Bug#751294: chromium: Does not display any web page or settings (Aw, Snap)

2014-06-19 Thread Raphael Kubo da Costa 
Hi all,

Given that GCC 4.9 is related here, I believe this is the same bug that
has caused problems for other distros that have switched to GCC 4.9.

The root cause is very likely to be
https://code.google.com/p/angleproject/issues/detail?id=651, which I
reported a while ago and has been fixed in Chromium trunk.

There is also a merge request for the fix to be merged into Chromium's
beta channel (M36) in
https://code.google.com/p/chromium/issues/detail?id=385729, but upstream
was reluctant to include this into M35 (the stable channel).

It might be useful to try applying the M36 patch into the M35 tarball
currently being packaged in Debian nonetheless to get rid of the
problem.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#754089: python-setuptools: Version 5.3 does not work with HTTPS and proxy tunneling.

2014-07-07 Thread Raphael Kubo da Costa 
Package: python-setuptools
Version: 5.3-1
Severity: important

The original bug report is here: 
https://lists.debian.org/debian-python/2014/06/msg3.html

In short, a fix that made it into Python 2.7.7 and 3.4.1 changes the behavior
of httplib.HTTPConnection's tunneling handling. setuptools is one of the
packages affected by this change: it is unusable if one is behind an HTTP
proxy, as it tries to connect via HTTPS to https://pypi.python.org/simple/pip/
and fails.

I've sent a fix upstream [1] similar to the one done to urllib3 and it was
released with version 5.4.1. Please consider updating to it.

[1] 
https://bitbucket.org/pypa/setuptools/pull-request/71/ssl_support-adjust-to-tunneling-changes-in

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages python-setuptools depends on:
ii  python-pkg-resources  5.3-1
pn  python:anynone

python-setuptools recommends no packages.

python-setuptools suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#754090: python-urllib3: Version 1.8.2 does not work with HTTPS and proxy tunneling

2014-07-07 Thread Raphael Kubo da Costa 
Package: python-urllib3
Version: 1.8.2-1
Severity: important

Dear Maintainer,

The original bug report is here: 
https://lists.debian.org/debian-python/2014/06/msg3.html

In short, a fix that made it into Python 2.7.7 and 3.4.1 changes the behavior
of httplib.HTTPConnection's tunneling handling. pip is among the modules
affected by this change: it is unusable if one is behind an HTTP proxy, as it
tries to connect via HTTPS to https://pypi.python.org/simple/pip/ and fails.

A fix for this issue was committed to urllib3, and is part of the 1.8.3
release. Please consider updating to it (this release also contains a handful
of other bug fixes too).

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages python-urllib3 depends on:
ii  python-six  1.7.3-1
pn  python:any  none

Versions of packages python-urllib3 recommends:
ii  ca-certificates  20140325

python-urllib3 suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#897674: p7zip-rar: CVE-2018-10115

2019-02-24 Thread Raphael Kubo da Costa 

I was recently looking at this CVE and CVE 2018 10115.patch.

According to upstream 7-zip [1], this bug was fixed in version 18.05. In 
the upstream release announcement, someone asked about variables like 
_errorMode that were introduced earlier to deal with CVE-2018-5996 [2] 
and how they had been removed from this release.


The 7-Zip maintainer replied it was intentional and both CVEs should be 
fixed with that code. I've diff'ed 18.03 and 18.05, and _errorMode is 
either commented out or removed in the code, while the existing 
CVE_2018_10115.patch still has them in addition to the _solidAllowed 
stuff. I just package p7zip so I don't know much about how its 
implementation works, but I figured it'd be a better idea to make the 
CVE-2018-10115 patch more similar to what upstream had.


This new version is attached and follows what 18.05 upstream does.

[1] https://www.7-zip.org/history.txt
[2] 
https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/#8b13
--- CPP/7zip/Compress/Rar1Decoder.cpp.orig	2019-02-24 20:16:23.682521000 +0100
+++ CPP/7zip/Compress/Rar1Decoder.cpp	2019-02-24 22:02:59.461303000 +0100
@@ -29,7 +29,7 @@
 };
 */
 
-CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { }
+CDecoder::CDecoder(): _isSolid(false), _solidAllowed(false) { }
 
 void CDecoder::InitStructures()
 {
@@ -345,7 +345,7 @@
 
 void CDecoder::InitData()
 {
-  if (!m_IsSolid)
+  if (!_isSolid)
   {
 AvrPlcB = AvrLn1 = AvrLn2 = AvrLn3 = NumHuf = Buf60 = 0;
 AvrPlc = 0x3500;
@@ -391,6 +391,11 @@
   if (inSize == NULL || outSize == NULL)
 return E_INVALIDARG;
 
