *** /tmp/tmptrJm3i/bug_body In Ubuntu, the attached patch was applied to achieve the following: * debian/patches/fix-stack-smash.patch: Fix segfault when running chkrootkit. We've been carrying this patch for a long time. Original bug report: https://bugs.launchpad.net/ubuntu/+source/chkrootkit/+bug/623144 Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers utopic-updates APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 'utopic-proposed'), (500, 'utopic'), (100, 'utopic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-24-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru chkrootkit-0.50/debian/changelog chkrootkit-0.50/debian/changelog diff -Nru chkrootkit-0.50/debian/patches/fix-stack-smash.patch chkrootkit-0.50/debian/patches/fix-stack-smash.patch --- chkrootkit-0.50/debian/patches/fix-stack-smash.patch 1969-12-31 19:00:00.0 -0500 +++ chkrootkit-0.50/debian/patches/fix-stack-smash.patch 2014-10-30 16:26:29.0 -0400 @@ -0,0 +1,12 @@ +diff -Naurp chkrootkit-0.49.orig//chkutmp.c chkrootkit-0.49//chkutmp.c +--- chkrootkit-0.49.orig//chkutmp.c 2009-07-30 09:43:17.0 -0400 chkrootkit-0.49//chkutmp.c 2011-03-14 09:31:05.394307962 -0400 +@@ -98,7 +98,7 @@ int fetchps(struct ps_line *psl_p) + while (isspace(*s)) /* skip spaces */ + s++; + d = pid; +- for (x = 0; (!isspace(*s)) (*d++ = *s++) x = UT_LINESIZE; x++) /* grab pid */ ++ for (x = 0; (!isspace(*s)) (*d++ = *s++) x = UT_PIDSIZE; x++) /* grab pid */ + ; + *d = '\0'; + curp-ps_pid = atoi(pid); diff -Nru chkrootkit-0.50/debian/patches/series chkrootkit-0.50/debian/patches/series --- chkrootkit-0.50/debian/patches/series 2014-10-19 06:55:34.0 -0400 +++ chkrootkit-0.50/debian/patches/series 2014-10-30 16:26:29.0 -0400 @@ -15,3 +15,4 @@ chkutmp.diff kfreebsd.patch php.patch +fix-stack-smash.patch
Bug#717058: Cannot set nonstandard baudrates on /dev/ttyACMn devices
Package: pyserial Version: 2.6-1.1 Followup-For: Bug #717058 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu vivid ubuntu-patch *** /tmp/tmpYJUV0X/bug_body In Ubuntu, the attached patch was applied to achieve the following: * Adding patch for accepting any speed (Debian #717058) - http://sourceforge.net/p/pyserial/patches/28/ Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers utopic-updates APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 'utopic-proposed'), (500, 'utopic'), (100, 'utopic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-23-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u pyserial-2.6/debian/changelog pyserial-2.6/debian/changelog diff -u pyserial-2.6/serial/serialposix.py pyserial-2.6/serial/serialposix.py --- pyserial-2.6/serial/serialposix.py +++ pyserial-2.6/serial/serialposix.py @@ -36,26 +36,25 @@ def device(port): return '/dev/ttyS%d' % port -ASYNC_SPD_MASK = 0x1030 -ASYNC_SPD_CUST = 0x0030 +TCGETS2 = 0x802C542A +TCSETS2 = 0x402C542B +BOTHER = 0o01 def set_special_baudrate(port, baudrate): +# right size is 44 on x86_64, allow for some growth import array -buf = array.array('i', [0] * 32) +buf = array.array('i', [0] * 64) # get serial_struct -FCNTL.ioctl(port.fd, TERMIOS.TIOCGSERIAL, buf) - -# set custom divisor -buf[6] = buf[7] / baudrate - -# update flags -buf[4] = ~ASYNC_SPD_MASK -buf[4] |= ASYNC_SPD_CUST +FCNTL.ioctl(port.fd, TCGETS2, buf) +# set custom speed +buf[2] = ~TERMIOS.CBAUD +buf[2] |= BOTHER +buf[9] = buf[10] = baudrate # set serial_struct try: -res = FCNTL.ioctl(port.fd, TERMIOS.TIOCSSERIAL, buf) +res = FCNTL.ioctl(port.fd, TCSETS2, buf) except IOError: raise ValueError('Failed to set custom baud rate: %r' % baudrate)
Bug#766005: xchat only supports SSLv3
Package: xchat Version: 2.8.8-7.1 Followup-For: Bug #766005 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu utopic ubuntu-patch *** /tmp/tmphZ68P2/bug_body In Ubuntu, the attached patch was applied to achieve the following: * Don't force the use of SSLv3 (LP: #1381484) - debian/patches/dont_force_sslv3.patch: use SSLv23_client_method() so the best method gets automatically negotiated in src/common/ssl.c. Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers utopic-updates APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 'utopic'), (100, 'utopic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-23-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru xchat-2.8.8/debian/changelog xchat-2.8.8/debian/changelog diff -Nru xchat-2.8.8/debian/patches/dont_force_sslv3.patch xchat-2.8.8/debian/patches/dont_force_sslv3.patch --- xchat-2.8.8/debian/patches/dont_force_sslv3.patch 1969-12-31 19:00:00.0 -0500 +++ xchat-2.8.8/debian/patches/dont_force_sslv3.patch 2014-10-20 11:39:17.0 -0400 @@ -0,0 +1,32 @@ +Description: Don't force the use of SSLv3 +Author: Marc Deslauriers marc.deslauri...@canonical.com +Bug: http://sourceforge.net/p/xchat/bugs/1598/ +Bug-Ubuntu: https://bugs.launchpad.net/xchat-gnome/+bug/1381484 +Forwarded: yes + +--- + src/common/ssl.c |4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: b/src/common/ssl.c +=== +--- a/src/common/ssl.c b/src/common/ssl.c +@@ -70,7 +70,7 @@ _SSL_context_init (void (*info_cb_func), + + SSLeay_add_ssl_algorithms (); + SSL_load_error_strings (); +- ctx = SSL_CTX_new (server ? SSLv3_server_method() : SSLv3_client_method ()); ++ ctx = SSL_CTX_new (server ? SSLv23_server_method() : SSLv23_client_method ()); + + SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH); + SSL_CTX_set_timeout (ctx, 300); +@@ -281,7 +281,7 @@ _SSL_socket (SSL_CTX *ctx, int sd) + __SSL_critical_error (SSL_new); + + SSL_set_fd (ssl, sd); +- if (ctx-method == SSLv3_client_method()) ++ if (ctx-method == SSLv23_client_method()) + SSL_set_connect_state (ssl); + else + SSL_set_accept_state(ssl); diff -Nru xchat-2.8.8/debian/patches/series xchat-2.8.8/debian/patches/series --- xchat-2.8.8/debian/patches/series 2013-12-26 16:53:42.0 -0500 +++ xchat-2.8.8/debian/patches/series 2014-10-20 10:54:19.0 -0400 @@ -34,3 +34,4 @@ power-user-settings.patch fix-ftbfs-missing-gmodule.patch automake-foreign.patch +dont_force_sslv3.patch
Bug#766065: xchat-gnome: Should not force the use of SSLv3
Package: xchat-gnome Version: 1:0.30.0~git20110821.e2a400-0.2 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu utopic ubuntu-patch *** /tmp/tmpwg2gkZ/bug_body XChat-Gnome forces the use of SSLv3, breaking connections to sites that have started disabling SSLv3. In Ubuntu, the attached patch was applied to achieve the following: * Don't force the use of SSLv3 (LP: #1381484) - debian/patches/dont_force_sslv3.patch: use SSLv23_client_method() so the best method gets automatically negotiated in src/common/ssl.c. Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers utopic-updates APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 'utopic'), (100, 'utopic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-23-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/changelog xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/changelog diff -Nru xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/patches/dont_force_sslv3.patch xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/patches/dont_force_sslv3.patch --- xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/patches/dont_force_sslv3.patch 1969-12-31 19:00:00.0 -0500 +++ xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/patches/dont_force_sslv3.patch 2014-10-20 10:14:37.0 -0400 @@ -0,0 +1,28 @@ +Description: Don't force the use of SSLv3 +Author: Marc Deslauriers marc.deslauri...@canonical.com +Bug: https://bugzilla.gnome.org/show_bug.cgi?id=738870 +Bug-Ubuntu: https://bugs.launchpad.net/xchat-gnome/+bug/1381484 +Forwarded: yes + +Index: xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/src/common/ssl.c +=== +--- xchat-gnome-0.30.0~git20131003.d20b8d+really20110821.orig/src/common/ssl.c 2014-10-17 14:34:35.094385583 -0400 xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/src/common/ssl.c 2014-10-17 14:34:56.390560285 -0400 +@@ -70,7 +70,7 @@ + + SSLeay_add_ssl_algorithms (); + SSL_load_error_strings (); +- ctx = SSL_CTX_new (server ? SSLv3_server_method() : SSLv3_client_method ()); ++ ctx = SSL_CTX_new (server ? SSLv23_server_method() : SSLv23_client_method ()); + + SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH); + SSL_CTX_set_timeout (ctx, 300); +@@ -281,7 +281,7 @@ + __SSL_critical_error (SSL_new); + + SSL_set_fd (ssl, sd); +- if (ctx-method == SSLv3_client_method()) ++ if (ctx-method == SSLv23_client_method()) + SSL_set_connect_state (ssl); + else + SSL_set_accept_state(ssl); diff -Nru xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/patches/series xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/patches/series --- xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/patches/series 2014-08-21 10:55:22.0 -0400 +++ xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/patches/series 2014-10-17 14:25:16.0 -0400 @@ -25,3 +25,4 @@ link.diff define_functions_fix_build.patch perl5.20.patch +dont_force_sslv3.patch
Bug#746663: opensc: SmartCard-HSM card does not list RSA 2048 public keys
Package: opensc Version: 0.13.0-3 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu utopic ubuntu-patch *** /tmp/tmpsB0qMw/bug_body OpenSC 0.13.0 does not list RSA public keys which are of 2048 bits in size on a SmartCard-HSM smart card. Although the keys are listed after on-card key generation, only the private key is listed later. This issue does not appear for keys of 1024 bits in size on the same card. See Ubuntu bug for steps to reproduce. In Ubuntu, the attached patch was applied to achieve the following: * debian/patches/0003-fix-sc-hsm-rsa2048.patch: Add upstream fix to show generated RSA public keys of 2048 bits. Cherry-picking commit: - 99af6cd sc-hsm: Fixed a bug that prevents a newly generated 2048 [...] (LP: #1311921) Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers trusty-updates APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500, 'trusty-proposed'), (500, 'trusty'), (100, 'trusty-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13.0-24-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru opensc-0.13.0/debian/changelog opensc-0.13.0/debian/changelog diff -Nru opensc-0.13.0/debian/patches/0003-fix-sc-hsm-rsa2048.patch opensc-0.13.0/debian/patches/0003-fix-sc-hsm-rsa2048.patch --- opensc-0.13.0/debian/patches/0003-fix-sc-hsm-rsa2048.patch 1969-12-31 19:00:00.0 -0500 +++ opensc-0.13.0/debian/patches/0003-fix-sc-hsm-rsa2048.patch 2014-05-02 08:37:41.0 -0400 @@ -0,0 +1,17 @@ +Description: Fix to show generated RSA2048 pubkeys in PKCS#11 interface. + Fixed a bug that prevents a newly generated 2048 key to show up at the + PKCS#11 interface +Author: Andreas Schwier andreas.schw...@cardcontact.de +Origin: upstream https://github.com/OpenSC/OpenSC/commit/99af6cd8ee78776f50bc016fc230541072c60afb + +--- opensc-0.13.0.orig/src/libopensc/pkcs15-sc-hsm.c opensc-0.13.0/src/libopensc/pkcs15-sc-hsm.c +@@ -268,7 +268,7 @@ static int sc_pkcs15emu_sc_hsm_add_pubke + sc_pkcs15_pubkey_info_t pubkey_info; + sc_pkcs15_object_t pubkey_obj; + struct sc_pkcs15_pubkey pubkey; +- u8 efbin[512]; ++ u8 efbin[1024]; + sc_cvc_t cvc; + u8 *cvcpo; + size_t cvclen; diff -Nru opensc-0.13.0/debian/patches/series opensc-0.13.0/debian/patches/series --- opensc-0.13.0/debian/patches/series 2014-03-12 10:51:09.0 -0400 +++ opensc-0.13.0/debian/patches/series 2014-05-02 08:37:41.0 -0400 @@ -1,2 +1,3 @@ 0001-pkcs15-regression-in-e35febe-compute-cert-length.patch 0002-fix-epass2003-support-from-upstream.patch +0003-fix-sc-hsm-rsa2048.patch
Bug#746694: opensc: Support for Feitian ePass2003
Package: opensc Version: 0.13.0-3 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu utopic ubuntu-patch *** /tmp/tmprA8Vep/bug_body In Ubuntu, the attached patch was applied to achieve the following: * debian/patches/0002-fix-epass2003-support-from-upstream.patch: Add upstream fixes for ePass2003 token. Cherry-picking commits - 4c1cafe epass2003: key generation allows stricter privkey/pubkey ACLs - b1a4775 epass2003: properly disable padding - 83dc469 epass2003: list_files implemented - ee48ea1 Fix to allow exponents other than 65537 for Feitian ePass 2003 (LP: #1176305) Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers trusty-updates APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500, 'trusty-proposed'), (500, 'trusty'), (100, 'trusty-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13.0-24-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru opensc-0.13.0/debian/changelog opensc-0.13.0/debian/changelog diff -Nru opensc-0.13.0/debian/patches/0002-fix-epass2003-support-from-upstream.patch opensc-0.13.0/debian/patches/0002-fix-epass2003-support-from-upstream.patch --- opensc-0.13.0/debian/patches/0002-fix-epass2003-support-from-upstream.patch 1969-12-31 19:00:00.0 -0500 +++ opensc-0.13.0/debian/patches/0002-fix-epass2003-support-from-upstream.patch 2014-05-02 11:45:54.0 -0400 @@ -0,0 +1,120 @@ +## Description: add some description +## Origin/Author: add some origin or author +## Bug: bug URL +Index: opensc-0.13.0/src/libopensc/card-epass2003.c +=== +--- opensc-0.13.0.orig/src/libopensc/card-epass2003.c 2012-12-04 15:43:40.0 +0100 opensc-0.13.0/src/libopensc/card-epass2003.c 2014-03-03 21:38:17.620039138 +0100 +@@ -117,8 +117,8 @@ + + memcpy(iv_tmp, iv, EVP_MAX_IV_LENGTH); + EVP_CIPHER_CTX_init(ctx); +- EVP_CIPHER_CTX_set_padding(ctx, 0); + EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv_tmp); ++ EVP_CIPHER_CTX_set_padding(ctx, 0); + + if (!EVP_EncryptUpdate(ctx, output, outl, input, length)) + goto out; +@@ -146,8 +146,8 @@ + + memcpy(iv_tmp, iv, EVP_MAX_IV_LENGTH); + EVP_CIPHER_CTX_init(ctx); +- EVP_CIPHER_CTX_set_padding(ctx, 0); + EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv_tmp); ++ EVP_CIPHER_CTX_set_padding(ctx, 0); + + if (!EVP_DecryptUpdate(ctx, output, outl, input, length)) + goto out; +@@ -1003,10 +1003,10 @@ + + flags = SC_ALGORITHM_ONBOARD_KEY_GEN | SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_HASH_NONE; + +- _sc_card_add_rsa_alg(card, 512, flags, 0x10001); +- _sc_card_add_rsa_alg(card, 768, flags, 0x10001); +- _sc_card_add_rsa_alg(card, 1024, flags, 0x10001); +- _sc_card_add_rsa_alg(card, 2048, flags, 0x10001); ++ _sc_card_add_rsa_alg(card, 512, flags, 0); ++ _sc_card_add_rsa_alg(card, 768, flags, 0); ++ _sc_card_add_rsa_alg(card, 1024, flags, 0); ++ _sc_card_add_rsa_alg(card, 2048, flags, 0); + + card-caps = SC_CARD_CAP_RNG | SC_CARD_CAP_APDU_EXT; + +@@ -1858,7 +1858,6 @@ + LOG_FUNC_RETURN(card-ctx, r); + } + +-#if 0 + static int + epass2003_list_files(struct sc_card *card, unsigned char *buf, size_t buflen) + { +@@ -1867,9 +1866,9 @@ + int r; + + SC_FUNC_CALLED(card-ctx, SC_LOG_DEBUG_VERBOSE); +- sc_format_apdu(card, apdu, SC_APDU_CASE_2_SHORT, 0x34, 0x00, 0x00); ++ sc_format_apdu(card, apdu, SC_APDU_CASE_1, 0x34, 0x00, 0x00); + apdu.cla = 0x80; +- apdu.le = 0x40; ++ apdu.le = 0; + apdu.resplen = sizeof(rbuf); + apdu.resp = rbuf; + +@@ -1887,7 +1886,6 @@ + + LOG_FUNC_RETURN(card-ctx, buflen); + } +-#endif + + + static int +@@ -2376,7 +2374,7 @@ + epass2003_ops.compute_signature = epass2003_decipher; + epass2003_ops.create_file = epass2003_create_file; + epass2003_ops.delete_file = epass2003_delete_file; +- /* epass2003_ops.list_files = epass2003_list_files; */ ++ epass2003_ops.list_files = epass2003_list_files; + epass2003_ops.card_ctl = epass2003_card_ctl; + epass2003_ops.process_fci = epass2003_process_fci; + epass2003_ops.construct_fci = epass2003_construct_fci; +Index: opensc-0.13.0/src/pkcs15init/pkcs15-epass2003.c +=== +--- opensc-0.13.0.orig/src/pkcs15init/pkcs15-epass2003.c 2012-12-04 15:43:40.0 +0100 opensc-0.13.0/src/pkcs15init/pkcs15-epass2003.c 2014-03-03 21:38:19.084039076 +0100 +@@ -507,6 +507,12 @@ + sc_print_path(file-path)); + sc_debug(card-ctx, SC_LOG_DEBUG_NORMAL, private key_info path: %s, + sc_print_path((key_info-path))); ++ ++ r = sc_pkcs15init_authenticate(profile, p15card, file, ++ SC_AC_OP_DELETE); ++ SC_TEST_RET(card-ctx, SC_LOG_DEBUG_NORMAL, r, ++ generate key: pkcs15init_authenticate(SC_AC_OP_DELETE) failed); ++ + r = sc_delete_file(p15card-card, file-path); + /* create */ + r =
Bug#738024: scid: please provide a desktop file and icons
Package: scid Version: 1:4.3.0.cvs20120311-1 Followup-For: Bug #738024 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu trusty ubuntu-patch *** /tmp/tmpzrF_88/bug_body In Ubuntu, the attached patch was applied to achieve the following: * Added .desktop file (LP: #1277520) Thanks for considering the patch. -- System Information: Debian Release: jessie/sid APT prefers trusty-updates APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500, 'trusty'), (100, 'trusty-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13.0-22-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru scid-4.3.0.cvs20120311/debian/changelog scid-4.3.0.cvs20120311/debian/changelog diff -Nru scid-4.3.0.cvs20120311/debian/scid.desktop scid-4.3.0.cvs20120311/debian/scid.desktop --- scid-4.3.0.cvs20120311/debian/scid.desktop 1969-12-31 19:00:00.0 -0500 +++ scid-4.3.0.cvs20120311/debian/scid.desktop 2014-04-04 08:15:59.0 -0400 @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Type=Application +Hidden=false +Terminal=false +Icon=/usr/share/pixmaps/scid.xpm +Name=Scid +Exec=scid %f +Keywords=Chess;PGN;convert +Categories=Game;BoardGame; +MimeType=application/pgn;application/x-chess-pgn;application/x-pgn +Comment=Free chess database application diff -Nru scid-4.3.0.cvs20120311/debian/scid.install scid-4.3.0.cvs20120311/debian/scid.install --- scid-4.3.0.cvs20120311/debian/scid.install 2012-03-11 19:03:27.0 -0400 +++ scid-4.3.0.cvs20120311/debian/scid.install 2014-04-04 08:04:38.0 -0400 @@ -5,3 +5,4 @@ scid/usr/share/scid/html/* usr/share/scid/html debian/PLACEHOLDER usr/share/scid/books debian/PLACEHOLDER usr/share/scid/bases +debian/scid.desktop usr/share/applications
Bug#740255: python2.7: backported ssl.match_hostname() should support RFC 6125
Package: python2.7 Version: 2.7.6-5 Severity: normal Python 2.7 in Debian/Ubuntu has a patch that backports ssl.match_hostname(). Upstream has modified that function in recent python versions to match RFC 6125 as a security improvement. This should be added to the patch in the python2.7 package. References: http://hg.python.org/cpython/rev/10d0edadbcdd http://bugs.python.org/issue17997 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#732705: gnupg: Patch for CVE-2013-4576 not being applied in 1.4.15-2
Package: gnupg Severity: normal Tags: security gnupg 1.4.15-2 claims to fix CVE-2013-4576, but the patch isn't actually being applied during build. It is in the wrong directory, and isn't listed in the series file. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#732710: openssl: rdrand should be disabled by default
Package: openssl Version: 1.0.1e-4 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu trusty ubuntu-patch *** /tmp/tmpVmJEAg/bug_body OpenSSL uses rdrand exclusively if it is available. http://seclists.org/fulldisclosure/2013/Dec/99 http://wiki.openssl.org/index.php/Library_Initialization#ENGINEs_and_RDRAND Upstream has changed this behaviour. In Ubuntu, the attached patch was applied to achieve the following: * debian/patches/no_default_rdrand.patch: Don't use rdrand engine as default unless explicitly requested. Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers saucy-updates APT policy: (500, 'saucy-updates'), (500, 'saucy-security'), (500, 'saucy-proposed'), (500, 'saucy'), (100, 'saucy-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.11.0-15-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru openssl-1.0.1e/debian/changelog openssl-1.0.1e/debian/changelog diff -Nru openssl-1.0.1e/debian/patches/no_default_rdrand.patch openssl-1.0.1e/debian/patches/no_default_rdrand.patch --- openssl-1.0.1e/debian/patches/no_default_rdrand.patch 1969-12-31 19:00:00.0 -0500 +++ openssl-1.0.1e/debian/patches/no_default_rdrand.patch 2013-12-19 15:39:17.0 -0500 @@ -0,0 +1,25 @@ +From 8f68678989a198ead3ab59a698302ecb0f1c8fb1 Mon Sep 17 00:00:00 2001 +From: Dr. Stephen Henson st...@openssl.org +Date: Wed, 11 Dec 2013 14:45:12 + +Subject: [PATCH] Don't use rdrand engine as default unless explicitly + requested. + +--- + crypto/engine/eng_rdrand.c |1 + + 1 file changed, 1 insertion(+) + +diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c +index a9ba5ae..4e9e91d 100644 +--- a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c +@@ -104,6 +104,7 @@ static int bind_helper(ENGINE *e) + { + if (!ENGINE_set_id(e, engine_e_rdrand_id) || + !ENGINE_set_name(e, engine_e_rdrand_name) || ++!ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) || + !ENGINE_set_init_function(e, rdrand_init) || + !ENGINE_set_RAND(e, rdrand_meth) ) + return 0; +-- +1.7.9.5 + diff -Nru openssl-1.0.1e/debian/patches/series openssl-1.0.1e/debian/patches/series --- openssl-1.0.1e/debian/patches/series 2013-12-04 12:34:19.0 -0500 +++ openssl-1.0.1e/debian/patches/series 2013-12-19 15:39:17.0 -0500 @@ -43,3 +43,4 @@ arm64-support openssl-1.0.1e-env-zlib.patch -p1 ppc64-support +no_default_rdrand.patch
Bug#732714: ca-certificates: New version of certdata.txt distrusts AC DG Tresor SSL CA
Package: ca-certificates Severity: normal Tags: security Mozilla has released nss 3.15.3.1 that specifically distrusts the AC DG Tresor SSL CA. ca-certificates needs to be updated to the new certdata.txt. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#731480: hplip: CVE-2013-6427: insecure (undocumented) auto update feature
Package: hplip Version: 3.13.11-1 Followup-For: Bug #731480 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu trusty ubuntu-patch -- Package-specific info: *** /tmp/tmp2P2w3P/bug_body In Ubuntu, the attached patch was applied to achieve the following: * debian/non-shipped-files.txt, debian/hplip.install: don't ship hp-upgrade and upgrade.py, as we want to use proper packaging, and want to prevent security issues. - CVE-2013-6427 Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers saucy-updates APT policy: (500, 'saucy-updates'), (500, 'saucy-security'), (500, 'saucy-proposed'), (500, 'saucy'), (100, 'saucy-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.11.0-15-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru hplip-3.13.11/debian/changelog hplip-3.13.11/debian/changelog diff -Nru hplip-3.13.11/debian/hplip.install hplip-3.13.11/debian/hplip.install --- hplip-3.13.11/debian/hplip.install 2013-12-09 13:56:43.0 -0500 +++ hplip-3.13.11/debian/hplip.install 2013-12-12 14:52:12.0 -0500 @@ -22,7 +22,6 @@ usr/bin/hp-testpage usr/bin/hp-timedate usr/bin/hp-unload -usr/bin/hp-upgrade usr/sbin/hpssd usr/lib/cups/backend usr/lib/cups/filter/pstotiff diff -Nru hplip-3.13.11/debian/non-shipped-files.txt hplip-3.13.11/debian/non-shipped-files.txt --- hplip-3.13.11/debian/non-shipped-files.txt 2013-09-12 07:03:24.0 -0400 +++ hplip-3.13.11/debian/non-shipped-files.txt 2013-12-12 14:42:27.0 -0500 @@ -1,6 +1,7 @@ etc/sane.d/dll.conf usr/share/hplip/check usr/share/hplip/install.py +usr/share/hplip/upgrade.py usr/share/doc/hplip/README_LIBJPG usr/share/doc/hplip/hpijs_readme.html usr/share/doc/hplip/gs_hpijs.png @@ -16,4 +17,5 @@ usr/lib/libhpip.la usr/lib/systemd/system/hplip-printer@.service usr/bin/hp-uninstall +usr/bin/hp-upgrade usr/share/ppd/hplip/HP/hp-color_inkjet_cp1700-hpijs.ppd.gz
