Bug#560779: Patch to fix crash
tag 560779 + patch thanks The attached patch includes a commit from the upstream sources that fixes the crash. diff -u polipo-1.0.4/debian/changelog polipo-1.0.4/debian/changelog --- polipo-1.0.4/debian/changelog +++ polipo-1.0.4/debian/changelog @@ -1,3 +1,11 @@ +polipo (1.0.4-1.2) unstable; urgency=low + + * Non-maintainer upload. + * Apply upstream commit to fix DoS via overly large Content-Length +header; fixes CVE CVE-2009-3305 (closes: #560779) + + -- Andreas Kirschbaum kirschb...@in-medias-res.com Sun, 24 Jan 2010 16:44:03 +0100 + polipo (1.0.4-1.1) unstable; urgency=medium * Non-maintainer upload for RC bug fix. diff -u polipo-1.0.4/debian/patches/00list polipo-1.0.4/debian/patches/00list --- polipo-1.0.4/debian/patches/00list +++ polipo-1.0.4/debian/patches/00list @@ -4,0 +5 @@ +50_integer_overflow.dpatch only in patch2: unchanged: --- polipo-1.0.4.orig/debian/patches/50_integer_overflow.dpatch +++ polipo-1.0.4/debian/patches/50_integer_overflow.dpatch @@ -0,0 +1,46 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 50_integer_overflow.dpatch by Andreas Kirschbaum kirschb...@in-medias-res.com +## +## DP: Fix an integer overflow in processing client connections + +if [ $# -lt 1 ]; then +echo `basename $0`: script expects -patch|-unpatch as argument 2 +exit 1 +fi + +[ -f debian/patches/00patch-opts ] . debian/patches/00patch-opts +patch_opts=${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2} + +case $1 in +-patch) patch -p1 ${patch_opts} $0;; +-unpatch) patch -R -p1 ${patch_opts} $0;; +*) + echo `basename $0`: script expects -patch|-unpatch as argument 2 + exit 1;; +esac + +exit 0 + +...@dpatch@ +--- polipo-1.0.4.orig/CHANGES polipo-1.0.4/CHANGES +@@ -1,3 +1,7 @@ ++Polipo 1.0.5 (unreleased) ++ ++ * Fix a integer overflow in processing client requests. ++ + 8 January 2008: Polipo 1.0.4: + + * Fixed the handling of tunnels with a parent proxy (thanks to +--- polipo-1.0.4.orig/client.c polipo-1.0.4/client.c +@@ -978,7 +978,7 @@ + if(connection-bodylen 0) + goto fail; + +-if(connection-bodylen + connection-reqbegin connection-reqlen) { ++if(connection-bodylen connection-reqlen - connection-reqbegin) { + connection-reqbegin += connection-bodylen; + connection-bodylen = 0; + } else { +
Bug#562643: Patch to fix security issues
The attached patch fixes this security issue and similar issues in outprintf() and gs_throw_imp(). The patch also applies to ghostscript-8.62.dfsg.1 (lenny version) except that the source file is src/gsmisc.c instead of base/gsmisc.c. diff -u ghostscript-8.70~dfsg/debian/changelog ghostscript-8.70~dfsg/debian/changelog --- ghostscript-8.70~dfsg/debian/changelog +++ ghostscript-8.70~dfsg/debian/changelog @@ -1,3 +1,13 @@ +ghostscript (8.70~dfsg-2.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix some security issues: + - CVE-2009-4270[0]: stack-based buffer overflow multiple integer + overflows in the icc library (closes: #562643) + - fix possible buffer overflow in gs_throw_imp() + + -- Andreas Kirschbaum kirschb...@in-medias-res.com Sat, 23 Jan 2010 10:19:35 +0100 + ghostscript (8.70~dfsg-2) unstable; urgency=low * Fix resolving package-relations. only in patch2: unchanged: --- ghostscript-8.70~dfsg.orig/base/gsmisc.c +++ ghostscript-8.70~dfsg/base/gsmisc.c @@ -69,12 +69,11 @@ va_start(args, fmt); -count = vsprintf(buf, fmt, args); +count = vsnprintf(buf, sizeof(buf), fmt, args); outwrite(mem, buf, count); if (count = PRINTF_BUF_LENGTH) { count = sprintf(buf, - PANIC: printf exceeded %d bytes. Stack has been corrupted.