+  if (_isSolid && !_solidAllowed)
+return S_FALSE;
+
+  _solidAllowed = false;
+
   if (!m_OutWindowStream.Create(kHistorySize))
 return E_OUTOFMEMORY;
   if (!m_InBitStream.Create(1 << 20))
@@ -398,22 +403,18 @@
 
   m_UnpackSize = (Int64)*outSize;
   m_OutWindowStream.SetStream(outStream);
-  m_OutWindowStream.Init(m_IsSolid);
+  m_OutWindowStream.Init(_isSolid);
   m_InBitStream.SetStream(inStream);
   m_InBitStream.Init();
 
   // CCoderReleaser coderReleaser(this);
   InitData();
-  if (!m_IsSolid)
+  if (!_isSolid)
   {
-_errorMode = false;
 InitStructures();
 InitHuff();
   }
 
-  if (_errorMode)
-return S_FALSE;
-
   if (m_UnpackSize > 0)
   {
 GetFlagsBuf();
@@ -475,6 +476,7 @@
   }
   if (m_UnpackSize < 0)
 return S_FALSE;
+  _solidAllowed = true;
   return m_OutWindowStream.Flush();
 }
 
@@ -482,16 +484,16 @@
 const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress)
 {
   try { return CodeReal(inStream, outStream, inSize, outSize, progress); }
-  catch(const CInBufferException ) { _errorMode = true; return e.ErrorCode; }
-  catch(const CLzOutWindowException ) { _errorMode = true; return e.ErrorCode; }
-  catch(...) { _errorMode = true; return S_FALSE; }
+  catch(const CInBufferException ) { return e.ErrorCode; }
+  catch(const CLzOutWindowException ) { return e.ErrorCode; }
+  catch(...) { return S_FALSE; }
 }
 
 STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size)
 {
   if (size < 1)
 return E_INVALIDARG;
-  m_IsSolid = ((data[0] & 1) != 0);
+  _isSolid = ((data[0] & 1) != 0);
   return S_OK;
 }
 
--- CPP/7zip/Compress/Rar1Decoder.h.orig	2019-02-24 20:16:23.683118000 +0100
+++ CPP/7zip/Compress/Rar1Decoder.h	2019-02-24 22:01:21.915855000 +0100
@@ -38,8 +38,8 @@
   UInt32 LastLength;
 
   Int64 m_UnpackSize;
-  bool m_IsSolid;
-  bool _errorMode;
+  bool _isSolid;
+  bool _solidAllowed;
 
   UInt32 ReadBits(int numBits);
   HRESULT CopyBlock(UInt32 distance, UInt32 len);
--- CPP/7zip/Compress/Rar2Decoder.cpp.orig	2019-02-24 20:16:23.683974000 +0100
+++ CPP/7zip/Compress/Rar2Decoder.cpp	2019-02-24 20:16:23.691384000 +0100
@@ -80,7 +80,8 @@
 static const UInt32 kWindowReservSize = (1 << 22) + 256;
 
 CDecoder::CDecoder():
-  m_IsSolid(false),
+  _isSolid(false),
+  _solidAllowed(false),
   m_TablesOK(false)
 {
 }
@@ -320,6 +321,10 @@
   if (inSize == NULL || outSize == NULL)
 return E_INVALIDARG;
 
+  if (_isSolid && !_solidAllowed)
+return S_FALSE;
+  _solidAllowed = false;
+
   if (!m_OutWindowStream.Create(kHistorySize))
 return E_OUTOFMEMORY;
   if (!m_InBitStream.Create(1 << 20))
@@ -330,12 +335,12 @@
   UInt64 pos = 0, unPackSize = *outSize;
   
   m_OutWindowStream.SetStream(outStream);
-  m_OutWindowStream.Init(m_IsSolid);
+  m_OutWindowStream.Init(_isSolid);
   m_InBitStream.SetStream(inStream);
   m_InBitStream.Init();
 
   // CCoderReleaser coderReleaser(this);
-  if (!m_IsSolid)
+  if (!_isSolid)
   {
 InitStructures();
 if (unPackSize == 0)
@@ -343,6 +348,7 @@
   if (m_InBitStream.GetProcessedSize() + 2 <= m_PackSize) // test it: probably incorrect;
 if (!ReadTables())
   return S_FALSE;
+  _solidAllowed = true;
   return S_OK;
 }
 if (!ReadTables())
@@ -386,6 +392,9 @@
 
   if (!ReadLastTables())
 return S_FALSE;
+
+  _solidAllowed = true;
+
   return