Bug#683403: ca-certificates: Missing Verisign md2 certs due to broken extract script
Package: ca-certificates Version: 20130906 Followup-For: Bug #683403 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu trusty ubuntu-patch *** /tmp/tmpG_KsCC/bug_body Openssl doesn't appear to correctly handle not having both versions of the same signed roots. I have decided that we need to ship both versions to fix a long standing bug where some websites simply weren't accessible. In Ubuntu, the attached patch was applied to achieve the following: * mozilla/certdata2pem.py: Work around openssl issue by shipping both versions of the same signed roots. Previously, the script would simply overwrite the first one found in the certdata.txt with the later one since they both have the same CKA_LABEL, resulting in identical filenames. (LP: #1014640) Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers saucy-updates APT policy: (500, 'saucy-updates'), (500, 'saucy-security'), (500, 'saucy-proposed'), (500, 'saucy'), (100, 'saucy-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.11.0-15-generic (SMP w/2 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru ca-certificates-20130906/debian/changelog ca-certificates-20130906ubuntu1/debian/changelog diff -Nru ca-certificates-20130906/mozilla/certdata2pem.py ca-certificates-20130906ubuntu1/mozilla/certdata2pem.py --- ca-certificates-20130906/mozilla/certdata2pem.py 2013-09-07 03:40:28.0 -0400 +++ ca-certificates-20130906ubuntu1/mozilla/certdata2pem.py 2013-12-05 07:38:27.0 -0500 @@ -116,12 +116,16 @@ if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: continue -fname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ +bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ .replace(' ', '_')\ .replace('(', '=')\ .replace(')', '=')\ - .replace(',', '_') + '.crt' -fname = fname.decode('string_escape') + .replace(',', '_') +bname = bname.decode('string_escape') +fname = bname + '.crt' +if os.path.exists(fname): +print Found duplicate certificate name %s, renaming. % bname +fname = bname + '_2.crt' f = open(fname, 'w') f.write(-BEGIN CERTIFICATE-\n) f.write(\n.join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
Bug#731262: gem2deb: DH_RUBY_IGNORE_TESTS no longer handled correctly
Package: gem2deb Version: 0.6.0 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu trusty ubuntu-patch *** /tmp/tmpeovyma/bug_body In Ubuntu, the attached patch was applied to achieve the following: * lib/gem2deb/dh_ruby.rb: properly handle test failures so they can be skipped with DH_RUBY_IGNORE_TESTS. Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers saucy-updates APT policy: (500, 'saucy-updates'), (500, 'saucy-security'), (500, 'saucy-proposed'), (500, 'saucy'), (100, 'saucy-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.11.0-15-generic (SMP w/2 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru gem2deb-0.6.0/debian/changelog gem2deb-0.6.0ubuntu1/debian/changelog diff -Nru gem2deb-0.6.0/lib/gem2deb/dh_ruby.rb gem2deb-0.6.0ubuntu1/lib/gem2deb/dh_ruby.rb --- gem2deb-0.6.0/lib/gem2deb/dh_ruby.rb 2013-11-20 13:54:33.0 -0500 +++ gem2deb-0.6.0ubuntu1/lib/gem2deb/dh_ruby.rb 2013-12-03 13:07:57.0 -0500 @@ -135,9 +135,9 @@ return end - run(SUPPORTED_RUBY_VERSIONS[rubyver], '-I' + LIBDIR, TEST_RUNNER) - - if $?.exitstatus != 0 + begin +run(SUPPORTED_RUBY_VERSIONS[rubyver], '-I' + LIBDIR, TEST_RUNNER) + rescue Gem2Deb::CommandFailed handle_test_failure(rubyver) end end
Bug#726601: libcommons-fileupload-java: CVE-2013-218
Package: libcommons-fileupload-java Version: 1.3-2 Followup-For: Bug #726601 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu trusty ubuntu-patch *** /tmp/tmpA8shKI/bug_body In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: arbitrary file overwrite via poison null byte - debian/patches/CVE-2013-2186.patch: properly validate repository in src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java. - CVE-2013-2186 Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers saucy-updates APT policy: (500, 'saucy-updates'), (500, 'saucy-security'), (500, 'saucy-proposed'), (500, 'saucy'), (100, 'saucy-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.11.0-13-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru libcommons-fileupload-java-1.3/debian/changelog libcommons-fileupload-java-1.3/debian/changelog diff -Nru libcommons-fileupload-java-1.3/debian/patches/CVE-2013-2186.patch libcommons-fileupload-java-1.3/debian/patches/CVE-2013-2186.patch --- libcommons-fileupload-java-1.3/debian/patches/CVE-2013-2186.patch 1969-12-31 19:00:00.0 -0500 +++ libcommons-fileupload-java-1.3/debian/patches/CVE-2013-2186.patch 2013-11-07 09:35:41.0 -0500 @@ -0,0 +1,37 @@ +Description: fix arbitrary file overwrite via poison null byte +Origin: upstream, http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java?r1=1460343r2=1507048 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726601 +Bug-Novell: https://bugzilla.novell.com/show_bug.cgi?id=846174 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=974814 + +Index: libcommons-fileupload-java-1.3/src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java +=== +--- libcommons-fileupload-java-1.3.orig/src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java 2013-03-24 08:36:44.0 -0400 libcommons-fileupload-java-1.3/src/main/java/org/apache/commons/fileupload/disk/DiskFileItem.java 2013-11-07 09:32:20.042865874 -0500 +@@ -656,6 +656,26 @@ + // read values + in.defaultReadObject(); + ++/* One expected use of serialization is to migrate HTTP sessions ++ * containing a DiskFileItem between JVMs. Particularly if the JVMs are ++ * on different machines It is possible that the repository location is ++ * not valid so validate it. ++ */ ++if (repository != null) { ++if (repository.isDirectory()) { ++// Check path for nulls ++if (repository.getPath().contains(\0)) { ++throw new IOException(format( ++The repository [%s] contains a null character, ++repository.getPath())); ++} ++} else { ++throw new IOException(format( ++The repository [%s] is not a directory, ++repository.getAbsolutePath())); ++} ++} ++ + OutputStream output = getOutputStream(); + if (cachedContent != null) { + output.write(cachedContent); diff -Nru libcommons-fileupload-java-1.3/debian/patches/series libcommons-fileupload-java-1.3/debian/patches/series --- libcommons-fileupload-java-1.3/debian/patches/series 2013-04-27 23:28:22.0 -0400 +++ libcommons-fileupload-java-1.3/debian/patches/series 2013-11-07 09:32:01.0 -0500 @@ -1 +1,2 @@ 001_update-tests-for-servlet3-api.patch +CVE-2013-2186.patch
Bug#729006: closed by Emmanuel Bourg ebo...@apache.org (Bug#729006: fixed in maven-javadoc-plugin 2.9.1-2)
Thank you Emmanuel! -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#729006: FTBFS: missing libmockito-java dependency
Package: maven-javadoc-plugin Version: 2.9.1-1 Severity: serious Tags: patch Justification: fails to build from source (but built successfully in the past) User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu trusty ubuntu-patch *** /tmp/tmpvJaNhd/bug_body In Ubuntu, the attached patch was applied to achieve the following: * debian/control: added libmockito-java to Build-Depends-Indep to fix FTBFS. Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers saucy-updates APT policy: (500, 'saucy-updates'), (500, 'saucy-security'), (500, 'saucy-proposed'), (500, 'saucy'), (100, 'saucy-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.11.0-13-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru maven-javadoc-plugin-2.9.1/debian/changelog maven-javadoc-plugin-2.9.1/debian/changelog diff -Nru maven-javadoc-plugin-2.9.1/debian/control maven-javadoc-plugin-2.9.1/debian/control --- maven-javadoc-plugin-2.9.1/debian/control 2013-11-05 11:18:41.0 -0500 +++ maven-javadoc-plugin-2.9.1/debian/control 2013-11-07 15:27:20.0 -0500 @@ -19,7 +19,8 @@ libmaven2-core-java, libmodello-maven-plugin-java (= 1.1), libqdox-java, - libwagon-java + libwagon-java, + libmockito-java Standards-Version: 3.9.5 Vcs-Svn: svn://anonscm.debian.org/pkg-java/trunk/maven-javadoc-plugin Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-java/trunk/maven-javadoc-plugin/
Bug#729006: FTBFS: missing libmockito-java dependency
On 13-11-07 04:05 PM, Emmanuel Bourg wrote: The tests are ignored in maven-javadoc-plugin (maven.test.skip is set to true in debian/maven.properties), so adding this dependency will make no difference. Do you have a log of the build failure? Here is the build log we were getting: https://launchpadlibrarian.net/155916090/buildlog_ubuntu-trusty-i386.maven-javadoc-plugin_2.9.1-1_FAILEDTOBUILD.txt.gz Missing: -- 1) org.mockito:mockito-core:jar:debian -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#722335: sudo init script should set date to epoch, not 1985-01-01
Package: sudo Version: 1.8.6p3-0ubuntu3 Severity: normal Tags: security Sudo treats filestamps set to epoch as invalid, so the init script should set the contents of /var/lib/sudo to epoch, and not 19850101. ie: find /var/lib/sudo -exec touch -d @0 '{}' \; instead of: find /var/lib/sudo -exec touch -t 19850101 '{}' \; See downstream bug report: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1223297 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#721976: ca-certificates contains both server and email certificates
Package: ca-certificates Version: 20130610 Severity: normal The ca-certificates package ships certificates which are trusted for either CKA_TRUST_SERVER_AUTH or CKA_TRUST_EMAIL_PROTECTION. Some of those CA certs are only valid for one or the other, and bundling them together is problematic. For example, the Verisign_Class_1_Public_Primary_Certification_Authority.pem cert is only valid for email, but can be currently used to validate web server certs. I'm not quite sure how we can resolve this, besides separating certs to be used for server validation from the certs to be used for email validation. See downstream bug report for more information: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1207004 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#721772: puppet: autopkgtest runs tests in wrong order
Package: puppet Version: 3.2.4-3 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu saucy ubuntu-patch *** /tmp/tmpDyephT/bug_body In Ubuntu, the attached patch was applied to achieve the following: * debian/tests/control: invert order of tests, or else puppet-agent runs after puppetmaster-passenger has already enabled the service. Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers saucy-updates APT policy: (500, 'saucy-updates'), (500, 'saucy-security'), (500, 'saucy'), (100, 'saucy-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.11.0-4-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru puppet-3.2.4/debian/changelog puppet-3.2.4/debian/changelog diff -Nru puppet-3.2.4/debian/tests/control puppet-3.2.4/debian/tests/control --- puppet-3.2.4/debian/tests/control 2013-09-01 07:42:15.0 -0400 +++ puppet-3.2.4/debian/tests/control 2013-09-03 18:51:11.0 -0400 @@ -1,7 +1,7 @@ -Tests: puppetmaster-passenger -Depends: puppetmaster-passenger -Restrictions: needs-root - Tests: puppet-agent Depends: puppet Restrictions: needs-root + +Tests: puppetmaster-passenger +Depends: puppetmaster-passenger +Restrictions: needs-root
Bug#703251: gcstar 1.7.0
FYI, I've just uploaded a gcstar 1.7.0 package to Ubuntu. It contains 1.7.0, plus a couple of plugin fixes for the sites I use. Perhaps you could base your Debian package on it. Thanks, Marc. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#717910: apache2: incorrect lbmethod_* module dependency
Package: apache2 Version: 2.4.6-2 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu saucy ubuntu-patch *** /tmp/tmpJJNbzc/bug_body In Ubuntu, the attached patch was applied to achieve the following: * Fixed module dependencies (LP: #1205314) - debian/config-dir/mods-available/lbmethod_*: properly specify proxy_balancer, not mod_proxy_balancer. Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers raring-updates APT policy: (500, 'raring-updates'), (500, 'raring-security'), (500, 'raring'), (100, 'raring-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.8.0-26-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru apache2-2.4.6/debian/changelog apache2-2.4.6/debian/changelog diff -Nru apache2-2.4.6/debian/config-dir/mods-available/lbmethod_bybusyness.load apache2-2.4.6/debian/config-dir/mods-available/lbmethod_bybusyness.load --- apache2-2.4.6/debian/config-dir/mods-available/lbmethod_bybusyness.load 2013-07-21 12:47:15.0 -0400 +++ apache2-2.4.6/debian/config-dir/mods-available/lbmethod_bybusyness.load 2013-07-26 08:34:50.0 -0400 @@ -1,2 +1,2 @@ -# Depends: mod_proxy_balancer +# Depends: proxy_balancer LoadModule lbmethod_bybusyness_module /usr/lib/apache2/modules/mod_lbmethod_bybusyness.so diff -Nru apache2-2.4.6/debian/config-dir/mods-available/lbmethod_byrequests.load apache2-2.4.6/debian/config-dir/mods-available/lbmethod_byrequests.load --- apache2-2.4.6/debian/config-dir/mods-available/lbmethod_byrequests.load 2013-07-21 12:47:15.0 -0400 +++ apache2-2.4.6/debian/config-dir/mods-available/lbmethod_byrequests.load 2013-07-26 08:34:50.0 -0400 @@ -1,2 +1,2 @@ -# Depends: mod_proxy_balancer +# Depends: proxy_balancer LoadModule lbmethod_byrequests_module /usr/lib/apache2/modules/mod_lbmethod_byrequests.so diff -Nru apache2-2.4.6/debian/config-dir/mods-available/lbmethod_bytraffic.load apache2-2.4.6/debian/config-dir/mods-available/lbmethod_bytraffic.load --- apache2-2.4.6/debian/config-dir/mods-available/lbmethod_bytraffic.load 2013-07-21 12:47:15.0 -0400 +++ apache2-2.4.6/debian/config-dir/mods-available/lbmethod_bytraffic.load 2013-07-26 08:34:50.0 -0400 @@ -1,2 +1,2 @@ -# Depends: mod_proxy_balancer +# Depends: proxy_balancer LoadModule lbmethod_bytraffic_module /usr/lib/apache2/modules/mod_lbmethod_bytraffic.so diff -Nru apache2-2.4.6/debian/config-dir/mods-available/lbmethod_heartbeat.load apache2-2.4.6/debian/config-dir/mods-available/lbmethod_heartbeat.load --- apache2-2.4.6/debian/config-dir/mods-available/lbmethod_heartbeat.load 2013-07-21 12:47:15.0 -0400 +++ apache2-2.4.6/debian/config-dir/mods-available/lbmethod_heartbeat.load 2013-07-26 08:34:50.0 -0400 @@ -1,2 +1,2 @@ -# Depends: mod_proxy_balancer +# Depends: proxy_balancer LoadModule lbmethod_heartbeat_module /usr/lib/apache2/modules/mod_lbmethod_heartbeat.so
Bug#717272: apache2: Fix for CVE-2013-1896
Package: apache2 Version: 2.4.4-6 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu saucy ubuntu-patch *** /tmp/tmp5THIhe/bug_body In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: denial of service via MERGE request - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI in modules/dav/main/mod_dav.c. - CVE-2013-1896 Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers raring-updates APT policy: (500, 'raring-updates'), (500, 'raring-security'), (500, 'raring'), (100, 'raring-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.8.0-26-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru apache2-2.4.4/debian/patches/CVE-2013-1896.patch apache2-2.4.4/debian/patches/CVE-2013-1896.patch --- apache2-2.4.4/debian/patches/CVE-2013-1896.patch 1969-12-31 19:00:00.0 -0500 +++ apache2-2.4.4/debian/patches/CVE-2013-1896.patch 2013-07-18 11:21:47.0 -0400 @@ -0,0 +1,32 @@ +Description: fix denial of service via MERGE request +Origin: upstream, http://svn.apache.org/viewvc?view=revisionrevision=1486461 + +Index: apache2-2.4.4/modules/dav/main/mod_dav.c +=== +--- apache2-2.4.4.orig/modules/dav/main/mod_dav.c 2011-12-04 19:08:01.0 -0500 apache2-2.4.4/modules/dav/main/mod_dav.c 2013-07-18 11:20:33.353180556 -0400 +@@ -707,6 +707,12 @@ + + conf = ap_get_module_config(r-per_dir_config, dav_module); + /* assert: conf-provider != NULL */ ++if (conf-provider == NULL) { ++return dav_new_error(r-pool, HTTP_METHOD_NOT_ALLOWED, 0, 0, ++ apr_psprintf(r-pool, ++ DAV not enabled for %s, ++ ap_escape_html(r-pool, r-uri))); ++} + + /* resolve the resource */ + err = (*conf-provider-repos-get_resource)(r, conf-dir, +@@ -2683,11 +2689,6 @@ + Destination URI had an error.); + } + +-if (dav_get_provider(lookup.rnew) == NULL) { +-return dav_error_response(r, HTTP_METHOD_NOT_ALLOWED, +- DAV not enabled for Destination URI.); +-} +- + /* Resolve destination resource */ + err = dav_get_resource(lookup.rnew, 0 /* label_allowed */, +0 /* use_checked_in */, resnew); diff -Nru apache2-2.4.4/debian/patches/series apache2-2.4.4/debian/patches/series --- apache2-2.4.4/debian/patches/series 2013-07-02 09:33:25.0 -0400 +++ apache2-2.4.4/debian/patches/series 2013-07-18 11:20:09.0 -0400 @@ -20,3 +20,4 @@ itk-rerun-configure.patch upstream-fixes allow-strtoul.patch +CVE-2013-1896.patch
Bug#714363: libgd2: Wrong quoting in version strings
Package: libgd2 Version: 2.1.0-1 Severity: important Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu saucy ubuntu-patch *** /tmp/tmp_IJ9Y5/bug_body In Ubuntu, the attached patch was applied to achieve the following: * debian/patches/fix-compiled-in-version.patch: updated to properly quote GD_EXTRA_VERSION and GD_VERSION_STRING. Lack of quoting there is causing other packages, such as php5, to fail to compile. Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers raring-updates APT policy: (500, 'raring-updates'), (500, 'raring-security'), (500, 'raring'), (100, 'raring-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.8.0-25-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru libgd2-2.1.0/debian/changelog libgd2-2.1.0/debian/changelog diff -Nru libgd2-2.1.0/debian/patches/fix-compiled-in-version.patch libgd2-2.1.0/debian/patches/fix-compiled-in-version.patch --- libgd2-2.1.0/debian/patches/fix-compiled-in-version.patch 2013-06-27 04:02:13.0 -0400 +++ libgd2-2.1.0/debian/patches/fix-compiled-in-version.patch 2013-06-28 08:54:20.0 -0400 @@ -1176,8 +1176,8 @@ +#define GD_MAJOR_VERSION @GDLIB_MAJOR@ +#define GD_MINOR_VERSION @GDLIB_MINOR@ +#define GD_RELEASE_VERSION @GDLIB_REVISION@ -+#define GD_EXTRA_VERSION @GDLIB_EXTRA@ -+#define GD_VERSION_STRING @GDLIB_VERSION@ ++#define GD_EXTRA_VERSION @GDLIB_EXTRA@ ++#define GD_VERSION_STRING @GDLIB_VERSION@ + +/* Do the DLL dance: dllexport when building the DLL, + dllimport when importing from it, nothing when
Bug#710344: (no subject)
Here's what I did...not sure if it's the best way to fix it though: --- libxcb-1.8.1.orig/tests/Makefile.am +++ libxcb-1.8.1/tests/Makefile.am @@ -12,9 +12,6 @@ check_PROGRAMS = check_all check_all_SOURCES = check_all.c check_suites.h check_public.c -all-local:: - $(RM) CheckLog*.xml - check-local: check-TESTS $(RM) CheckLog.html if test x$(HTML_CHECK_RESULT) = xtrue; then \ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#701929: quilt push leaves behind files in /tmp
Package: quilt Version: 0.60-7 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu raring ubuntu-patch *** /tmp/tmprMnRKR/bug_body The push_timeskew patch leaves behind temp files in /tmp when quilt push is used. In Ubuntu, the attached patch was applied to achieve the following: * d/p/push_timeskew: updated to properly remove temp files. Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers raring-updates APT policy: (500, 'raring-updates'), (500, 'raring-security'), (500, 'raring'), (100, 'raring-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.8.0-8-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru quilt-0.60/debian/changelog quilt-0.60/debian/changelog diff -Nru quilt-0.60/debian/patches/push_timeskew quilt-0.60/debian/patches/push_timeskew --- quilt-0.60/debian/patches/push_timeskew 2013-01-05 06:34:43.0 -0500 +++ quilt-0.60/debian/patches/push_timeskew 2013-02-28 15:22:44.0 -0500 @@ -6,11 +6,12 @@ context information. Bug-Debian: http://bugs.debian.org/466360 Upstream-status: to be submitted +Last-Update: 2013-02-28 -Index: quilt.git/quilt/push.in +Index: quilt-0.60/quilt/push.in === quilt.git.orig/quilt/push.in 2012-12-31 10:09:56.144582064 +0100 -+++ quilt.git/quilt/push.in 2012-12-31 11:25:52.967442800 +0100 +--- quilt-0.60.orig/quilt/push.in 2013-02-28 15:19:19.583338843 -0500 quilt-0.60/quilt/push.in 2013-02-28 15:20:14.587340251 -0500 @@ -30,7 +30,8 @@ specified number of patches. When a patch name is specified, apply all patches up to and including the specified patch. Patch names may @@ -21,7 +22,7 @@ -a Apply all patches in the series file. -@@ -208,18 +209,27 @@ +@@ -208,18 +209,29 @@ touch $QUILT_PC/$patch~refresh fi @@ -43,6 +44,8 @@ + if [ -s $NONEMPTY_FILES ]; then + xargs -0 touch -c -r $QUILT_PC/$patch/.timestamp $NONEMPTY_FILES + fi ++ ++ rm -f $NONEMPTY_FILES if ! [ -e $patch_file ] then @@ -53,10 +56,10 @@ then printf $Patch %s appears to be empty; applied\n \ $(print_patch $patch) -Index: quilt.git/quilt/scripts/backup-files.in +Index: quilt-0.60/quilt/scripts/backup-files.in === quilt.git.orig/quilt/scripts/backup-files.in 2012-12-25 14:18:07.45425 +0100 -+++ quilt.git/quilt/scripts/backup-files.in 2012-12-31 11:12:25.158163110 +0100 +--- quilt-0.60.orig/quilt/scripts/backup-files.in 2013-02-28 15:19:19.583338843 -0500 quilt-0.60/quilt/scripts/backup-files.in 2013-02-28 15:19:19.575338842 -0500 @@ -181,8 +181,9 @@ done $NONEMPTY_FILES fi @@ -68,10 +71,10 @@ fi fi -Index: quilt.git/test/push_timeskew.test +Index: quilt-0.60/test/push_timeskew.test === --- /dev/null 1970-01-01 00:00:00.0 + -+++ quilt.git/test/push_timeskew.test 2012-12-31 12:01:47.978999172 +0100 quilt-0.60/test/push_timeskew.test 2013-02-28 15:19:19.575338842 -0500 @@ -0,0 +1,86 @@ +This test enforces that files touched by a patch have the exact same +mtime when pushing and poping the patch.
Bug#700098: cfingerd: CVE-2013-1049 remote buffer overflow
Package: cfingerd Version: 1.4.3-3 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu raring ubuntu-patch *** /tmp/tmpntc4Ea/bug_body In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: fix buffer overflow in rfc1413 (ident) client (LP: #1104425). - CVE-2013-1049 This vulnerability to have been introduced by the following: * Applied IPv6 patch from Mats Erik Andersson mats.anders...@gisladisker.se (closes: Bug#570024) See dowstream bug report for more information: https://bugs.launchpad.net/ubuntu/+source/cfingerd/+bug/1104425 Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers quantal-updates APT policy: (500, 'quantal-updates'), (500, 'quantal-security'), (500, 'quantal-proposed'), (500, 'quantal'), (100, 'quantal-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.5.0-23-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u cfingerd-1.4.3/debian/changelog cfingerd-1.4.3/debian/changelog diff -u cfingerd-1.4.3/src/rfc1413.c cfingerd-1.4.3/src/rfc1413.c --- cfingerd-1.4.3/src/rfc1413.c +++ cfingerd-1.4.3/src/rfc1413.c @@ -25,7 +25,9 @@ * the implementation. Completely rewritten by yours truly to be self- * contained in a single program. Simple, easy to use. */ -#define BUFLEN (2 * INET6_ADDRSTRLEN) +#define UNAMELEN 64 +#define BUFLEN UNAMELEN + INET6_ADDRSTRLEN + 2 +#define INPUTLEN 256 char *get_rfc1413_data(struct sockaddr_storage * local_addr, struct sockaddr_storage * peer_addr ) { @@ -34,7 +36,7 @@ struct sockaddr_storage sin; struct sockaddr_in *sa4 = (struct sockaddr_in *) sin; struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *) sin; -char buffer[1024], buf[BUFLEN], uname[64], *bleah; +char buffer[1024], buf[INPUTLEN], uname[UNAMELEN], *bleah; char *cp, *xp; struct servent *serv;
Bug#700098: (no subject)
severity 700098 grave -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#698963: libssh: CVE-2013-0176 NULL dereference denial of service
Package: libssh Version: 0.5.3-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu raring ubuntu-patch *** /tmp/tmpWGDf6_/bug_body In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: denial of service via NULL dereference - debian/patches/CVE-2013-0176.patch: properly handle client that doesn't send a matching key in src/server.c. - CVE-2013-0176 Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers quantal-updates APT policy: (500, 'quantal-updates'), (500, 'quantal-security'), (500, 'quantal'), (100, 'quantal-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.5.0-22-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru libssh-0.5.3/debian/changelog libssh-0.5.3/debian/changelog diff -Nru libssh-0.5.3/debian/patches/CVE-2013-0176.patch libssh-0.5.3/debian/patches/CVE-2013-0176.patch --- libssh-0.5.3/debian/patches/CVE-2013-0176.patch 1969-12-31 19:00:00.0 -0500 +++ libssh-0.5.3/debian/patches/CVE-2013-0176.patch 2013-01-25 13:37:30.0 -0500 @@ -0,0 +1,47 @@ +From 55b09f426417406bb25c0b9c474fbab1398b0dc8 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider a...@cryptomilk.org +Date: Wed, 09 Jan 2013 12:20:02 + +Subject: CVE-2013-0176: Fix a remote DoS if the client doesn't send a matching kex. + +Thanks to Yong Chuan Koh, X-Force Research ko...@sg.ibm.com +--- +diff --git a/src/server.c b/src/server.c +index 131a2bc..b4fb189 100644 +--- a/src/server.c b/src/server.c +@@ -184,7 +184,11 @@ static int dh_handshake_server(ssh_session session) { + prv = session-rsa_key; + break; + default: +- prv = NULL; ++ ssh_set_error(session, ++SSH_FATAL, ++Could determine the specified hostkey); ++ ssh_string_free(f); ++ return -1; + } + + pub = publickey_from_privatekey(prv); +@@ -270,6 +274,8 @@ static int dh_handshake_server(ssh_session session) { + */ + static void ssh_server_connection_callback(ssh_session session){ + int ssh1,ssh2; ++int rc; ++ + enter_function(); + switch(session-session_state){ + case SSH_SESSION_STATE_NONE: +@@ -338,7 +344,10 @@ static void ssh_server_connection_callback(ssh_session session){ + case SSH_SESSION_STATE_KEXINIT_RECEIVED: + set_status(session,0.6f); + ssh_list_kex(session, session-client_kex); // log client kex +-crypt_set_algorithms_server(session); ++rc = crypt_set_algorithms_server(session); ++if (rc == SSH_ERROR) { ++goto error; ++} + if (set_kex(session) 0) { + goto error; + } +-- +cgit v0.9.0.2 diff -Nru libssh-0.5.3/debian/patches/series libssh-0.5.3/debian/patches/series --- libssh-0.5.3/debian/patches/series 2012-11-21 07:53:20.0 -0500 +++ libssh-0.5.3/debian/patches/series 2013-01-25 13:37:30.0 -0500 @@ -1,2 +1,3 @@ 0001-disable-latex-documentation.patch 0002-fix-html-doc-generation.patch +CVE-2013-0176.patch
Bug#692791: #692791 - CVE-2012-5519 - cups lpadmin-to-root privilege escalation - Proposed solutions
On 12-11-29 05:30 AM, Didier 'OdyX' Raboud wrote: snip B) Disable any remote configuration by lpadmin users This has been attempted by Marc on [1]. For now, it is incomplete as it still allows lpadmin users to HTTP PUT updates to the configuration files. Pros: + Addresses the problem in a way less intrusive way (smaller patch) Cons: - Big loss of functionality through forbidding any lpadmin cups server configuration snip So, for squeeze/stable and wheezy/next-stable, I'd be tempted to go the B) (to be fixed) way. Granted, we'll loose functionality, but it will put us on the safe-side, with updates that drop functionality without needing a painful configuration-files-edit upgrading path. I don't believe B is a viable approach. The HTTP PUT interface is used by cupsctl and possibly other local tools, and there's no easy way of filtering what gets uploaded in the cupsd.conf file. FYI, in Ubuntu, I plan on doing a less-elegant version of A, which would be to get the new config file, but without automatically migrating any settings, and without changing the original config file so the user doesn't get any debconf prompts. Options that got moved to the new file would print warnings in the logs for the admin to see. The only thing is that the SystemGroup line will still be in the original config file after the upgrade, but with the log file warning disabled for it. Marc. signature.asc Description: OpenPGP digital signature
Bug#692791: members of lpadmin can read every file on server via cups
Michael, On 12-11-29 10:12 AM, Michael Sweet wrote: So, your alternate fix doesn't actually solve the problem as I can still do something like: PageLog /var/log/cups/../../../etc/shadow Adding a check for ../ in the path will catch that, easy fix... Also, there are a lot of other directives that can pretty trivially escalate to root...for example, setting ConfigFilePerm to 04777... Well, that would yield a world-writable cupsd.conf; I'll update things to mask out everything but read/write bits for both ConfigFilePerm and LogFilePerm. We'll most likely be using your approach of splitting the config files out in our stable releases, so I don't think it's worth investing time in trying to find an alternative fix. Thanks! Marc. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692791: members of lpadmin can read every file on server via cups
On 12-11-27 11:38 PM, Michael Sweet wrote: After looking at this patch in detail, it doesn't actually prevent users in the lpadmin group from modifying cupsd.conf and performing the specified privilege escalation. An alternate fix for cups-1.5 and earlier that specifically addresses the reported problem by requiring the log files to reside in CUPS_LOGDIR: Thanks for taking a look at it Michael. I now see what you meant by needing to disable HTTP PUT in cupsd. So, your alternate fix doesn't actually solve the problem as I can still do something like: PageLog /var/log/cups/../../../etc/shadow Also, there are a lot of other directives that can pretty trivially escalate to root...for example, setting ConfigFilePerm to 04777... I'm starting to think that migrating stable releases to the dual config files, while pretty intrusive, is something we need to consider... Marc. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692791: members of lpadmin can read every file on server via cups
FYI, as a security fix for our stable releases in Ubuntu, we plan on disabling cupsd.conf modification in the web interface entirely. Attached is the patch we plan on using. Marc. Description: fix privilege escalation by disabling config file editing via the web interface Author: Marc Deslauriers marc.deslauri...@canonical.com Forwarded: No Bug: https://www.cups.org/str.php?L4223 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791 Index: cups-1.6.1/doc/help/policies.html === --- cups-1.6.1.orig/doc/help/policies.html 2012-11-27 09:16:17.608346696 -0500 +++ cups-1.6.1/doc/help/policies.html 2012-11-27 09:16:19.768346750 -0500 @@ -19,7 +19,7 @@ PPolicies are stored in the VARcupsd.conf/VAR file in A HREF=ref-cupsd-conf.html#PolicyTTPolicy/TT/A sections. Each policy has an alphanumeric name that is used to select it. Inside the policy section are one or more A HREF=ref-cupsd-conf.html#LimitIPPTTLimit/TT/A subsections which list the operations that are affected by the rules inside it. A HREF=#LISTING01Listing 1/A shows the default operation policy, appropriately called default, that is shipped with CUPS./P -PThe easiest way to add a policy to the VARcupsd.conf/VAR file is to use the web interface. Click on the VARAdministration/VAR tab and then the VAREdit Configuration File/VAR button to edit the current VARcupsd.conf/VAR file. Click on the VARSave Changes/VAR button to save the changes and restart the scheduler. If you edit the VARcupsd.conf/VAR file from the console, make sure to A HREF=ref-cupsd-conf.htmlrestart the cupsd process/A before trying to use the new policy./P +PIf you edit the VARcupsd.conf/VAR file from the console, make sure to A HREF=ref-cupsd-conf.htmlrestart the cupsd process/A before trying to use the new policy./P PRE CLASS=example EMListing 1: A NAME=LISTING01Default Operation Policy/A/EM Index: cups-1.6.1/templates/admin.tmpl === --- cups-1.6.1.orig/templates/admin.tmpl 2012-11-27 09:16:19.740346750 -0500 +++ cups-1.6.1/templates/admin.tmpl 2012-11-27 09:16:19.772346751 -0500 @@ -28,7 +28,6 @@ H2 CLASS=titleServer/H2 P -FORM ACTION=/admin/ METHOD=POSTINPUT TYPE=HIDDEN NAME=org.cups.sid VALUE={$org.cups.sid}INPUT TYPE=HIDDEN NAME=OP VALUE=config-serverINPUT TYPE=SUBMIT VALUE=Edit Configuration File/FORM FORM ACTION=/admin/log/access_log METHOD=GETINPUT TYPE=SUBMIT VALUE=View Access Log/FORM FORM ACTION=/admin/log/error_log METHOD=GETINPUT TYPE=SUBMIT VALUE=View Error Log/FORM FORM ACTION=/admin/log/page_log METHOD=GETINPUT TYPE=SUBMIT VALUE=View Page Log/FORM Index: cups-1.6.1/cgi-bin/admin.c === --- cups-1.6.1.orig/cgi-bin/admin.c 2012-11-27 09:16:19.744346750 -0500 +++ cups-1.6.1/cgi-bin/admin.c 2012-11-27 09:16:34.236347121 -0500 @@ -1880,6 +1880,7 @@ cgiEndHTML(); } +#if 0 /* Disabled to fix CVE-2012-5519 security issue */ else if (cgiGetVariable(SAVECHANGES) cgiGetVariable(CUPSDCONF)) { /* @@ -2124,6 +2125,7 @@ cgiEndHTML(); } +#endif }
Bug#692791: members of lpadmin can read every file on server via cups
On 12-11-27 03:51 PM, Didier 'OdyX' Raboud wrote: Le mardi, 27 novembre 2012 15.30:46, Marc Deslauriers a écrit : FYI, as a security fix for our stable releases in Ubuntu, we plan on disabling cupsd.conf modification in the web interface entirely. Attached is the patch we plan on using. Hi Marc, while testing your patch I noticed it was not masking the Edit Configuration File input button in all locales (found in templates/*/admin.tmpl in 1.5.3). Updated patch is attached. Ah! thanks for that, I completely overlooked the localized template files. Marc. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692345: tiff: CVE-2012-4564
Package: tiff Version: 4.0.2-4 Followup-For: Bug #692345 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu raring ubuntu-patch *** /tmp/tmpm0_BMg/bug_body In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: denial of service and possible code execution via crafted PPM image - debian/patches/CVE-2012-4564.patch: check scanline_size in tools/ppm2tiff.c. - CVE-2012-4564 Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers quantal-updates APT policy: (500, 'quantal-updates'), (500, 'quantal-security'), (500, 'quantal'), (100, 'quantal-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.5.0-18-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru tiff-4.0.2/debian/changelog tiff-4.0.2/debian/changelog diff -Nru tiff-4.0.2/debian/patches/CVE-2012-4564.patch tiff-4.0.2/debian/patches/CVE-2012-4564.patch --- tiff-4.0.2/debian/patches/CVE-2012-4564.patch 1969-12-31 19:00:00.0 -0500 +++ tiff-4.0.2/debian/patches/CVE-2012-4564.patch 2012-11-15 08:56:13.0 -0500 @@ -0,0 +1,34 @@ +Description: fix denial of service and possible code execution via crafted PPM image +Origin: upstream, ppm2tiff.c,v 1.17 + +Index: tiff-4.0.2/tools/ppm2tiff.c +=== +--- tiff-4.0.2.orig/tools/ppm2tiff.c 2010-04-10 15:22:34.0 -0400 tiff-4.0.2/tools/ppm2tiff.c 2012-11-14 09:50:52.283703218 -0500 +@@ -89,6 +89,7 @@ + int c; + extern int optind; + extern char* optarg; ++ tmsize_t scanline_size; + + if (argc 2) { + fprintf(stderr, %s: Too few arguments\n, argv[0]); +@@ -237,8 +238,16 @@ + } + if (TIFFScanlineSize(out) linebytes) + buf = (unsigned char *)_TIFFmalloc(linebytes); +- else +- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); ++ else { ++ scanline_size = TIFFScanlineSize(out); ++ if (scanline_size != 0) ++ buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); ++ else { ++ fprintf(stderr, %s: scanline size overflow\n,infile); ++ (void) TIFFClose(out); ++ exit(-2); ++ } ++ } + if (resolution 0) { + TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution); + TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution); diff -Nru tiff-4.0.2/debian/patches/series tiff-4.0.2/debian/patches/series --- tiff-4.0.2/debian/patches/series 2012-10-05 17:07:54.0 -0400 +++ tiff-4.0.2/debian/patches/series 2012-11-15 08:56:13.0 -0500 @@ -1,3 +1,4 @@ opengl.patch CVE-2012-3401.patch CVE-2012-4447.patch +CVE-2012-4564.patch
Bug#684300: policykit-1-gnome: Authentication dialog window loses focus easily
Package: policykit-1-gnome Version: 0.105-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu quantal ubuntu-patch *** /tmp/tmpxkPNXr/bug_body In Ubuntu, the attached patch was applied to achieve the following: * debian/patches/08-fresh-x11-timestamps.patch: use fresh X11 timestamps when displaying authentication dialog to circumvent focus-stealing prevention. (LP: #946171) This happens frequently when using metacity. See the following downstream bug: https://bugs.launchpad.net/ubuntu/+source/policykit-gnome/+bug/946171 and the Gnome bug: https://bugzilla.gnome.org/show_bug.cgi?id=676076 Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise-proposed'), (500, 'precise') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-29-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru policykit-1-gnome-0.105/debian/changelog policykit-1-gnome-0.105/debian/changelog diff -Nru policykit-1-gnome-0.105/debian/patches/08-fresh-x11-timestamps.patch policykit-1-gnome-0.105/debian/patches/08-fresh-x11-timestamps.patch --- policykit-1-gnome-0.105/debian/patches/08-fresh-x11-timestamps.patch 1969-12-31 19:00:00.0 -0500 +++ policykit-1-gnome-0.105/debian/patches/08-fresh-x11-timestamps.patch 2012-08-08 09:56:17.0 -0400 @@ -0,0 +1,28 @@ +Description: use fresh X11 timestamps when displaying authentication dialog + to circumvent focus-stealing prevention. +Author: Jeffrey Knockel jeff...@gmail.com +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/policykit-gnome/+bug/946171 +Bug: https://bugzilla.gnome.org/show_bug.cgi?id=676076 + +Index: policykit-1-gnome-0.105/src/polkitgnomeauthenticator.c +=== +--- policykit-1-gnome-0.105.orig/src/polkitgnomeauthenticator.c 2012-07-27 00:39:09.0 -0600 policykit-1-gnome-0.105/src/polkitgnomeauthenticator.c 2012-07-27 00:40:27.185547436 -0600 +@@ -26,6 +26,7 @@ + #include sys/types.h + #include pwd.h + #include glib/gi18n.h ++#include gdk/gdkx.h + + #include polkit/polkit.h + #include polkitagent/polkitagent.h +@@ -307,7 +308,8 @@ + } + + gtk_widget_show_all (GTK_WIDGET (authenticator-dialog)); +- gtk_window_present (GTK_WINDOW (authenticator-dialog)); ++ gtk_window_present_with_time (GTK_WINDOW (authenticator-dialog), ++gdk_x11_get_server_time (gtk_widget_get_window (GTK_WIDGET (authenticator-dialog; + password = polkit_gnome_authentication_dialog_run_until_response_for_prompt (POLKIT_GNOME_AUTHENTICATION_DIALOG (authenticator-dialog), +modified_request, +echo_on, diff -Nru policykit-1-gnome-0.105/debian/patches/series policykit-1-gnome-0.105/debian/patches/series --- policykit-1-gnome-0.105/debian/patches/series 2012-02-10 23:21:49.0 -0500 +++ policykit-1-gnome-0.105/debian/patches/series 2012-08-08 09:18:28.0 -0400 @@ -4,3 +4,4 @@ 04-autorestart.patch 06-authentication-failure-string.patch 07-use-accountsservice.patch +08-fresh-x11-timestamps.patch
Bug#683403:
OK, I am now convinced that we don't need the md2 certs, applications should be able to validate using the sha1 certs. I believe a bug in libsoup/glib-networking is causing the sha1 certs to not be used. We still should improve ca-certificates to make _sure_ that we're shipping the sha1 certs instead of the md2 certs, as it currently ships the sha1 certs by coincidence as they are listed later in Mozilla's file. If they ever change the order of their file, we'll be shipping the md2 ones by mistake. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#683403: ca-certificates: Missing Verisign md2 certs due to broken extract script
Package: ca-certificates Version: 20111211 Severity: normal Verisign shipped G1 PCA Roots with md2 signatures on them. At some point, they resigned those roots using SHA1, but requested that the original certs keep shipping in Mozilla's cert list as they had issued intermediates with AKIs that point to the MD2 versions. See discussion here: https://groups.google.com/forum/?fromgroups#!msg/mozilla.dev.security.policy/I6bUbW3WkBU/lRxqGv6vYHYJ Now, ca-certificates uses a script called certdata2pem.py to extract the certificates from the certdata.txt file provided by Mozilla into individual files. Unfortunately, the script names the certificate file using the CKA_LABEL. In two instances, the verisign md2 and sha1 certs have the same CKA_LABEL, so the script is overwriting the first one (md2) with the second one (sha1). This results in the Verisign md2 certs being missing from the system ca certs. This usually isn't a problem except in the case where a website is handing out a complete cert chain, including the md2 root cert. When that happens, webkit is unable to verify the md2 root cert, and the connection fails. See reproducer in downstream bug report here: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1031333 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#682115: tiff: CVE-2012-3401 heap overflow in tiff2pdf
On Sat, 2012-07-21 at 20:57 -0400, Jay Berkenbilt wrote: Marc Deslauriers marc.deslauri...@ubuntu.com wrote: *** /tmp/tmpgGHwFf/bug_body In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: possible arbitrary code execution via heap overflow in tiff2pdf. - debian/patches/CVE-2012-3401.patch: properly set t2p-t2p_error in tools/tiff2pdf.c. - CVE-2012-3401 Thanks for considering the patch. I will try to get this patch in this weekend. Thanks. Note that tiff2pdf from the tiff3 package is not actually installed (it comes from the tiff package, which is 4.x), but I'll still apply the patch to avoid confusion. I'll certainly apply the patch to the tiff package. Yeah, I skipped the tiff3 package in Quantal too for the same reason. Marc. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#682115: tiff: CVE-2012-3401 heap overflow in tiff2pdf
Package: tiff Version: 4.0.2-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu quantal ubuntu-patch *** /tmp/tmpgGHwFf/bug_body In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: possible arbitrary code execution via heap overflow in tiff2pdf. - debian/patches/CVE-2012-3401.patch: properly set t2p-t2p_error in tools/tiff2pdf.c. - CVE-2012-3401 Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise-proposed'), (500, 'precise') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-27-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru tiff-4.0.2/debian/changelog tiff-4.0.2/debian/changelog diff -Nru tiff-4.0.2/debian/patches/CVE-2012-3401.patch tiff-4.0.2/debian/patches/CVE-2012-3401.patch --- tiff-4.0.2/debian/patches/CVE-2012-3401.patch 1969-12-31 19:00:00.0 -0500 +++ tiff-4.0.2/debian/patches/CVE-2012-3401.patch 2012-07-19 10:04:30.0 -0400 @@ -0,0 +1,16 @@ +Description: fix possible arbitrary code execution via heap overflow + in tiff2pdf. +Origin: Patch thanks to Huzaifa Sidhpurwala huzai...@redhat.com + +Index: tiff-4.0.2/tools/tiff2pdf.c +=== +--- tiff-4.0.2.orig/tools/tiff2pdf.c 2012-06-15 17:51:54.0 -0400 tiff-4.0.2/tools/tiff2pdf.c 2012-07-19 10:04:27.937219982 -0400 +@@ -1066,6 +1066,7 @@ + Can't set directory %u of input file %s, + i, + TIFFFileName(input)); ++ t2p-t2p_error = T2P_ERR_ERROR; + return; + } + if(TIFFGetField(input, TIFFTAG_PAGENUMBER, pagen, paged)){ diff -Nru tiff-4.0.2/debian/patches/series tiff-4.0.2/debian/patches/series --- tiff-4.0.2/debian/patches/series 2012-06-24 13:45:53.0 -0400 +++ tiff-4.0.2/debian/patches/series 2012-07-19 10:04:25.0 -0400 @@ -1 +1,2 @@ opengl.patch +CVE-2012-3401.patch
Bug#681219: freemind: Patch to make data files open properly
Package: freemind Version: 0.9.0+dfsg-2 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu quantal ubuntu-patch *** /tmp/tmpVn1uqL/bug_body In Ubuntu, the attached patch was applied so users can double click on data files and get the application to open them properly: * Add file URL list parameter (%U) to .desktop file (LP: #883008) Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise-proposed'), (500, 'precise') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-27-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru freemind-0.9.0+dfsg/debian/changelog freemind-0.9.0+dfsg/debian/changelog diff -Nru freemind-0.9.0+dfsg/debian/freemind.desktop freemind-0.9.0+dfsg/debian/freemind.desktop --- freemind-0.9.0+dfsg/debian/freemind.desktop 2009-12-05 08:31:09.0 -0500 +++ freemind-0.9.0+dfsg/debian/freemind.desktop 2012-07-11 09:08:17.0 -0400 @@ -1,7 +1,7 @@ [Desktop Entry] Version=1.0 Name=FreeMind -Exec=/usr/bin/freemind +Exec=/usr/bin/freemind %U Terminal=false Icon=FreeMindWindowIcon Type=Application
Bug#673451: lintian: improve use of readelf
On Sun, 2012-05-27 at 09:21 +0200, Niels Thykier wrote: tags 673451 + moreinfo thanks On 2012-05-18 20:50, Marc Deslauriers wrote: [...] *** /tmp/tmpiekV9j/bug_body In Ubuntu, the attached patch was applied to achieve the following: * collection/objdump-info: objdump-info switched from objdump to readelf, but readelf in Ubuntu doesn't seem to work properly when used with the -D option, possibly due to differences in default hardening. Work around issue by using different flags and adjusting parsing. This also restores version parsing. Thanks for considering the patch. [...] Hi, Thanks for the patch, unfortunately it is causing uninitialized value warnings in the legacy test suite[1]: Ah! yes, sorry about that. Here's an updated patch. Thanks, Marc. diff -Naur lintian-2.5.7.old/collection/objdump-info lintian-2.5.7/collection/objdump-info --- lintian-2.5.7.old/collection/objdump-info 2012-05-13 15:20:39.0 -0400 +++ lintian-2.5.7/collection/objdump-info 2012-05-28 13:49:23.549405127 -0400 @@ -142,16 +142,20 @@ close PIPE; } -if (open(PIPE, '-|', readelf -W -s -D \Q$bin\E 21)) { +if (open(PIPE, '-|', readelf -W -s \Q$bin\E 21)) { +my $section = ''; print {$opts{pipe_in}} DYNAMIC SYMBOL TABLE:\n; while(PIPE) { -last if m/^Symbol table of/; - -if (m/^\s*(\d+)\s+\d+:\s*[0-9a-f]+\s+\d+\s+(?:(?:\S+\s+){3})(\S+)\s+(.*)\Z/) { +if (m/^Symbol table '.dynsym'/) { +$section = 'DS'; +} elsif (m/^Symbol table/) { +$section = ''; +} elsif (m/^\s*(\d+):\s*[0-9a-f]+\s+\d+\s+(?:(?:\S+\s+){3})(\S+)\s+(.*)\Z/ + and $section eq 'DS') { my ($symnum, $seg, $sym, $ver) = ($1, $2, $3, ''); -if ($sym =~ m/^(.*)@(.*)$/) { +if ($sym =~ m/^(.*)@(.*) \(.*\)$/) { $sym = $1; $ver = $2; } elsif (@symbol_versions == 0) {
Bug#672492: CVE-2012-2141
Package: net-snmp Version: 5.4.3~dfsg-2.4 Followup-For: Bug #672492 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu quantal ubuntu-patch *** /tmp/tmp7KXNLG/bug_body In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: denial of service via SNMP GET with non-existent extension table entry - debian/patches/CVE-2012-2141.patch: validate line_idx in agent/mibgroup/agent/extend.c. - CVE-2012-2141 Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise-proposed'), (500, 'precise') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-24-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru net-snmp-5.4.3~dfsg/debian/patches/CVE-2012-2141.patch net-snmp-5.4.3~dfsg/debian/patches/CVE-2012-2141.patch --- net-snmp-5.4.3~dfsg/debian/patches/CVE-2012-2141.patch 1969-12-31 19:00:00.0 -0500 +++ net-snmp-5.4.3~dfsg/debian/patches/CVE-2012-2141.patch 2012-05-22 16:33:46.0 -0400 @@ -0,0 +1,31 @@ +Description: fix denial of service via SNMP GET with non-existent + extension table entry +Bug: http://sourceforge.net/tracker/index.php?func=detailaid=3526549group_id=12694atid=112694 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672492 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=815813 +Origin: upstream, http://net-snmp.git.sourceforge.net/git/gitweb.cgi?p=net-snmp/net-snmp;a=commit;h=4c5633f1603e4bd03ed05c37d782ec8911759c47 + +Index: net-snmp-5.4.3~dfsg/agent/mibgroup/agent/extend.c +=== +--- net-snmp-5.4.3~dfsg.orig/agent/mibgroup/agent/extend.c 2009-04-22 19:49:21.0 -0400 net-snmp-5.4.3~dfsg/agent/mibgroup/agent/extend.c 2012-05-22 16:30:35.596256644 -0400 +@@ -1124,7 +1124,7 @@ + * ...and check the line requested is valid + */ + line_idx = *table_info-indexes-next_variable-val.integer; +-if (eptr-numlines line_idx) ++if (line_idx 1 || line_idx eptr-numlines) + return NULL; + } + return eptr; +@@ -1297,6 +1297,10 @@ + * Determine which line we've been asked for + */ + line_idx = *table_info-indexes-next_variable-val.integer; ++if (line_idx 1 || line_idx extension-numlines) { ++netsnmp_set_request_error(reqinfo, request, SNMP_NOSUCHINSTANCE); ++continue; ++} + cp = extension-lines[line_idx-1]; + + /* diff -Nru net-snmp-5.4.3~dfsg/debian/patches/series net-snmp-5.4.3~dfsg/debian/patches/series --- net-snmp-5.4.3~dfsg/debian/patches/series 2012-01-05 02:29:32.0 -0500 +++ net-snmp-5.4.3~dfsg/debian/patches/series 2012-05-22 16:30:12.0 -0400 @@ -15,3 +15,4 @@ 63_fix_shell.patch 64_missing_lib.patch ubuntu-fix-lp-587828.patch +CVE-2012-2141.patch
Bug#673449: lintian: fix Ubuntu compatibility in binaries-hardening test
Package: lintian Version: 2.5.7 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu quantal ubuntu-patch *** /tmp/tmphAWAWQ/bug_body In Ubuntu, the attached patch was applied to achieve the following: * t/tests/binaries-hardening/debian/Makefile: stack protector and relro are enabled by default in Ubuntu. Make sure we specifically disable them to properly test lintian. Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise-proposed'), (500, 'precise') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-24-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru lintian-2.5.7/t/tests/binaries-hardening/debian/Makefile lintian-2.5.7ubuntu1/t/tests/binaries-hardening/debian/Makefile --- lintian-2.5.7/t/tests/binaries-hardening/debian/Makefile 2012-05-12 17:04:48.0 -0400 +++ lintian-2.5.7ubuntu1/t/tests/binaries-hardening/debian/Makefile 2012-05-18 14:01:58.0 -0400 @@ -1,6 +1,10 @@ all: weak.1 strong.1 # Build without dpkg-buildflags. - gcc -o weak hello.c + gcc -o weak \ + -fno-stack-protector \ + -Wl,-z,norelro \ + -U_FORTIFY_SOURCE \ + hello.c gcc -o strong \ $(shell dpkg-buildflags --get CPPFLAGS) \ $(shell dpkg-buildflags --get CFLAGS) \
Bug#673451: lintian: improve use of readelf
Package: lintian Version: 2.5.7 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu quantal ubuntu-patch *** /tmp/tmpiekV9j/bug_body In Ubuntu, the attached patch was applied to achieve the following: * collection/objdump-info: objdump-info switched from objdump to readelf, but readelf in Ubuntu doesn't seem to work properly when used with the -D option, possibly due to differences in default hardening. Work around issue by using different flags and adjusting parsing. This also restores version parsing. Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise-proposed'), (500, 'precise') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-24-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru lintian-2.5.7/collection/objdump-info lintian-2.5.7ubuntu1/collection/objdump-info --- lintian-2.5.7/collection/objdump-info 2012-05-13 15:20:39.0 -0400 +++ lintian-2.5.7ubuntu1/collection/objdump-info 2012-05-18 11:32:30.0 -0400 @@ -142,16 +142,16 @@ close PIPE; } -if (open(PIPE, '-|', readelf -W -s -D \Q$bin\E 21)) { +if (open(PIPE, '-|', readelf -W -s \Q$bin\E 21)) { print {$opts{pipe_in}} DYNAMIC SYMBOL TABLE:\n; while(PIPE) { last if m/^Symbol table of/; -if (m/^\s*(\d+)\s+\d+:\s*[0-9a-f]+\s+\d+\s+(?:(?:\S+\s+){3})(\S+)\s+(.*)\Z/) { +if (m/^\s*(\d+):\s*[0-9a-f]+\s+\d+\s+(?:(?:\S+\s+){3})(\S+)\s+(.*)\Z/) { my ($symnum, $seg, $sym, $ver) = ($1, $2, $3, ''); -if ($sym =~ m/^(.*)@(.*)$/) { +if ($sym =~ m/^(.*)@(.*) \(.*\)$/) { $sym = $1; $ver = $2; } elsif (@symbol_versions == 0) {
Bug#664990: libzip1: CVE-2012-1162 CVE-2012-1163 Incorrect loop construct and numeric overflow
Package: libzip Version: 0.10-1 Followup-For: Bug #664990 User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu precise ubuntu-patch *** /tmp/tmpvDE7OS/bug_body In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: arbitrary code execution or information leak via heap overflow and numeric overflow. - debian/patches/CVE-2012-116x.patch: fix overflow and loop in lib/zip_open.c. - CVE-2012-1162 - CVE-2012-1163 Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise-proposed'), (500, 'precise') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-20-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru libzip-0.10/debian/changelog libzip-0.10/debian/changelog diff -Nru libzip-0.10/debian/patches/CVE-2012-116x.patch libzip-0.10/debian/patches/CVE-2012-116x.patch --- libzip-0.10/debian/patches/CVE-2012-116x.patch 1969-12-31 19:00:00.0 -0500 +++ libzip-0.10/debian/patches/CVE-2012-116x.patch 2012-03-28 15:09:02.0 -0400 @@ -0,0 +1,35 @@ +Description: fix arbitrary code execution or information leak via + heap overflow and numeric overflow +Origin: upstream, http://hg.nih.at/libzip?cs=cb69d6146a09 + +Index: libzip-0.10/lib/zip_open.c +=== +--- libzip-0.10.orig/lib/zip_open.c 2011-03-16 07:18:44.0 -0400 libzip-0.10/lib/zip_open.c 2012-03-28 15:04:52.785990360 -0400 +@@ -200,7 +200,7 @@ + cd-comment = NULL; + cd-comment_len = _zip_read2(cdp); + +-if (cd-offset+cd-size buf_offset + (eocd-buf)) { ++if (((zip_uint64_t)cd-offset)+cd-size buf_offset + (eocd-buf)) { + /* cdir spans past EOCD record */ + _zip_error_set(error, ZIP_ER_INCONS, 0); + cd-nentry = 0; +@@ -257,7 +257,7 @@ + + left = cd-size; + i=0; +-do { ++while (icd-nentry left 0) { + if ((_zip_dirent_read(cd-entry+i, fp, bufp, left, 0, error)) 0) { + cd-nentry = i; + _zip_cdir_free(cd); +@@ -274,7 +274,7 @@ + return NULL; + } + } +-} while (icd-nentry left 0); ++} + + cd-nentry = i; + diff -Nru libzip-0.10/debian/patches/series libzip-0.10/debian/patches/series --- libzip-0.10/debian/patches/series 2011-05-01 10:50:49.0 -0400 +++ libzip-0.10/debian/patches/series 2012-03-28 15:03:20.0 -0400 @@ -1,2 +1,3 @@ fix_open_nonarchive_test.patch fix_zipconf_path.patch +CVE-2012-116x.patch
Bug#661849: virtinst: Fix path to qemu-dm
Package: virtinst Version: 0.600.1-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu precise ubuntu-patch *** /tmp/tmpzeykEL/bug_body In Ubuntu, the attached patch was applied to achieve the following: * debian/patches/0004-Fix-path-to-qemu-dm.patch: fix the path to the qemu-dm binary. (LP: #936048) Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise-proposed'), (500, 'precise') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-17-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru virtinst-0.600.1/debian/changelog virtinst-0.600.1/debian/changelog diff -Nru virtinst-0.600.1/debian/patches/0004-Fix-path-to-qemu-dm.patch virtinst-0.600.1/debian/patches/0004-Fix-path-to-qemu-dm.patch --- virtinst-0.600.1/debian/patches/0004-Fix-path-to-qemu-dm.patch 1969-12-31 19:00:00.0 -0500 +++ virtinst-0.600.1/debian/patches/0004-Fix-path-to-qemu-dm.patch 2012-02-24 15:52:46.0 -0500 @@ -0,0 +1,20 @@ +Description: fix path to the qemu-dm binary +Author: Marc Deslauriers marc.deslauri...@canonical.com +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/virtinst/+bug/936048 + +Index: virtinst-0.600.1/virtinst/Guest.py +=== +--- virtinst-0.600.1.orig/virtinst/Guest.py 2012-01-24 19:00:05.0 -0500 virtinst-0.600.1/virtinst/Guest.py 2012-02-24 15:50:59.958518345 -0500 +@@ -886,10 +886,7 @@ + if (not self.emulator and + self.installer.is_hvm() and + self.type == xen): +-if self._get_caps().host.arch in (x86_64): +-emulator = /usr/lib64/xen/bin/qemu-dm +-else: +-emulator = /usr/lib/xen/bin/qemu-dm ++emulator = /usr/lib/xen-default/bin/qemu-dm + + emu_xml = + if emulator is not None: diff -Nru virtinst-0.600.1/debian/patches/series virtinst-0.600.1/debian/patches/series --- virtinst-0.600.1/debian/patches/series 2012-02-11 11:42:58.0 -0500 +++ virtinst-0.600.1/debian/patches/series 2012-02-24 15:49:15.0 -0500 @@ -4,3 +4,4 @@ 9003-fix-path-to-hvmloader-in-testsuite.patch 9004_ubuntu_fix_tree_support.patch 9005_ubuntu_precise.patch +0004-Fix-path-to-qemu-dm.patch
Bug#659983: dhcpcd: Fix for CVE-2011-0996
Package: dhcpcd Version: 1:3.2.3-9 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu precise ubuntu-patch *** /tmp/tmpYPCJL7/bug_body In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. (LP: #931036) - https://build.opensuse.org/package/view_file?file=dhcpcd-3.2.3-option-checks.diffpackage=dhcpcdproject=network%3Adhcprev=52442e5c1d803d7c1818a920a0bae7f1 - above linked patch(without the additional support for NETBIOS type messages) has been added. - CVE-2011-0996 Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise-proposed'), (500, 'precise') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-15-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u dhcpcd-3.2.3/dhcpcd.c dhcpcd-3.2.3/dhcpcd.c --- dhcpcd-3.2.3/dhcpcd.c +++ dhcpcd-3.2.3/dhcpcd.c @@ -180,8 +180,10 @@ options-timeout = DEFAULT_TIMEOUT; snprintf(options-pidfile, sizeof (options-pidfile), none); - gethostname (options-hostname, sizeof (options-hostname)); - if (strcmp (options-hostname, (none)) == 0 || + memset (options-hostname, 0, sizeof (options-hostname)); + gethostname (options-hostname, sizeof (options-hostname) - 1); + options-hostname[sizeof (options-hostname) - 1] = '\0'; + if (check_domain_name(options-hostname, strlen(options-hostname), 0) != 0 || strcmp (options-hostname, localhost) == 0) memset (options-hostname, 0, sizeof (options-hostname)); @@ -230,6 +232,9 @@ `%s' too long for HostName string, max is %d, optarg, MAXHOSTNAMELEN); goto abort; +} else if(check_domain_name(optarg, strlen(optarg), 0) != 0) { + logger (LOG_ERR, suspect string in hostname argument); + goto abort; } else strlcpy (options-hostname, optarg, sizeof (options-hostname)); diff -u dhcpcd-3.2.3/dhcp.c dhcpcd-3.2.3/dhcp.c --- dhcpcd-3.2.3/dhcp.c +++ dhcpcd-3.2.3/dhcp.c @@ -41,6 +41,8 @@ #include stdint.h #include stdlib.h #include string.h +#include stddef.h +#include ctype.h #include config.h @@ -627,6 +629,98 @@ return (head); } +int check_domain_name(const char *ptr, size_t len, int dots) +{ + const char *p; + + /* not empty or complete length not over 255 characters */ + if (len == 0 || len = 256) + return -1; + + /* consists of [[:alnum:]-]+ labels separated by [.] */ + /* a [_] is against RFC but seems to be widely used... */ + for (p=ptr; *p len-- 0; p++) { + if ( *p == '-' || *p == '_') { + /* not allowed at begin or end of a label */ + if ((p - ptr) == 0 || len == 0 || p[1] == '.') +return -1; + } else + if ( *p == '.') { + /* each label has to be 1-63 characters; + we allow [.] at the end ('foo.bar.') */ + ptrdiff_t d = p - ptr; + if( d = 0 || d = 64) +return -1; + ptr = p + 1; /* jump to the next label*/ + if(dots 0 len 0) +dots--; + } else + if ( !isalnum((unsigned char)*p)) { +/* also numbers at the begin are fine */ +return -1; + } + } + return dots ? -1 : 0; +} + +int check_domain_name_list(const char *ptr, size_t len, int dots) +{ + const char *p; + int ret = -1; /* at least one needed */ + + if (!ptr || !len) + return -1; + + for (p=ptr; *p len 0; p++, len--) { + if (*p != ' ') + continue; + if (p ptr) { + if (check_domain_name(ptr, p - ptr, dots) != 0) +return -1; + ret = 0; + } + ptr = p + 1; + } + if (p ptr) + return check_domain_name(ptr, p - ptr, dots); + else + return ret; +} + +int check_dhcp_option(unsigned char option, const char *ptr, size_t len) +{ + if( !ptr) + return -1; + + switch (option) { + case DHCP_HOSTNAME: + case DHCP_NISDOMAIN: + case DHCP_SIPSERVER: + case DHCP_DNSDOMAIN: /* accept a list for compatibiliy */ + case DHCP_DNSSEARCH: + return check_domain_name_list(ptr, len, 0); + break; + case DHCP_ROOTPATH: + if( len == 0) +return -1; + for (; *ptr len-- 0; ptr++) { +if( !(isalnum((unsigned char)*ptr) || + *ptr == '#' || *ptr == '%' || + *ptr == '+' || *ptr == '-' || + *ptr == '_' || *ptr == ':' || + *ptr == '.' || *ptr == ',' || + *ptr == '@' || *ptr == '~' || + *ptr == '\\' || *ptr == '/' || + *ptr == '[' || *ptr == ']' || + *ptr == '=' || *ptr == ' ')) + return -1; + } + return 0; + break; + } + return 0; +} + static struct route_head *decode_routers (const unsigned char *data, int length) { int i; @@ -674,8 +768,16 @@ dhcp-leasedfrom = tv.tv_sec; dhcp-frominfo = false; dhcp-address.s_addr = message-yiaddr; - strlcpy (dhcp-servername, (char *) message-servername, - sizeof
Bug#659748: tomcat6: regression fix for CVE-2012-0022
Package: tomcat6 Version: 6.0.35-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu precise ubuntu-patch *** /tmp/tmpQZSwrL/bug_body In Ubuntu, the attached patch was applied to achieve the following: * debian/patches/0011-CVE-2012-0022-regression-fix.patch: fix regression from the CVE-2012-0022 security fix that went into 6.0.35. Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise-proposed'), (500, 'precise') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-15-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru tomcat6-6.0.35/debian/changelog tomcat6-6.0.35/debian/changelog diff -Nru tomcat6-6.0.35/debian/patches/0011-CVE-2012-0022-regression-fix.patch tomcat6-6.0.35/debian/patches/0011-CVE-2012-0022-regression-fix.patch --- tomcat6-6.0.35/debian/patches/0011-CVE-2012-0022-regression-fix.patch 1969-12-31 19:00:00.0 -0500 +++ tomcat6-6.0.35/debian/patches/0011-CVE-2012-0022-regression-fix.patch 2012-02-13 09:04:42.0 -0500 @@ -0,0 +1,83 @@ +Description: fix regression from the CVE-2012-0022 security fix that + went into 6.0.35. +Origin: upstream, http://svn.apache.org/viewvc?view=revisionrevision=1229027 +Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=52384 + +Index: tomcat6-6.0.35/java/org/apache/tomcat/util/http/LocalStrings.properties +=== +--- tomcat6-6.0.35.orig/java/org/apache/tomcat/util/http/LocalStrings.properties 2011-11-12 03:36:55.0 -0500 tomcat6-6.0.35/java/org/apache/tomcat/util/http/LocalStrings.properties 2012-02-13 09:03:10.865891860 -0500 +@@ -17,6 +17,7 @@ + parameters.copyFail=Failed to create copy of original parameter values for debug logging purposes + parameters.decodeFail.debug=Character decoding failed. Parameter [{0}] with value [{1}] has been ignored. + parameters.decodeFail.info=Character decoding failed. Parameter [{0}] with value [{1}] has been ignored. Note that the name and value quoted here may be corrupted due to the failed decoding. Use debug level logging to see the original, non-corrupted values. ++parameters.emptyChunk=Empty parameter chunk ignored + parameters.invalidChunk=Invalid chunk starting at byte [{0}] and ending at byte [{1}] with a value of [{2}] ignored + parameters.maxCountFail=More than the maximum number of request parameters (GET plus POST) for a single request ([{0}]) were detected. Any parameters beyond this limit have been ignored. To change this limit, set the maxParameterCount attribute on the Connector. + parameters.multipleDecodingFail=Character decoding failed. A total of [{0}] failures were detected but only the first was logged. Enable debug level logging for this logger to log all failures. +Index: tomcat6-6.0.35/java/org/apache/tomcat/util/http/Parameters.java +=== +--- tomcat6-6.0.35.orig/java/org/apache/tomcat/util/http/Parameters.java 2011-11-25 16:11:35.0 -0500 tomcat6-6.0.35/java/org/apache/tomcat/util/http/Parameters.java 2012-02-13 09:03:10.889891861 -0500 +@@ -314,6 +314,15 @@ + } + + if (nameEnd = nameStart ) { ++if (valueStart == -1) { ++// ++if (log.isDebugEnabled()) { ++log.debug(sm.getString(parameters.emptyChunk)); ++} ++// Do not flag as error ++continue; ++} ++// =foo + if (log.isInfoEnabled()) { + if (valueEnd = nameStart log.isDebugEnabled()) { + String extract = null; +@@ -341,7 +350,11 @@ + } + + tmpName.setBytes(bytes, nameStart, nameEnd - nameStart); +-tmpValue.setBytes(bytes, valueStart, valueEnd - valueStart); ++if (valueStart = 0) { ++tmpValue.setBytes(bytes, valueStart, valueEnd - valueStart); ++} else { ++tmpValue.setBytes(bytes, 0, 0); ++} + + // Take copies as if anything goes wrong originals will be + // corrupted. This means original values can be logged. +@@ -349,7 +362,11 @@ + if (log.isDebugEnabled()) { + try { + origName.append(bytes, nameStart, nameEnd - nameStart); +-origValue.append(bytes, valueStart, valueEnd - valueStart); ++if (valueStart = 0) { ++origValue.append(bytes, valueStart, valueEnd - valueStart); ++} else { ++origValue.append(bytes, 0, 0); ++} +
Bug#659035: mumble: Fix certificate validation with QT 4.8.0
Package: mumble Version: 1.2.3-2 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu precise ubuntu-patch *** /tmp/tmp4vG35i/bug_body In Ubuntu, the attached patch was applied to achieve the following: When compiling with QT 4.8, mumble can no longer validate server certificates. This patch works around the issue. * debian/patches/0003-fix-cert-validation.patch: Fix certificate validation with QT 4.8. For some reason, the new on-demand root cert loading is not working with mumble. (LP: #928296) Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise-proposed'), (500, 'precise') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-12-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru mumble-1.2.3/debian/changelog mumble-1.2.3/debian/changelog diff -Nru mumble-1.2.3/debian/patches/0003-fix-cert-validation.patch mumble-1.2.3/debian/patches/0003-fix-cert-validation.patch --- mumble-1.2.3/debian/patches/0003-fix-cert-validation.patch 1969-12-31 19:00:00.0 -0500 +++ mumble-1.2.3/debian/patches/0003-fix-cert-validation.patch 2012-02-07 10:24:56.0 -0500 @@ -0,0 +1,21 @@ +Description: Fix certificate validation with QT 4.8. For some reason, the + new on-demand root cert loading is not working with mumble. +Author: Marc Deslauriers marc.deslauri...@canonical.com +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/928296 + +Index: mumble-1.2.3/src/SSL.cpp +=== +--- mumble-1.2.3.orig/src/SSL.cpp 2012-02-07 09:53:41.766241152 -0500 mumble-1.2.3/src/SSL.cpp 2012-02-07 10:18:37.902226883 -0500 +@@ -252,6 +252,11 @@ + QSslSocket::setDefaultCaCertificates(ql); + #endif // NO_SYSTEM_CA_OVERRIDE + ++#if QT_VERSION = 0x040800 ++// Don't perform on-demand loading of root certificates ++QSslSocket::setDefaultCaCertificates(QSslSocket::systemCaCertificates()); ++#endif ++ + for (unsigned int i=0;isizeof(recommended_cas)/sizeof(recommended_cas[0]);++i) { + QSslCertificate cert(recommended_cas[i]); + if (! QSslSocket::defaultCaCertificates().contains(cert)) {
Bug#659039: mumble: Mumble database is world-readable
Package: mumble Version: 1.2.3-2 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu precise ubuntu-patch *** /tmp/tmpbbtG6M/bug_body By default, Mumble creates it's config file and database with world-readable permissions. The database may contain passwords. In Ubuntu, the attached patch was applied to achieve the following: * debian/patches/0004-set-file-permissions.patch: Set restrictive permissions on data files. (LP: #783405) Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise-proposed'), (500, 'precise') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-12-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru mumble-1.2.3/debian/changelog mumble-1.2.3/debian/changelog diff -Nru mumble-1.2.3/debian/patches/0004-set-file-permissions.patch mumble-1.2.3/debian/patches/0004-set-file-permissions.patch --- mumble-1.2.3/debian/patches/0004-set-file-permissions.patch 1969-12-31 19:00:00.0 -0500 +++ mumble-1.2.3/debian/patches/0004-set-file-permissions.patch 2012-02-07 10:24:47.0 -0500 @@ -0,0 +1,42 @@ +Description: Set restrictive permissions on data files. +Origin: upstream, https://github.com/mumble-voip/mumble/commit/5632c35d6759f5e13a7dfe78e4ee6403ff6a8e3e +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/783405 + +Index: mumble-1.2.3/src/mumble/Database.cpp +=== +--- mumble-1.2.3.orig/src/mumble/Database.cpp 2011-02-19 16:35:16.0 -0500 mumble-1.2.3/src/mumble/Database.cpp 2012-02-07 10:21:02.398225505 -0500 +@@ -92,6 +92,11 @@ + qWarning(Database: Database is read-only); + } + ++ { ++ QFile f(db.databaseName()); ++ f.setPermissions(f.permissions() ~(QFile::ReadGroup | QFile::WriteGroup | QFile::ExeGroup | QFile::ReadOther | QFile::WriteOther | QFile::ExeOther)); ++ } ++ + QSqlQuery query; + + query.exec(QLatin1String(CREATE TABLE IF NOT EXISTS `servers` (`id` INTEGER PRIMARY KEY AUTOINCREMENT, `name` TEXT, `hostname` TEXT, `port` INTEGER DEFAULT 64738, `username` TEXT, `password` TEXT))); +Index: mumble-1.2.3/src/mumble/Settings.cpp +=== +--- mumble-1.2.3.orig/src/mumble/Settings.cpp 2011-02-19 16:35:17.0 -0500 mumble-1.2.3/src/mumble/Settings.cpp 2012-02-07 10:21:02.398225505 -0500 +@@ -698,6 +698,17 @@ + void OverlaySettings::save(QSettings* settings_ptr) { + OverlaySettings def; + ++ settings_ptr-setValue(QLatin1String(version), QLatin1String(MUMTEXT(MUMBLE_VERSION_STRING))); ++ settings_ptr-sync(); ++ ++#if defined(Q_OS_WIN) || defined(Q_OS_MAC) ++ if (settings_ptr-format() == QSettings::IniFormat) ++#endif ++{ ++ QFile f(settings_ptr-fileName()); ++ f.setPermissions(f.permissions() ~(QFile::ReadGroup | QFile::WriteGroup | QFile::ExeGroup | QFile::ReadOther | QFile::WriteOther | QFile::ExeOther)); ++} ++ + SAVELOAD(bEnable, enable); + + SAVELOAD(osShow, show);
Bug#657445:
Looks like this: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53;r2=1.54 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#652649: jasper: Fix for CVE-2011-4516 and CVE-2011-4517
Package: jasper Version: 1.900.1-12 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu precise ubuntu-patch *** /tmp/tmpCx1dv3 In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: denial of service and possible code execution via heap-based buffer overflows. - debian/patches/03-CVE-2011-451x.patch: validate compparms-numrlvls and allocate proper size in src/libjasper/jpc/jpc_cs.c. - CVE-2011-4516 - CVE-2011-4517 Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers oneiric-updates APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 'oneiric-proposed'), (500, 'oneiric') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-15-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru jasper-1.900.1/debian/changelog jasper-1.900.1/debian/changelog diff -Nru jasper-1.900.1/debian/patches/03-CVE-2011-451x.patch jasper-1.900.1/debian/patches/03-CVE-2011-451x.patch --- jasper-1.900.1/debian/patches/03-CVE-2011-451x.patch 1969-12-31 19:00:00.0 -0500 +++ jasper-1.900.1/debian/patches/03-CVE-2011-451x.patch 2011-12-19 09:39:44.0 -0500 @@ -0,0 +1,28 @@ +Description: fix denial of service and possible code execution via + heap-based buffer overflows. +Origin: Patch thanks to Red Hat + +Index: jasper-1.900.1/src/libjasper/jpc/jpc_cs.c +=== +--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c 2011-12-19 09:35:34.186909298 -0500 jasper-1.900.1/src/libjasper/jpc/jpc_cs.c 2011-12-19 09:35:51.198909832 -0500 +@@ -744,6 +744,10 @@ + return -1; + } + compparms-numrlvls = compparms-numdlvls + 1; ++ if (compparms-numrlvls JPC_MAXRLVLS) { ++ jpc_cox_destroycompparms(compparms); ++ return -1; ++ } + if (prtflag) { + for (i = 0; i compparms-numrlvls; ++i) { + if (jpc_getuint8(in, tmp)) { +@@ -1331,7 +1335,7 @@ + jpc_crgcomp_t *comp; + uint_fast16_t compno; + crg-numcomps = cstate-numcomps; +- if (!(crg-comps = jas_alloc2(cstate-numcomps, sizeof(uint_fast16_t { ++ if (!(crg-comps = jas_alloc2(cstate-numcomps, sizeof(jpc_crgcomp_t { + return -1; + } + for (compno = 0, comp = crg-comps; compno cstate-numcomps; diff -Nru jasper-1.900.1/debian/patches/series jasper-1.900.1/debian/patches/series --- jasper-1.900.1/debian/patches/series 2011-11-27 13:55:33.0 -0500 +++ jasper-1.900.1/debian/patches/series 2011-12-19 09:35:07.0 -0500 @@ -1,2 +1,3 @@ 01-misc-fixes.patch 02-fix-filename-buffer-overflow.patch +03-CVE-2011-451x.patch
Bug#652105: Better patch
Here's a better patch for the issue. Thanks. Description: Use system ca certificates, not the bundled ones Author: Marc Deslauriers marc.deslauri...@canonical.com Forwarded: No, distro-specific Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/python-httplib2/+bug/882027 Index: python-httplib2-0.7.2/python2/httplib2/__init__.py === --- python-httplib2-0.7.2.orig/python2/httplib2/__init__.py 2011-11-14 12:37:38.0 -0500 +++ python-httplib2-0.7.2/python2/httplib2/__init__.py 2011-12-15 14:21:42.061709438 -0500 @@ -176,9 +176,8 @@ # requesting that URI again. DEFAULT_MAX_REDIRECTS = 5 -# Default CA certificates file bundled with httplib2. -CA_CERTS = os.path.join( -os.path.dirname(os.path.abspath(__file__ )), cacerts.txt) +# Use system CA certificates +CA_CERTS = /etc/ssl/certs/ca-certificates.crt # Which headers are hop-by-hop headers by default HOP_BY_HOP = ['connection', 'keep-alive', 'proxy-authenticate', 'proxy-authorization', 'te', 'trailers', 'transfer-encoding', 'upgrade'] Index: python-httplib2-0.7.2/python3/httplib2/__init__.py === --- python-httplib2-0.7.2.orig/python3/httplib2/__init__.py 2011-11-14 12:37:38.0 -0500 +++ python-httplib2-0.7.2/python3/httplib2/__init__.py 2011-12-15 14:22:02.937709977 -0500 @@ -119,9 +119,8 @@ # Which headers are hop-by-hop headers by default HOP_BY_HOP = ['connection', 'keep-alive', 'proxy-authenticate', 'proxy-authorization', 'te', 'trailers', 'transfer-encoding', 'upgrade'] -# Default CA certificates file bundled with httplib2. -CA_CERTS = os.path.join( -os.path.dirname(os.path.abspath(__file__ )), cacerts.txt) +# Use system CA certificates +CA_CERTS = /etc/ssl/certs/ca-certificates.crt def _get_end2end_headers(response): hopbyhop = list(HOP_BY_HOP)
Bug#648311: use of pkexec
I didn't submit the Ubuntu patch as the Debian synaptic package uses su-to-root, and not gksu as Ubuntu does. Would it be ok to unconditionally use pkexec as the wrapper instead of su-to-root in Debian? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#652105: python-httplib2: Patch to use system ca certs instead of bundled ones
Package: python-httplib2 Version: 0.7.2-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu precise ubuntu-patch *** /tmp/tmpb2NdsU In Ubuntu, the attached patch was applied to achieve the following: * debian/patches/use_system_cacerts.patch: Use system ca certificates, not the bundled ones (LP: #882027) Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers oneiric-updates APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 'oneiric-proposed'), (500, 'oneiric') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-14-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru python-httplib2-0.7.2/debian/changelog python-httplib2-0.7.2/debian/changelog diff -Nru python-httplib2-0.7.2/debian/control python-httplib2-0.7.2/debian/control --- python-httplib2-0.7.2/debian/control 2011-06-13 17:22:39.0 -0400 +++ python-httplib2-0.7.2/debian/control 2011-12-14 14:30:46.0 -0500 @@ -12,7 +13,7 @@ Package: python-httplib2 Architecture: all -Depends: ${misc:Depends}, ${python:Depends} +Depends: ${misc:Depends}, ${python:Depends}, ca-certificates Description: comprehensive HTTP client library written for Python httplib2.py supports many features left out of other HTTP libraries. * HTTP and HTTPS @@ -29,7 +30,7 @@ Package: python3-httplib2 Architecture: all -Depends: ${misc:Depends}, ${python3:Depends} +Depends: ${misc:Depends}, ${python3:Depends}, ca-certificates Description: comprehensive HTTP client library written for Python3 httplib2.py supports many features left out of other HTTP libraries. * HTTP and HTTPS diff -Nru python-httplib2-0.7.2/debian/patches/series python-httplib2-0.7.2/debian/patches/series --- python-httplib2-0.7.2/debian/patches/series 1969-12-31 19:00:00.0 -0500 +++ python-httplib2-0.7.2/debian/patches/series 2011-12-14 14:23:08.0 -0500 @@ -0,0 +1 @@ +use_system_cacerts.patch diff -Nru python-httplib2-0.7.2/debian/patches/use_system_cacerts.patch python-httplib2-0.7.2/debian/patches/use_system_cacerts.patch --- python-httplib2-0.7.2/debian/patches/use_system_cacerts.patch 1969-12-31 19:00:00.0 -0500 +++ python-httplib2-0.7.2/debian/patches/use_system_cacerts.patch 2011-12-14 15:21:35.0 -0500 @@ -0,0 +1,31 @@ +Description: Use system ca certificates, not the bundled ones +Author: Marc Deslauriers marc.deslauri...@canonical.com +Forwarded: No, distro-specific +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/python-httplib2/+bug/882027 + +Index: python-httplib2-0.7.2/python2/httplib2/__init__.py +=== +--- python-httplib2-0.7.2.orig/python2/httplib2/__init__.py 2011-12-14 14:23:20.490875998 -0500 python-httplib2-0.7.2/python2/httplib2/__init__.py 2011-12-14 14:24:22.114877577 -0500 +@@ -178,7 +178,7 @@ + + # Default CA certificates file bundled with httplib2. + CA_CERTS = os.path.join( +-os.path.dirname(os.path.abspath(__file__ )), cacerts.txt) ++os.path.dirname(os.path.abspath(__file__ )), /etc/ssl/certs/ca-certificates.crt) + + # Which headers are hop-by-hop headers by default + HOP_BY_HOP = ['connection', 'keep-alive', 'proxy-authenticate', 'proxy-authorization', 'te', 'trailers', 'transfer-encoding', 'upgrade'] +Index: python-httplib2-0.7.2/python3/httplib2/__init__.py +=== +--- python-httplib2-0.7.2.orig/python3/httplib2/__init__.py 2011-12-14 14:23:23.698876078 -0500 python-httplib2-0.7.2/python3/httplib2/__init__.py 2011-12-14 14:24:29.578877767 -0500 +@@ -121,7 +121,7 @@ + + # Default CA certificates file bundled with httplib2. + CA_CERTS = os.path.join( +-os.path.dirname(os.path.abspath(__file__ )), cacerts.txt) ++os.path.dirname(os.path.abspath(__file__ )), /etc/ssl/certs/ca-certificates.crt) + + def _get_end2end_headers(response): + hopbyhop = list(HOP_BY_HOP)
Bug#651844: libarchive: fix for CVE-2011-1777 and CVE-2011-1778
Package: libarchive Version: 2.8.5-3 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu precise ubuntu-patch *** /tmp/tmp_Ru6Y6 In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: arbitrary code execution via iso9660 overflows - debian/patches/CVE-2011-1777.patch: correctly fail on out of memory conditions in libarchive/archive_read_support_format_iso9660.c. - CVE-2011-1777 * SECURITY UPDATE: arbitrary code execution via tar overflows - debian/patches/CVE-2011-1778.patch: correctly fail on out of memory conditions in libarchive/archive_read_support_format_tar.c - CVE-2011-1778 Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers oneiric-updates APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 'oneiric-proposed'), (500, 'oneiric') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-14-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru libarchive-2.8.5/debian/changelog libarchive-2.8.5/debian/changelog diff -Nru libarchive-2.8.5/debian/patches/CVE-2011-1777.patch libarchive-2.8.5/debian/patches/CVE-2011-1777.patch --- libarchive-2.8.5/debian/patches/CVE-2011-1777.patch 1969-12-31 19:00:00.0 -0500 +++ libarchive-2.8.5/debian/patches/CVE-2011-1777.patch 2011-12-09 10:37:29.0 -0500 @@ -0,0 +1,108 @@ +Description: fix arbitrary code execution via iso9660 overflows +Origin: backport, http://code.google.com/p/libarchive/source/detail?r=3158 + +Index: libarchive-2.8.5/libarchive/archive_read_support_format_iso9660.c +=== +--- libarchive-2.8.5.orig/libarchive/archive_read_support_format_iso9660.c 2011-12-09 10:36:34.547552016 -0500 libarchive-2.8.5/libarchive/archive_read_support_format_iso9660.c 2011-12-09 10:37:08.643552304 -0500 +@@ -417,12 +417,12 @@ + static inline void cache_add_entry(struct iso9660 *iso9660, + struct file_info *file); + static inline struct file_info *cache_get_entry(struct iso9660 *iso9660); +-static void heap_add_entry(struct heap_queue *heap, ++static int heap_add_entry(struct archive_read *a, struct heap_queue *heap, + struct file_info *file, uint64_t key); + static struct file_info *heap_get_entry(struct heap_queue *heap); + +-#define add_entry(iso9660, file) \ +- heap_add_entry(((iso9660)-pending_files), file, file-offset) ++#define add_entry(arch, iso9660, file) \ ++ heap_add_entry(arch, ((iso9660)-pending_files), file, file-offset) + #define next_entry(iso9660) \ + heap_get_entry(((iso9660)-pending_files)) + +@@ -1010,15 +1010,19 @@ + con-next = NULL; + *multi-contents.last = con; + multi-contents.last = (con-next); +-if (multi == child) +- add_entry(iso9660, child); +-else { ++ if (multi == child) { ++ if (add_entry(a, iso9660, child) ++ != ARCHIVE_OK) ++ return (ARCHIVE_FATAL); ++ } else { + multi-size += child-size; + if (!child-multi_extent) + multi = NULL; + } + } else +-add_entry(iso9660, child); ++ if (add_entry(a, iso9660, child) ++ != ARCHIVE_OK) ++ return (ARCHIVE_FATAL); + } + } + +@@ -1118,7 +1122,8 @@ + iso9660-seenJoliet = seenJoliet; + } + /* Store the root directory in the pending list. */ +- add_entry(iso9660, file); ++ if (add_entry(a, iso9660, file) != ARCHIVE_OK) ++ return (ARCHIVE_FATAL); + if (iso9660-seenRockridge) { + a-archive.archive_format = + ARCHIVE_FORMAT_ISO9660_ROCKRIDGE; +@@ -2745,8 +2750,8 @@ + return (file); + } + +-static void +-heap_add_entry(struct heap_queue *heap, struct file_info *file, uint64_t key) ++static int ++heap_add_entry(struct archive_read *a, struct heap_queue *heap, struct file_info *file, uint64_t key) + { + uint64_t file_key, parent_key; + int hole, parent; +@@ -2759,12 +2764,18 @@ + if (heap-allocated 1024) + new_size = 1024; + /* Overflow might keep us from growing the list. */ +- if (new_size = heap-allocated) +- __archive_errx(1, Out of memory); ++ if (new_size = heap-allocated) { ++ archive_set_error(a-archive, ++ ENOMEM, Out of memory); ++ return (ARCHIVE_FATAL); ++ } + new_pending_files = (struct file_info **) + malloc(new_size * sizeof(new_pending_files[0])); +- if (new_pending_files == NULL) +- __archive_errx(1, Out of memory); ++ if (new_pending_files == NULL) { ++ archive_set_error(a-archive, ++ ENOMEM, Out of memory); ++ return (ARCHIVE_FATAL); ++ } + memcpy(new_pending_files, heap-files, + heap-allocated * sizeof(new_pending_files[0])); + if (heap-files != NULL) +@@ -2784,13 +2795,15 @@ + parent_key = heap-files[parent]-key; + if (file_key = parent_key) { + heap-files[hole] = file; +- return; ++ return (ARCHIVE_OK); + } + // Move parent into hole == move hole up
Bug#648038: tomcat6: CVE-2011-1184 and CVE-2011-2526 fixes
Package: tomcat6 Version: 6.0.32-6 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu precise ubuntu-patch *** /tmp/tmpibvEX2 In Ubuntu, the attached patch was applied to achieve the following: Fixes two security issues (CVE-2011-1184 and CVE-2011-2526) * SECURITY UPDATE: HTTP DIGEST authentication weaknesses - debian/patches/0014-CVE-2011-1184.patch: add new nonce options in java/org/apache/catalina/authenticator/DigestAuthenticator.java, java/org/apache/catalina/authenticator/LocalStrings.properties, java/org/apache/catalina/authenticator/mbeans-descriptors.xml, java/org/apache/catalina/realm/RealmBase.java, webapps/docs/config/valve.xml. - CVE-2011-1184 * SECURITY UPDATE: file restriction bypass or denial of service via untrusted web application. - debian/patches/0015-CVE-2011-2526.patch: check canonical name in java/org/apache/catalina/connector/LocalStrings.properties, java/org/apache/catalina/connector/Request.java, java/org/apache/catalina/servlets/DefaultServlet.java, java/org/apache/coyote/http11/Http11AprProcessor.java, java/org/apache/coyote/http11/LocalStrings.properties, java/org/apache/tomcat/util/net/AprEndpoint.java, java/org/apache/tomcat/util/net/NioEndpoint.java. - CVE-2011-2526 Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers oneiric-updates APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 'oneiric-proposed'), (500, 'oneiric') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-13-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru tomcat6-6.0.32/debian/changelog tomcat6-6.0.32/debian/changelog diff -Nru tomcat6-6.0.32/debian/patches/0014-CVE-2011-1184.patch tomcat6-6.0.32/debian/patches/0014-CVE-2011-1184.patch --- tomcat6-6.0.32/debian/patches/0014-CVE-2011-1184.patch 1969-12-31 19:00:00.0 -0500 +++ tomcat6-6.0.32/debian/patches/0014-CVE-2011-1184.patch 2011-11-08 07:55:11.0 -0500 @@ -0,0 +1,798 @@ +Description: fix HTTP DIGEST authentication weaknesses +Origin: upstream, http://svn.apache.org/viewvc?view=revisionrevision=1158180 + +Index: tomcat6-6.0.32/java/org/apache/catalina/authenticator/DigestAuthenticator.java +=== +--- tomcat6-6.0.32.orig/java/org/apache/catalina/authenticator/DigestAuthenticator.java 2010-04-29 11:00:41.0 -0400 tomcat6-6.0.32/java/org/apache/catalina/authenticator/DigestAuthenticator.java 2011-10-13 16:38:43.989355250 -0400 +@@ -23,11 +23,14 @@ + import java.security.MessageDigest; + import java.security.NoSuchAlgorithmException; + import java.security.Principal; ++import java.util.LinkedHashMap; ++import java.util.Map; + import java.util.StringTokenizer; + + import javax.servlet.http.HttpServletResponse; + + ++import org.apache.catalina.LifecycleException; + import org.apache.catalina.Realm; + import org.apache.catalina.connector.Request; + import org.apache.catalina.connector.Response; +@@ -47,8 +50,8 @@ + * @version $Id: DigestAuthenticator.java 939336 2010-04-29 15:00:41Z kkolinko $ + */ + +-public class DigestAuthenticator +-extends AuthenticatorBase { ++public class DigestAuthenticator extends AuthenticatorBase { ++ + private static Log log = LogFactory.getLog(DigestAuthenticator.class); + + +@@ -67,6 +70,11 @@ + org.apache.catalina.authenticator.DigestAuthenticator/1.0; + + ++/** ++ * Tomcat's DIGEST implementation only supports auth quality of protection. ++ */ ++protected static final String QOP = auth; ++ + // --- Constructors + + +@@ -92,17 +100,49 @@ + + + /** ++ * List of client nonce values currently being tracked ++ */ ++protected MapString,NonceInfo cnonces; ++ ++ ++/** ++ * Maximum number of client nonces to keep in the cache. If not specified, ++ * the default value of 1000 is used. ++ */ ++protected int cnonceCacheSize = 1000; ++ ++ ++/** + * Private key. + */ +-protected String key = Catalina; ++protected String key = null; + + +-// - Properties ++/** ++ * How long server nonces are valid for in milliseconds. Defaults to 5 ++ * minutes. ++ */ ++protected long nonceValidity = 5 * 60 * 1000; ++ ++ ++/** ++ * Opaque string. ++ */ ++protected String opaque; + + + /** ++ * Should the URI be validated as required by RFC2617? Can be disabled in ++ * reverse proxies where the proxy has modified the URI. ++ */ ++protected boolean validateUri = true; ++ ++// - Properties ++ ++/** + * Return descriptive
Bug#625966: libmodplug = 0.8.8.2 .abc Stack-Based Buffer Overflow
Package: libmodplug Version: 1:0.8.8.2-3 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu oneiric ubuntu-patch *** /tmp/tmpNcrGvL In Ubuntu, the attached patch was applied to fix the security issue: * SECURITY UPDATE: multiple security issues in ABC loader - src/load_abc.cpp: fix various issues. - http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=d7c36959757fc6c8e4d487be8a72383093d9d26f - http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=5d437ad2f741c08fc3862cd4d5157492ead0fe84 - http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=a13e067a82fa195b1732ad9fb8341c1b0f141bf5 - http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=22aa681cd12f8547a8866112c7e443166115b701 - http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=bd5363f31274d6e79b8ace5a94686c9ac6ef415b - http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=51f4b152060be23a4514da2a65c83e205bfb21ba - http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=56436fac0a37b1746dab594e4aefba9d2bb92e09 - http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=ad305187322171eab3a66f4b5ce2a067b1580b3e - http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms;a=commit;h=497a27ba2555399d7aa243dbb51ca81e4e7a32cf - CVE-2011-1761 Thanks for considering the patch. -- System Information: Debian Release: squeeze/sid APT prefers natty-updates APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty-proposed'), (500, 'natty') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-11-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u libmodplug-0.8.8.2/debian/changelog libmodplug-0.8.8.2/debian/changelog only in patch2: unchanged: --- libmodplug-0.8.8.2.orig/src/load_abc.cpp +++ libmodplug-0.8.8.2/src/load_abc.cpp @@ -277,11 +277,45 @@ } #endif - static int abc_isvalidchar(char c) { return(isalpha(c) || isdigit(c) || isspace(c) || c == '%' || c == ':'); } +static const char *abc_skipspace(const char *p) +{ + while (*p isspace(*p)) + p++; + return p; +} + +static void abc_extractkeyvalue(char *key, size_t key_max, +char *value, size_t value_max, const char *src) +{ + while (*src isspace(*src)) + src++; + + size_t key_size; + for (key_size = 0; key_size key_max - 1 *src;) { + if (*src == '=') { + src++; + break; + } + key[key_size++] = *src++; + } + while (key_size 0 isspace(key[key_size - 1])) + key_size--; + key[key_size] = '\0'; + + while (*src isspace(*src)) + src++; + + size_t value_size; + for (value_size = 0; value_size value_max - 1 *src;) + value[value_size++] = *src++; + while (value_size 0 isspace(value[value_size - 1])) + value_size--; + value[value_size] = '\0'; +} static void abc_message(const char *s1, const char *s2) { @@ -308,6 +342,7 @@ static uint32_t notelen_notediv_to_ticks(int speed, int len, int div) { uint32_t u; + if (div == 0) return 0; u = (ROWSPERNOTE * RESOLUTION * speed * len * global_tempo_factor) / (div * global_tempo_divider); return u; } @@ -454,7 +489,7 @@ if( mmfeof(mmfile) ) return EOF; b = mmfile-mm[mmfile-pos]; mmfile-pos++; - if( b=='\r' mmfile-mm[mmfile-pos] == '\n' ) { + if( b=='\r' !mmfeof(mmfile) mmfile-mm[mmfile-pos] == '\n' ) { b = '\n'; mmfile-pos++; } @@ -531,21 +566,13 @@ // = { ABCMACRO *retval; - const char *p; - char buf[256],*q; - for( p=m; *p isspace(*p); p++ ) ; - for( q=buf; *p *p != '='; p++ ) - *q++ = *p; - if( q != buf ) - while( isspace(q[-1]) ) q--; - *q = '\0'; + char key[256], value[256]; + abc_extractkeyvalue(key, sizeof(key), value, sizeof(value), m); + retval = (ABCMACRO *)_mm_calloc(h-macrohandle, 1,sizeof(ABCTRACK)); -retval-name = DupStr(h-macrohandle, buf,strlen(buf)); +retval-name = DupStr(h-macrohandle, key, strlen(key)); retval-n = strrchr(retval-name, 'n'); // for transposing macro's - for( p++; *p isspace(*p); p++ ) ; - strncpy(buf,p,200); - for( q=buf[strlen(buf)-1]; q!=buf isspace(*q); q-- ) *q = '\0'; -retval-subst = DupStr(h-macrohandle, buf, strlen(buf)); +retval-subst = DupStr(h-macrohandle, value, strlen(value)); retval-next = h-macro; h-macro = retval; } @@ -555,24 +582,15 @@ // = { ABCMACRO *retval, *mp; - const char *p; - char buf[256], let[2], *q; - for( p=m; *p isspace(*p); p++ ) ; - for( q=buf; *p *p != '='; p++ ) - *q++ = *p; - if( q
Bug#636168: gcstar: Version 1.6.2 is now available
Package: gcstar Severity: normal Tags: sid Upstream has released version 1.6.2 on july 10th. Please update the version in unstable. Thanks! -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#635901: stereograph: fix for FTBFS
Package: stereograph Version: 0.30a-6 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu oneiric ubuntu-patch *** /tmp/tmpbOzU85 In Ubuntu, the attached patch was applied to fix a FTBFS: * Changed library references, changed and updated parameters to linker to solve FTBFS (LP: #755934): - Makefile: replaced hardcoded libraries with library parameters for libpng and libz. - Makefile.in: added target to build stereograph executable putting the library references after the objects that needs them, to build with ld --no-as-needed. - debian/control: updated build depends for libpng. Thanks for considering the patch. -- System Information: Debian Release: squeeze/sid APT prefers natty-updates APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty-proposed'), (500, 'natty') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-10-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u stereograph-0.30a/debian/control stereograph-0.30a/debian/control --- stereograph-0.30a/debian/control +++ stereograph-0.30a/debian/control @@ -1,9 +1,10 @@ Source: stereograph Section: graphics Priority: optional -Maintainer: Peter Palfrader wea...@debian.org +Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com +XSBC-Original-Maintainer: Peter Palfrader wea...@debian.org Standards-Version: 3.6.2 -Build-Depends: libpng-dev, debhelper, zlib1g-dev +Build-Depends: libpng12-dev, debhelper, zlib1g-dev Package: stereograph Architecture: any diff -u stereograph-0.30a/debian/changelog stereograph-0.30a/debian/changelog diff -u stereograph-0.30a/Makefile.in stereograph-0.30a/Makefile.in --- stereograph-0.30a/Makefile.in +++ stereograph-0.30a/Makefile.in @@ -8,6 +8,8 @@ make: all stereograph: $(OBJ0) + gcc -g -o $@ $(OBJ0) $(LDFLAGS) + stereograph.o: stereograph.c stereograph.h renderer.h gfxio.h globals.h renderer.o: renderer.c renderer.h globals.h gfxio.o: gfxio.c gfxio.h renderer.h globals.h diff -u stereograph-0.30a/Makefile stereograph-0.30a/Makefile --- stereograph-0.30a/Makefile +++ stereograph-0.30a/Makefile @@ -17,7 +17,7 @@ else CFLAGS += -O2 endif -LDFLAGS = -lm /usr/lib/libpng.so /usr/lib/libz.so +LDFLAGS = -lm -lpng -lz # HPUX #CC = cc
Bug#554759: gupnp-ui: Fix for FTBFS
Package: gupnp-ui Version: 0.1.1-3 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu oneiric ubuntu-patch *** /tmp/tmp8b36Ny In Ubuntu, the attached patch was applied to fix the FTBFS: * configure, configure.ac: add libgupnp libraries to LIBS in order to solve FTBFS with ld --no-add-needed (LP: #749152) Thanks for considering the patch. -- System Information: Debian Release: squeeze/sid APT prefers natty-updates APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty-proposed'), (500, 'natty') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-10-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u gupnp-ui-0.1.1/debian/changelog gupnp-ui-0.1.1/debian/changelog only in patch2: unchanged: --- gupnp-ui-0.1.1.orig/configure.ac +++ gupnp-ui-0.1.1/configure.ac @@ -10,7 +10,7 @@ AC_STDC_HEADERS AC_PROG_LIBTOOL -PKG_CHECK_MODULES(LIBGUPNP_UI, gupnp-1.0 = 0.3 gtk+-2.0) +PKG_CHECK_MODULES(LIBGUPNP_UI, gupnp-1.0 = 0.3 gtk+-2.0, LIBS=$LIBS $LIBGUPNP_UI_LIBS) PKG_CHECK_MODULES(GTHREAD, gthread-2.0) only in patch2: unchanged: --- gupnp-ui-0.1.1.orig/configure +++ gupnp-ui-0.1.1/configure @@ -20909,6 +20909,7 @@ else LIBGUPNP_UI_CFLAGS=$pkg_cv_LIBGUPNP_UI_CFLAGS LIBGUPNP_UI_LIBS=$pkg_cv_LIBGUPNP_UI_LIBS + LIBS=$LIBS $LIBGUPNP_UI_LIBS { echo $as_me:$LINENO: result: yes 5 echo ${ECHO_T}yes 6; } :
Bug#629830: gimp vulnerable to CVE-2011-1782
Package: gimp Version: 2.6.11-2 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu oneiric ubuntu-patch *** /tmp/tmphuxFni In Ubuntu, the attached patch was applied to achieve the following security fix: * SECURITY UPDATE: denial of service and possible code execution via malformed PSP image file - debian/patches/08_CVE-2011-1782.patch: further fix buffer overflow in plug-ins/common/file-psp.c. - CVE-2011-1782 Thanks for considering the patch. -- System Information: Debian Release: squeeze/sid APT prefers natty-updates APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty-proposed'), (500, 'natty') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-10-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru gimp-2.6.11/debian/changelog gimp-2.6.11/debian/changelog diff -Nru gimp-2.6.11/debian/patches/08_CVE-2011-1782.patch gimp-2.6.11/debian/patches/08_CVE-2011-1782.patch --- gimp-2.6.11/debian/patches/08_CVE-2011-1782.patch 1969-12-31 19:00:00.0 -0500 +++ gimp-2.6.11/debian/patches/08_CVE-2011-1782.patch 2011-06-08 10:34:23.0 -0400 @@ -0,0 +1,17 @@ +Description: fix denial of service and possible code execution via + malformed PSP image file +Origin: upstream, http://git.gnome.org/browse/gimp/commit?id=f657361db04de69ce003328724c59e3f942d7d15 + +Index: gimp-2.6.11/plug-ins/common/file-psp.c +=== +--- gimp-2.6.11.orig/plug-ins/common/file-psp.c 2011-06-08 10:31:55.406816426 -0400 gimp-2.6.11/plug-ins/common/file-psp.c 2011-06-08 10:32:06.516816421 -0400 +@@ -1246,7 +1246,7 @@ + fread (buf, runcount, 1, f); + + /* prevent buffer overflow for bogus data */ +- runcount = MIN (runcount, endq - q); ++ runcount = MIN (runcount, (endq - q) / bytespp); + + if (bytespp == 1) + { diff -Nru gimp-2.6.11/debian/patches/series gimp-2.6.11/debian/patches/series --- gimp-2.6.11/debian/patches/series 2011-05-17 12:27:03.0 -0400 +++ gimp-2.6.11/debian/patches/series 2011-06-08 10:31:46.0 -0400 @@ -4,3 +4,4 @@ 06_CVE-2010-4543.patch 05_CVE-2010-454x.patch 07_binutils-gold.patch +08_CVE-2011-1782.patch
Bug#628126: b43-fwcutter: Add proxy support for downloading
Hi, Unfortunately, I don't have a proxy environment either. Is anyone else able to test it? Marc. On Tue, 2011-05-31 at 11:56 +0200, Fabrizio Regalli wrote: Hi Marc, I've added proxy support to the package but unfortunately I can't test it because I haven't a proxy environment usable. The new package are available here: http://packages.fabreg.it/incoming/ Could you please get it and test it? Let me know: if everything works fine I'll ask to upload to the official repository. Thanks. Cheers, Fabrizio. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#628126: b43-fwcutter: Add proxy support for downloading
Package: b43-fwcutter Version: 1:014-3 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu oneiric ubuntu-patch *** /tmp/tmp20pUTi In Ubuntu, the attached patch was applied to achieve the following: * Fix downloading from behind a proxy (LP: #769442) Thanks for considering the patch. -- System Information: Debian Release: squeeze/sid APT prefers natty-updates APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty-proposed'), (500, 'natty') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-9-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru b43-fwcutter-014/debian/changelog b43-fwcutter-014/debian/changelog diff -Nru b43-fwcutter-014/debian/firmware-b43-installer.postinst b43-fwcutter-014/debian/firmware-b43-installer.postinst --- b43-fwcutter-014/debian/firmware-b43-installer.postinst 2011-05-06 10:35:02.0 -0400 +++ b43-fwcutter-014/debian/firmware-b43-installer.postinst 2011-05-27 08:23:56.0 -0400 @@ -18,6 +18,17 @@ mkdir -p $FIRMWARE_INSTALL_DIR fi +# use apt proxy +APT_PROXIES=$(apt-config shell \ +http_proxy Acquire::http::Proxy \ +https_proxy Acquire::https::Proxy \ +ftp_proxy Acquire::ftp::Proxy \ +) + +if [ -n $APT_PROXIES ]; then + eval export $APT_PROXIES +fi + wget http://downloads.openwrt.org/sources/broadcom-wl-4.178.10.4.tar.bz2 tar xvjf broadcom-wl-4.178.10.4.tar.bz2 cd broadcom-wl-4.178.10.4/linux diff -Nru b43-fwcutter-014/debian/firmware-b43legacy-installer.postinst b43-fwcutter-014/debian/firmware-b43legacy-installer.postinst --- b43-fwcutter-014/debian/firmware-b43legacy-installer.postinst 2011-05-06 10:10:26.0 -0400 +++ b43-fwcutter-014/debian/firmware-b43legacy-installer.postinst 2011-05-27 08:20:36.0 -0400 @@ -32,6 +32,17 @@ mkdir -p $FIRMWARE_INSTALL_DIR fi +# use apt proxy +APT_PROXIES=$(apt-config shell \ +http_proxy Acquire::http::Proxy \ +https_proxy Acquire::https::Proxy \ +ftp_proxy Acquire::ftp::Proxy \ +) + +if [ -n $APT_PROXIES ]; then + eval export $APT_PROXIES +fi + wget http://downloads.openwrt.org/sources/wl_apsta-3.130.20.0.o b43-fwcutter -w $FIRMWARE_INSTALL_DIR wl_apsta-3.130.20.0.o rm wl_apsta-3.130.20.0.o diff -Nru b43-fwcutter-014/debian/firmware-b43-lpphy-installer.postinst b43-fwcutter-014/debian/firmware-b43-lpphy-installer.postinst --- b43-fwcutter-014/debian/firmware-b43-lpphy-installer.postinst 2011-05-06 10:36:07.0 -0400 +++ b43-fwcutter-014/debian/firmware-b43-lpphy-installer.postinst 2011-05-27 08:20:36.0 -0400 @@ -39,6 +39,17 @@ mkdir -p $FIRMWARE_INSTALL_DIR fi +# use apt proxy +APT_PROXIES=$(apt-config shell \ +http_proxy Acquire::http::Proxy \ +https_proxy Acquire::https::Proxy \ +ftp_proxy Acquire::ftp::Proxy \ +) + +if [ -n $APT_PROXIES ]; then + eval export $APT_PROXIES +fi + wget http://downloads.openwrt.org/sources/broadcom-wl-4.178.10.4.tar.bz2 tar xvjf broadcom-wl-4.178.10.4.tar.bz2 cd broadcom-wl-4.178.10.4/linux
Bug#623747: svgalib: FTBS on armel
Package: svgalib Version: 1:1.4.3-30 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu natty ubuntu-patch *** /tmp/tmphVBpfQ In Ubuntu, the attached patch was applied to fix a FTBFS on armel: * debian/rules: Changed chmod usage as not every architecture has dumpreg and restore* binaries (LP: #745870) Thanks for considering the patch. -- System Information: Debian Release: squeeze/sid APT prefers natty-updates APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-8-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru svgalib-1.4.3/debian/changelog svgalib-1.4.3/debian/changelog diff -Nru svgalib-1.4.3/debian/rules svgalib-1.4.3/debian/rules --- svgalib-1.4.3/debian/rules 2009-11-14 00:54:26.0 -0500 +++ svgalib-1.4.3/debian/rules 2011-04-22 08:33:04.0 -0400 @@ -90,9 +90,7 @@ dh_strip -a dh_compress -a dh_fixperms -a - for f in debian/$(bin)/usr/bin/{dumpreg,restore*}; do \ - [ -f $$f ] chmod 4755 $$f; \ - done + chmod 4755 debian/$(bin)/usr/bin/{dumpreg,restore*} || true dh_makeshlibs -a dh_installdeb -a dh_shlibdeps -a -ldebian/$(lib)/usr/lib -L$(lib)
Bug#608497: gimp: Fix from Ubuntu
Package: gimp Version: 2.6.11-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu natty ubuntu-patch *** /tmp/tmpJCXJq8 In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: denial of service and possible code execution via malformed plugin configuration files - debian/patches/05_CVE-2010-454x.patch: fix format strings in plug-ins/{common/sphere-designer,gfig/gfig-style, lighting/lighting-ui}.c. - CVE-2010-4540 - CVE-2010-4541 - CVE-2010-4542 * SECURITY UPDATE: denial of service and possible code execution via malformed PSP image file - debian/patches/06_CVE-2010-4543.patch: fix buffer overflow in plug-ins/common/file-psp.c. - CVE-2010-4543 Thanks for considering the patch. -- System Information: Debian Release: squeeze/sid APT prefers natty-updates APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-8-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru gimp-2.6.11/debian/changelog gimp-2.6.11/debian/changelog diff -Nru gimp-2.6.11/debian/patches/05_CVE-2010-454x.patch gimp-2.6.11/debian/patches/05_CVE-2010-454x.patch --- gimp-2.6.11/debian/patches/05_CVE-2010-454x.patch 1969-12-31 19:00:00.0 -0500 +++ gimp-2.6.11/debian/patches/05_CVE-2010-454x.patch 2011-04-07 10:59:56.0 -0400 @@ -0,0 +1,127 @@ +Description: fix denial of service and possible code execution via + malformed plugin configuration files +Origin: upstream, http://git.gnome.org/browse/gimp/commit/?id=7fb0300e1cfdb98a3bde54dbc73a0f3eda375162 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497 +Bug: https://bugzilla.gnome.org/show_bug.cgi?id=639203 + +Index: gimp-2.6.11/plug-ins/common/sphere-designer.c +=== +--- gimp-2.6.11.orig/plug-ins/common/sphere-designer.c 2011-04-07 10:39:20.396192480 -0400 gimp-2.6.11/plug-ins/common/sphere-designer.c 2011-04-07 10:40:07.156192468 -0400 +@@ -1992,6 +1992,7 @@ + gcharendbuf[21 * (G_ASCII_DTOSTR_BUF_SIZE + 1)]; + gchar *end = endbuf; + gcharline[1024]; ++ gcharfmt_str[16]; + gint i; + texture *t; + gint majtype, type; +@@ -2016,6 +2017,8 @@ + + s.com.numtexture = 0; + ++ snprintf (fmt_str, sizeof (fmt_str), %%d %%d %%%lds, sizeof (endbuf) - 1); ++ + while (!feof (f)) + { + +@@ -2026,7 +2029,7 @@ + t = s.com.texture[i]; + setdefaults (t); + +- if (sscanf (line, %d %d %s, t-majtype, t-type, end) != 3) ++ if (sscanf (line, fmt_str, t-majtype, t-type, end) != 3) + t-color1.x = g_ascii_strtod (end, end); + if (end errno != ERANGE) + t-color1.y = g_ascii_strtod (end, end); +Index: gimp-2.6.11/plug-ins/gfig/gfig-style.c +=== +--- gimp-2.6.11.orig/plug-ins/gfig/gfig-style.c 2011-04-07 10:39:35.966192476 -0400 gimp-2.6.11/plug-ins/gfig/gfig-style.c 2011-04-07 10:40:07.156192468 -0400 +@@ -165,6 +165,7 @@ + gchar *ptr; + gchar *tmpstr; + gchar *endptr; ++ gchar fmt_str[32]; + gchar colorstr_r[G_ASCII_DTOSTR_BUF_SIZE]; + gchar colorstr_g[G_ASCII_DTOSTR_BUF_SIZE]; + gchar colorstr_b[G_ASCII_DTOSTR_BUF_SIZE]; +@@ -172,6 +173,10 @@ + + style_entry-r = style_entry-g = style_entry-b = style_entry-a = 0.; + ++ snprintf (fmt_str, sizeof (fmt_str), %%%lds %%%lds %%%lds %%%lds, ++sizeof (colorstr_r) - 1, sizeof (colorstr_g) - 1, ++sizeof (colorstr_b) - 1, sizeof (colorstr_a) - 1); ++ + while (n nitems) + { + ptr = strchr (text[n], ':'); +@@ -181,7 +186,8 @@ + ptr++; + if (!strcmp (tmpstr, name)) + { +- sscanf (ptr, %s %s %s %s, colorstr_r, colorstr_g, colorstr_b, colorstr_a); ++ sscanf (ptr, fmt_str, ++ colorstr_r, colorstr_g, colorstr_b, colorstr_a); + style_entry-r = g_ascii_strtod (colorstr_r, endptr); + style_entry-g = g_ascii_strtod (colorstr_g, endptr); + style_entry-b = g_ascii_strtod (colorstr_b, endptr); +Index: gimp-2.6.11/plug-ins/lighting/lighting-ui.c +=== +--- gimp-2.6.11.orig/plug-ins/lighting/lighting-ui.c 2011-04-07 10:39:44.816192474 -0400 gimp-2.6.11/plug-ins/lighting/lighting-ui.c 2011-04-07 10:40:07.156192468 -0400 +@@ -1342,6 +1342,7 @@ + gchar buffer3[G_ASCII_DTOSTR_BUF_SIZE]; + gchar type_label[21]; + gchar *endptr; ++ gchar fmt_str[32]; + + if (response_id == GTK_RESPONSE_OK) + { +@@ -1381,23 +1382,41 @@ + return; + } + +- fscanf (fp, Position: %s %s %s, buffer1, buffer2, buffer3); ++ snprintf
Bug#621030: openslp-dfsg: fix for CVE-2010-3609
Package: openslp-dfsg Version: 1.2.1-7.8 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu natty ubuntu-patch *** /tmp/tmpokF8Uc In Ubuntu, the attached patch was applied to achieve the following: * SECURITY UPDATE: denial of service via circular reference - debian/patches/CVE-2010-3609.patch: detect circular reference in common/slp_message.c. Patch thanks to SUSE. - CVE-2010-3609 * debian/rules: add dh_quilt_patch and dh_quilt_unpatch so patches in debian/patches actually get applied. * debian/patches/series: disable 01_have_net_if_arp.diff and 99_autoreconf.diff since they had never been applied. Thanks for considering the patch. -- System Information: Debian Release: squeeze/sid APT prefers natty-updates APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-7-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u openslp-dfsg-1.2.1/debian/changelog openslp-dfsg-1.2.1/debian/changelog diff -u openslp-dfsg-1.2.1/debian/rules openslp-dfsg-1.2.1/debian/rules --- openslp-dfsg-1.2.1/debian/rules +++ openslp-dfsg-1.2.1/debian/rules @@ -26,6 +26,7 @@ dh_testdir cp -f /usr/share/misc/config.guess /usr/share/misc/config.sub . + dh_quilt_patch touch Makefile.in # work around patch timestamp problems ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \ --prefix=/usr --mandir=\$${prefix}/share/man\ @@ -42,6 +43,7 @@ # Clean up after the build process. [ ! -f Makefile ] || $(MAKE) clean + dh_quilt_unpatch rm -f build-stamp config.status debian/substvars debian/conffiles rm -f config.guess config.sub diff -u openslp-dfsg-1.2.1/debian/patches/series openslp-dfsg-1.2.1/debian/patches/series --- openslp-dfsg-1.2.1/debian/patches/series +++ openslp-dfsg-1.2.1/debian/patches/series @@ -1,2 +1,3 @@ -01_have_net_if_arp.diff -99_autoreconf.diff +#01_have_net_if_arp.diff +#99_autoreconf.diff +CVE-2010-3609.patch only in patch2: unchanged: --- openslp-dfsg-1.2.1.orig/debian/patches/CVE-2010-3609.patch +++ openslp-dfsg-1.2.1/debian/patches/CVE-2010-3609.patch @@ -0,0 +1,27 @@ +Description: fix denial of service via circular reference +Origin: vendor, https://build.opensuse.org/package/view_file?file=openslp.parseext.diffpackage=openslpproject=openSUSE%3A11.4srcmd5=38039c725b8a6c1e0cdd4efdffa8bcc8 + +Index: openslp-dfsg-1.2.1/common/slp_message.c +=== +--- openslp-dfsg-1.2.1.orig/common/slp_message.c 2011-04-05 14:29:12.063825536 -0400 openslp-dfsg-1.2.1/common/slp_message.c 2011-04-05 14:29:25.203825532 -0400 +@@ -872,10 +872,19 @@ + int extid; + int nextoffset; + int result = SLP_ERROR_OK; ++int bufsz = (int)(buffer-end - buffer-start); + + nextoffset = message-header.extoffset; + while(nextoffset) + { ++/* check for circular reference in list ++ * if the size gets below zero, we know we're ++ * reprocessing extensions in a loop. ++ */ ++bufsz -= 5; ++if (bufsz = 0) ++return SLP_ERROR_PARSE_ERROR; ++ + buffer-curpos = buffer-start + nextoffset; + if(buffer-curpos + 5 = buffer-end) + {
Bug#619526: sbuild: Quirk to work around wrong build-essential entry on Ubuntu Lucid
Package: sbuild Version: 0.60.9-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu natty ubuntu-patch *** /tmp/tmpVBaqZt In Ubuntu, the attached patch was applied to achieve the following: * lib/Sbuild/Build.pm: work around Lucid issue that has diff listed in build-essential instead of diffutils. This causes schroots that don't have universe enabled to fail to install dependencies. (LP: #741897) This may be worthwhile for Debian users who want to build packages for Ubuntu. Thanks. -- System Information: Debian Release: squeeze/sid APT prefers natty-updates APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-7-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u sbuild-0.60.9/lib/Sbuild/Build.pm sbuild-0.60.9/lib/Sbuild/Build.pm --- sbuild-0.60.9/lib/Sbuild/Build.pm +++ sbuild-0.60.9/lib/Sbuild/Build.pm @@ -1464,11 +1464,15 @@ } # Workaround http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602571 +# Also works around Ubuntu Lucid shipping with diff instead of +# diffutils: https://bugs.launchpad.net/ubuntu/+source/sbuild/+bug/741897 if (open( F, $self-{'Chroot Dir'}/etc/lsb-release )) { while( F ) { if ($_ eq DISTRIB_ID=Ubuntu\n) { @essential = grep(!/^sysvinit$/, @essential); -last; +} +if ($_ eq DISTRIB_CODENAME=lucid\n) { +s/^diff$/diffutils/ for (@essential); } } close( F ); diff -u sbuild-0.60.9/debian/changelog sbuild-0.60.9/debian/changelog
Bug#609811: sbuild: --no-install-recommends not available in older apt-get
Package: sbuild Version: 0.60.8-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu natty ubuntu-patch *** /tmp/tmpmadAAN In Ubuntu, the attached patch was applied to achieve the following: * lib/Sbuild/ResolverBase.pm: use -o APT::Install-Recommends=false instead of --no-install-recommends as it is not a valid option in Dapper schroots. This is Ubuntu-specific and can be removed once Dapper goes EoL. Although I mentioned it being Ubuntu-specific in the changelog, it may be useful to build for older Debian releases also. Thanks for considering the patch. -- System Information: Debian Release: squeeze/sid APT prefers natty-updates APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty-proposed'), (500, 'natty') Architecture: amd64 (x86_64) Kernel: Linux 2.6.37-12-generic (SMP w/2 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u sbuild-0.60.8/debian/changelog sbuild-0.60.8/debian/changelog only in patch2: unchanged: --- sbuild-0.60.8.orig/lib/Sbuild/ResolverBase.pm +++ sbuild-0.60.8/lib/Sbuild/ResolverBase.pm @@ -393,7 +393,8 @@ my @apt_command = ($self-get_conf('APT_GET'), '--purge', '-o', 'DPkg::Options::=--force-confold', '-o', 'DPkg::Options::=--refuse-remove-essential', - '-q', '--no-install-recommends'); + '-o', 'APT::Install-Recommends=false', + '-q'); push @apt_command, '--allow-unauthenticated' if ($self-get_conf('APT_ALLOW_UNAUTHENTICATED')); push @apt_command, $mode, $action, @packages;
Bug#604706: pbuilder: manpage tests fail if locale isn't setup
Package: pbuilder Version: 0.199 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu natty ubuntu-patch *** /tmp/tmppAGg53 In Ubuntu, we've applied the attached patch to achieve the following: * debian/rules: install temporary locale so man page tests don't cause FTBFS. We thought you might be interested in doing the same. -- System Information: Debian Release: squeeze/sid APT prefers maverick-updates APT policy: (500, 'maverick-updates'), (500, 'maverick-security'), (500, 'maverick-proposed'), (500, 'maverick') Architecture: amd64 (x86_64) Kernel: Linux 2.6.35-23-generic (SMP w/2 CPU cores) Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru pbuilder-0.199ubuntu2/debian/changelog pbuilder-0.199ubuntu3/debian/changelog diff -Nru pbuilder-0.199ubuntu2/debian/rules pbuilder-0.199ubuntu3/debian/rules --- pbuilder-0.199ubuntu2/debian/rules 2010-10-13 13:13:54.0 -0400 +++ pbuilder-0.199ubuntu3/debian/rules 2010-11-23 11:36:33.0 -0500 @@ -1,5 +1,9 @@ #!/usr/bin/make -f +LOCALE_PATH := debian/tmpdir/usr/lib/locale +LOCALE_NAME := en_US +LOCALE_CHARSET := UTF-8 + build: build-stamp build-stamp: dh_testdir @@ -18,7 +22,11 @@ dh_prep dh_installdirs ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) - $(MAKE) check + mkdir -p $(LOCALE_PATH) + localedef -i $(LOCALE_NAME) -c -f $(LOCALE_CHARSET) \ + -A /usr/share/locale/locale.alias --quiet \ + $(LOCALE_PATH)/$(LOCALE_NAME).$(LOCALE_CHARSET) + LOCPATH=$(LOCALE_PATH) LC_ALL=$(LOCALE_NAME).$(LOCALE_CHARSET) $(MAKE) check endif $(MAKE) install DESTDIR=$(CURDIR)/debian/pbuilder dh_movefiles -ppbuilder-uml --sourcedir=debian/pbuilder
Bug#604706: Acknowledgement (pbuilder: manpage tests fail if locale isn't setup)
Whoops, I forgot to clean up the temporary directory. Here's a second patch that does that. Marc. diff -Nru pbuilder-0.199ubuntu3/debian/rules pbuilder-0.199ubuntu4/debian/rules --- pbuilder-0.199ubuntu3/debian/rules 2010-11-23 11:36:33.0 -0500 +++ pbuilder-0.199ubuntu4/debian/rules 2010-11-23 13:02:20.0 -0500 @@ -1,6 +1,6 @@ #!/usr/bin/make -f -LOCALE_PATH := debian/tmpdir/usr/lib/locale +LOCALE_PATH := debian/tmplocale LOCALE_NAME := en_US LOCALE_CHARSET := UTF-8 @@ -13,6 +13,7 @@ dh_testdir dh_testroot rm -f build-stamp + rm -rf $(LOCALE_PATH) $(MAKE) clean dh_clean
Bug#599930: aide: escape another special character in pathnames
Package: aide Version: 0.13.1-11 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu natty ubuntu-patch *** /tmp/tmplkThkF Aide chokes on the special character in the following pathname: /dev/input/by-id/usb-Microsoft_Microsoft_IntelliMouse®_Optical-mouse In Ubuntu, we've applied the attached patch to achieve the following: * debian/aide.conf.d/70_aide_dev: escape another special character in filenames. (LP: #456710) We thought you might be interested in doing the same. -- System Information: Debian Release: squeeze/sid APT prefers maverick-updates APT policy: (500, 'maverick-updates'), (500, 'maverick-security'), (500, 'maverick-proposed'), (500, 'maverick') Architecture: amd64 (x86_64) Kernel: Linux 2.6.35-22-generic (SMP w/2 CPU cores) Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u aide-0.13.1/debian/changelog aide-0.13.1/debian/changelog diff -u aide-0.13.1/debian/aide.conf.d/70_aide_dev aide-0.13.1/debian/aide.conf.d/70_aide_dev --- aide-0.13.1/debian/aide.conf.d/70_aide_dev +++ aide-0.13.1/debian/aide.conf.d/70_aide_dev @@ -18,7 +18,7 @@ find /dev -path /dev/.static -prune -o -print | \ sed -e 's/^\(.*\)/\1$ RamdiskData/' \ -e 's,\\,,g' -e 's,\.,\\\.,g' \ - -e 's,#,\\#,g' + -e 's,#,\\#,g' -e 's,®,\.,g' echo /dev/\.static$ RamdiskData else # we have static /dev
Bug#590296: wget: Fix for CVE-2010-2252
Package: wget Version: 1.12-1.1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu maverick ubuntu-patch In Ubuntu, we've applied the attached patch to achieve the following: * SECURITY UPDATE: arbitrary file overwrite via 3xx redirect - debian/patches/CVE-2010-2252.dpatch: don't use server names in doc/wget.texi, src/{http.*,init.c,main.c,options.h,retr.c}. - This update changes previous behaviour by ignoring the filename supplied by the server during redirects. To re-enable previous behaviour, see the new --trust-server-names option. - CVE-2010-2252 We thought you might be interested in doing the same. -- System Information: Debian Release: squeeze/sid APT prefers maverick-updates APT policy: (500, 'maverick-updates'), (500, 'maverick-security'), (500, 'maverick-proposed'), (500, 'maverick') Architecture: amd64 (x86_64) Kernel: Linux 2.6.35-19-generic (SMP w/2 CPU cores) Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u wget-1.12/debian/changelog wget-1.12/debian/changelog diff -u wget-1.12/debian/patches/00list wget-1.12/debian/patches/00list --- wget-1.12/debian/patches/00list +++ wget-1.12/debian/patches/00list @@ -5,0 +6 @@ +CVE-2010-2252 only in patch2: unchanged: --- wget-1.12.orig/debian/patches/CVE-2010-2252.dpatch +++ wget-1.12/debian/patches/CVE-2010-2252.dpatch @@ -0,0 +1,162 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# Description: fix arbitrary file overwrite via 3xx redirect +# Origin: upstream, http://lists.gnu.org/archive/html/bug-wget/2010-07/msg00076.html +# Bug: https://savannah.gnu.org/bugs/?29958 +# Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590296 + +...@dpatch@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' wget-1.12~/doc/wget.texi wget-1.12/doc/wget.texi +--- wget-1.12~/doc/wget.texi 2010-09-03 09:18:48.0 -0400 wget-1.12/doc/wget.texi 2010-09-03 09:19:04.0 -0400 +@@ -1487,6 +1487,13 @@ + @code{Content-Disposition} headers to describe what the name of a + downloaded file should be. + +...@cindex Trust server names +...@item --trust-server-names ++ ++If this is set to on, on a redirect the last component of the ++redirection URL will be used as the local file name. By default it is ++used the last component in the original URL. ++ + @cindex authentication + @item --auth-no-challenge + +@@ -2797,6 +2804,10 @@ + Turn on recognition of the (non-standard) @samp{Content-Disposition} + HTTP header---if set to @samp{on}, the same as @samp{--content-disposition}. + +...@item trust_server_names = on/off ++If set to on, use the last component of a redirection URL for the local ++file name. ++ + @item continue = on/off + If set to on, force continuation of preexistent partially retrieved + files. See @samp{-c} before setting it. +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' wget-1.12~/src/http.c wget-1.12/src/http.c +--- wget-1.12~/src/http.c 2009-09-21 23:02:18.0 -0400 wget-1.12/src/http.c 2010-09-03 09:19:04.0 -0400 +@@ -2410,8 +2410,9 @@ + /* The genuine HTTP loop! This is the part where the retrieval is +retried, and retried, and retried, and... */ + uerr_t +-http_loop (struct url *u, char **newloc, char **local_file, const char *referer, +- int *dt, struct url *proxy, struct iri *iri) ++http_loop (struct url *u, struct url *original_url, char **newloc, ++ char **local_file, const char *referer, int *dt, struct url *proxy, ++ struct iri *iri) + { + int count; + bool got_head = false; /* used for time-stamping and filename detection */ +@@ -2457,7 +2458,8 @@ + } + else if (!opt.content_disposition) + { +- hstat.local_file = url_file_name (u); ++ hstat.local_file = ++url_file_name (opt.trustservernames ? u : original_url); + got_name = true; + } + +@@ -2497,7 +2499,7 @@ + + /* Send preliminary HEAD request if -N is given and we have an existing +* destination file. */ +- file_name = url_file_name (u); ++ file_name = url_file_name (opt.trustservernames ? u : original_url); + if (opt.timestamping +!opt.content_disposition +file_exists_p (file_name)) +@@ -2852,9 +2854,9 @@ + + /* Remember that we downloaded the file for later .orig code. */ + if (*dt ADDED_HTML_EXTENSION) +-downloaded_file(FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file); ++downloaded_file (FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file); + else +-downloaded_file(FILE_DOWNLOADED_NORMALLY, hstat.local_file); ++downloaded_file (FILE_DOWNLOADED_NORMALLY, hstat.local_file); + + ret = RETROK; + goto exit; +@@ -2885,9 +2887,9 @@ +
Bug#584516: [Re: CVE-2010-1628: allows context-dependent attackers to execute arbitrary code
Package: ghostscript Version: 8.63.dfsg.1-2 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu maverick ubuntu-patch *** /tmp/tmpQ4x52y In Ubuntu, we've applied the attached patch to achieve the following: * SECURITY UPDATE: arbitrary code execution via unlimited recursive procedure invocations (LP: #546009) - debian/patches/CVE-2010-1628.dpatch: only initialize structures if all allocations were successful in psi/ialloc.c, psi/idosave.h, psi/isave.c. - CVE-2010-1628 We thought you might be interested in doing the same. -- System Information: Debian Release: squeeze/sid APT prefers maverick-updates APT policy: (500, 'maverick-updates'), (500, 'maverick-security'), (500, 'maverick-proposed'), (500, 'maverick') Architecture: amd64 (x86_64) Kernel: Linux 2.6.35-9-generic (SMP w/2 CPU cores) Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u ghostscript-8.71.dfsg.1/debian/changelog ghostscript-8.71.dfsg.1/debian/changelog diff -u ghostscript-8.71.dfsg.1/debian/patches/00list ghostscript-8.71.dfsg.1/debian/patches/00list --- ghostscript-8.71.dfsg.1/debian/patches/00list +++ ghostscript-8.71.dfsg.1/debian/patches/00list @@ -10,0 +11 @@ +CVE-2010-1628 only in patch2: unchanged: --- ghostscript-8.71.dfsg.1.orig/debian/patches/CVE-2010-1628.dpatch +++ ghostscript-8.71.dfsg.1/debian/patches/CVE-2010-1628.dpatch @@ -0,0 +1,133 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# Description: fix arbitrary code execution via unlimited recursive +# procedure invocations +# Origin: upstream, http://svn.ghostscript.com/viewvc?view=revrevision=11414 +# Bug: http://bugs.ghostscript.com/show_bug.cgi?id=691295 +# Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/546009 +# Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584516 + +...@dpatch@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' ghostscript-8.71.dfsg.1~/psi/ialloc.c ghostscript-8.71.dfsg.1/psi/ialloc.c +--- ghostscript-8.71.dfsg.1~/psi/ialloc.c 2008-08-28 18:48:19.0 -0400 ghostscript-8.71.dfsg.1/psi/ialloc.c 2010-07-09 08:05:28.0 -0400 +@@ -185,7 +185,14 @@ + */ + chunk_t *pcc = mem-pcc; + ref *end; ++ alloc_change_t *cp = 0; ++int code = 0; + ++ if ((gs_memory_t *)mem != mem-stable_memory) { ++ code = alloc_save_change_alloc(mem, gs_alloc_ref_array, cp); ++ if (code 0) ++ return code; ++ } + obj = gs_alloc_struct_array((gs_memory_t *) mem, num_refs + 1, + ref, st_refs, cname); + if (obj == 0) +@@ -210,14 +217,10 @@ + chunk_locate_ptr(obj, cl); + cl.cp-has_refs = true; + } +- if ((gs_memory_t *)mem != mem-stable_memory) { +- ref_packed **ppr = 0; +- int code = alloc_save_change_alloc(mem, gs_alloc_ref_array, ppr); +- if (code 0) +- return code; +-if (ppr) +- *ppr = (ref_packed *)obj; +- } ++ if (cp) { ++mem-changes = cp; ++cp-where = (ref_packed *)obj; ++} + } + make_array(parr, attrs | mem-space, num_refs, obj); + return 0; +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' ghostscript-8.71.dfsg.1~/psi/idosave.h ghostscript-8.71.dfsg.1/psi/idosave.h +--- ghostscript-8.71.dfsg.1~/psi/idosave.h 2008-08-28 18:48:19.0 -0400 ghostscript-8.71.dfsg.1/psi/idosave.h 2010-07-09 08:05:31.0 -0400 +@@ -18,6 +18,22 @@ + # define idosave_INCLUDED + + /* ++ * Structure for saved change chain for save/restore. Because of the ++ * garbage collector, we need to distinguish the cases where the change ++ * is in a static object, a dynamic ref, or a dynamic struct. ++ */ ++typedef struct alloc_change_s alloc_change_t; ++struct alloc_change_s { ++alloc_change_t *next; ++ref_packed *where; ++ref contents; ++#define AC_OFFSET_STATIC (-2) /* static object */ ++#define AC_OFFSET_REF (-1) /* dynamic ref */ ++#define AC_OFFSET_ALLOCATED (-3) /* a newly allocated ref array */ ++short offset; /* if = 0, offset within struct */ ++}; ++ ++/* + * Save a change that must be undone by restore. We have to pass the + * pointer to the containing object to alloc_save_change for two reasons: + * +@@ -29,6 +45,7 @@ + * relocate the pointer to it from the change record during garbage + * collection. + */ ++ + int alloc_save_change(gs_dual_memory_t *dmem, const ref *pcont, + ref_packed *ptr, client_name_t cname); + int alloc_save_change_in(gs_ref_memory_t *mem, const ref *pcont, +@@ -36,6 +53,6 @@ + /* Remove an AC_OFFSET_ALLOCATED element. */ + void alloc_save_remove(gs_ref_memory_t *mem, ref_packed *obj, client_name_t cname); + /* Allocate a structure for recording an allocation event. */ +-int alloc_save_change_alloc(gs_ref_memory_t *mem, client_name_t cname, ref_packed ***ppr); ++int
Bug#586926: Can't authenticate with Google reader
Package: liferea Version: 1.6.3-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu maverick ubuntu-patch *** /tmp/tmpHXo8qP In Ubuntu, we've applied the attached patch to achieve the following: * debian/patches/google-reader-auth.patch: fix Google reader authentication (LP: #597532) We thought you might be interested in doing the same. -- System Information: Debian Release: squeeze/sid APT prefers maverick-updates APT policy: (500, 'maverick-updates'), (500, 'maverick-security'), (500, 'maverick-proposed'), (500, 'maverick') Architecture: amd64 (x86_64) Kernel: Linux 2.6.35-5-generic (SMP w/2 CPU cores) Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u liferea-1.6.3/debian/changelog liferea-1.6.3/debian/changelog diff -u liferea-1.6.3/debian/patches/series liferea-1.6.3/debian/patches/series --- liferea-1.6.3/debian/patches/series +++ liferea-1.6.3/debian/patches/series @@ -10,0 +11 @@ +google-reader-auth.patch only in patch2: unchanged: --- liferea-1.6.3.orig/debian/patches/google-reader-auth.patch +++ liferea-1.6.3/debian/patches/google-reader-auth.patch @@ -0,0 +1,251 @@ +Description: fix Google reader authentication +Bug: http://sourceforge.net/tracker/?func=detailaid=3019939group_id=87005atid=581684 +Origin: upstream, http://liferea.svn.sourceforge.net/viewvc/liferea?view=revisionrevision=5403 +Origin: upstream, http://liferea.svn.sourceforge.net/viewvc/liferea?view=revisionrevision=5404 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/liferea/+bug/597532 + +diff -Nur liferea-1.6.3/src/fl_sources/google_source.c liferea-1.6.3.new/src/fl_sources/google_source.c +--- liferea-1.6.3/src/fl_sources/google_source.c 2009-07-17 16:59:01.0 -0400 liferea-1.6.3.new/src/fl_sources/google_source.c 2010-06-25 14:46:03.0 -0400 +@@ -66,7 +66,7 @@ + + update_job_cancel_by_owner (gsource); + +- g_free (gsource-sid); ++ g_free (gsource-authHeaderValue); + g_queue_free (gsource-actionQueue) ; + g_hash_table_unref (gsource-lastTimestampMap); + g_free (gsource); +@@ -88,21 +88,21 @@ + gchar *tmp = NULL; + subscriptionPtr subscription = gsource-root-subscription; + +- debug0 (DEBUG_UPDATE, google login processing...); ++ debug1 (DEBUG_UPDATE, google login processing... %s, result-data); + +- g_assert (!gsource-sid); ++ g_assert (!gsource-authHeaderValue); + + if (result-data result-httpstatus == 200) +- tmp = strstr (result-data, SID=); ++ tmp = strstr (result-data, Auth=); + + if (tmp) { + gchar *ttmp = tmp; + tmp = strchr (tmp, '\n'); + if (tmp) + *tmp = '\0'; +- gsource-sid = g_strdup (ttmp); ++ gsource-authHeaderValue = g_strdup_printf (GoogleLogin auth=%s, ttmp + 5); + +- debug1 (DEBUG_UPDATE, google reader SID found: %s, gsource-sid); ++ debug1 (DEBUG_UPDATE, google reader Auth token found: %s, gsource-authHeaderValue); + /* now that we are authenticated trigger updating to start data retrieval */ + gsource-loginState = GOOGLE_SOURCE_STATE_ACTIVE; + if (!(flags GOOGLE_SOURCE_UPDATE_ONLY_LOGIN)) +@@ -112,7 +112,7 @@ + google_source_edit_process (gsource); + + } else { +- debug0 (DEBUG_UPDATE, google reader login failed! no SID found in result!); ++ debug0 (DEBUG_UPDATE, google reader login failed! no Auth token found in result!); + subscription-node-available = FALSE; + + g_free (subscription-updateError); +@@ -125,7 +125,7 @@ + + /** + * Perform a login to Google Reader, if the login completes the +- * GoogleSource will have a valid sid and will have loginStatus to ++ * GoogleSource will have a valid Auth token and will have loginStatus to + * GOOGLE_SOURCE_LOGIN_ACTIVE. + */ + void +diff -Nur liferea-1.6.3/src/fl_sources/google_source_edit.c liferea-1.6.3.new/src/fl_sources/google_source_edit.c +--- liferea-1.6.3/src/fl_sources/google_source_edit.c 2009-05-01 14:53:16.0 -0400 liferea-1.6.3.new/src/fl_sources/google_source_edit.c 2010-06-25 14:45:55.0 -0400 +@@ -384,7 +384,7 @@ + request = update_request_new (); + request-updateState = update_state_copy (gsource-root-subscription-updateState); + request-options = update_options_copy (gsource-root-subscription-updateOptions) ; +- update_state_set_cookies (request-updateState, gsource-sid); ++ update_request_set_auth_value (request, gsource-authHeaderValue); + + if (action-actionType == EDIT_ACTION_MARK_READ || + action-actionType == EDIT_ACTION_MARK_UNREAD || +@@ -421,7 +421,7 @@ + request-updateState = update_state_copy (gsource-root-subscription-updateState); + request-options = update_options_copy (gsource-root-subscription-updateOptions); + request-source = g_strdup (GOOGLE_READER_TOKEN_URL); +- update_state_set_cookies (request-updateState, gsource-sid); ++ update_request_set_auth_value(request, gsource-authHeaderValue); + + update_execute_request (gsource, request, google_source_edit_token_cb, +
Bug#577570: acidbase: fix undefined method errors with php 5.3
Package: acidbase Version: 1.4.4-3 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu lucid ubuntu-patch *** /tmp/tmpb4SIDV In Ubuntu, we've applied the attached patch to achieve the following: * debian/patches/13_add_missing_function.dpatch: Add missing ProtocolFieldCriteria::ProtocolFieldCriteria() function to work properly with php 5.3. (LP: #561556) We thought you might be interested in doing the same. -- System Information: Debian Release: squeeze/sid APT prefers lucid-updates APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-19-generic (SMP w/2 CPU cores) Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u acidbase-1.4.4/debian/changelog acidbase-1.4.4/debian/changelog diff -u acidbase-1.4.4/debian/patches/00list acidbase-1.4.4/debian/patches/00list --- acidbase-1.4.4/debian/patches/00list +++ acidbase-1.4.4/debian/patches/00list @@ -5,0 +6 @@ +13_add_missing_function only in patch2: unchanged: --- acidbase-1.4.4.orig/debian/patches/13_add_missing_function.dpatch +++ acidbase-1.4.4/debian/patches/13_add_missing_function.dpatch @@ -0,0 +1,28 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# Description: Add missing ProtocolFieldCriteria::ProtocolFieldCriteria() +# function to work properly with php 5.3 +# Origin: upstream, http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/includes/base_state_citems.inc.php?r1=1.36r2=1.37 +# Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/acidbase/+bug/561556 + +...@dpatch@ +diff -urNad acidbase-1.4.4~/includes/base_state_citems.inc.php acidbase-1.4.4/includes/base_state_citems.inc.php +--- acidbase-1.4.4~/includes/base_state_citems.inc.php 2009-09-05 11:58:07.0 -0400 acidbase-1.4.4/includes/base_state_citems.inc.php 2010-04-12 10:59:14.0 -0400 +@@ -293,6 +293,17 @@ + + class ProtocolFieldCriteria extends MultipleElementCriteria + { ++ function ProtocolFieldCriteria($db, $cs, $export_name, $element_cnt, $field_list = Array() ) ++ { ++ $tdb = $db; ++ $cs = $cs; ++ ++ $this-MultipleElementCriteria($tdb, $cs, $export_name, $element_cnt, $field_list); ++ ++ } ++ ++ ++ +function SanitizeElement($i) +{ + // Make a copy of the element array
Bug#577570: acidbase: fix undefined method errors with php 5.3
Yes, it's already in 1.4.5. Marc. On Mon, 2010-04-12 at 15:37 -0400, Jeremy T. Bouse wrote: Is this already part of the 1.4.5 acidbase upstream code? I'm already planning to work on getting it packaged this weekend and if it's already included I'll wait and just upgrade the package than apply a patch. Marc Deslauriers wrote: Package: acidbase Version: 1.4.4-3 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu lucid ubuntu-patch *** /tmp/tmpb4SIDV In Ubuntu, we've applied the attached patch to achieve the following: * debian/patches/13_add_missing_function.dpatch: Add missing ProtocolFieldCriteria::ProtocolFieldCriteria() function to work properly with php 5.3. (LP: #561556) We thought you might be interested in doing the same. -- System Information: Debian Release: squeeze/sid APT prefers lucid-updates APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-19-generic (SMP w/2 CPU cores) Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org