\n, - PRINTF_BUF_LENGTH); + WARNING: previous message has been truncated.\n); outwrite(mem, buf, count); } va_end(args); @@ -89,12 +88,11 @@ va_start(args, fmt); -count = vsprintf(buf, fmt, args); +count = vsnprintf(buf, sizeof(buf), fmt, args); errwrite(buf, count); if (count = PRINTF_BUF_LENGTH) { count = sprintf(buf, - PANIC: printf exceeded %d bytes. Stack has been corrupted.\n, - PRINTF_BUF_LENGTH); + WARNING: previous message has been truncated.\n); errwrite(buf, count); } va_end(args); @@ -236,7 +234,7 @@ va_list ap; va_start(ap, fmt); -vsprintf(msg, fmt, ap); +vsnprintf(msg, sizeof(msg), fmt, ap); msg[sizeof(msg) - 1] = 0; va_end(ap);
Bug#562425: lingot - Cancel in options dialog leads to endless loop
tag 562425 + unreproducible tag 562425 + moreinfo thanks Bastian Blank wrote: Package: lingot Version: 0.7.4-2 Severity: grave Using the cancel button in the options menu leads to an endless loop and breaks the application. I cannot reproduce the problem. The application never crashes using the cancel button on either i386 testing or i386 unstable. Greetings, Andreas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#467486: Investigations about failure
gcc-4.2 and gcc-4.3 differ in the representation of char values: gcc-4.2 represents a char as a 32 bit value (bits 0..7 is the char value; bits 8..31 are always set to zero); gcc-4.3 uses only the lower 8 bits, ignoring bits 8..31. kaffe defines typedef unsigned char jboolean; in kaffe-1.1.8/libraries/javalib/external/classpath/include/jni_md-x86-linux-gnu.h but assumes %eax is 0/1 in compiled Java code. This makes compiled Java code calling into native C code almost always assume true for jboolean return values due to the non-zero garbage in bits 8..31. Compiling the following source demonstrates the issue: compiled with gcc-4.2, the return value in %eax always is either 0 or 1. Compiled with gcc-4.3, only %al is set ot 0 or 1; the remaining bits 8..31 of %eax remain unset. ~ cat t.c unsigned char f(int x) { return x == 3; } ~ gcc-4.2 -O3 -c -s t.c objdump -d t.o t.o: file format elf32-i386 Disassembly of section .text: f: 0: 55 push %ebp 1: 31 c0 xor%eax,%eax 3: 89 e5 mov%esp,%ebp 5: 83 7d 08 03 cmpl $0x3,0x8(%ebp) 9: 5d pop%ebp a: 0f 94 c0sete %al d: c3 ret ~ gcc-4.3 -O3 -c -s t.c objdump -d t.o t.o: file format elf32-i386 Disassembly of section .text: f: 0: 55 push %ebp 1: 89 e5 mov%esp,%ebp 3: 83 7d 08 03 cmpl $0x3,0x8(%ebp) 7: 5d pop%ebp 8: 0f 94 c0sete %al b: c3 ret -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#459281: Cannot reproduce the issue
I cannot reproduce this issue: all of jdk1.5.0_02, cacao, kaffe, and gij produce charts on both AMD x32 and x64 machines. The only remaining issues are: - The charts produced by caco/kaffe/gij are about twice as large as the charts produced by jdk1.5.0_02. - The chart produced by kaffe has one pixel cut off from both the domain axis label and the label below it. The attached archive contains the produced charts. The exact same output files are produced on both x32 and x64 machines. The files cpuinfo-*.txt show the output of /proc/cpuinfo. ii cacao0.98-2 Java virtual machine ii gij 4:4.3-1 The GNU Java bytecode interpreter ii kaffe2:1.1.8-3A JVM to run Java bytecode ii libjcommon-java 1.0.10.dfsg-1General Purpose library for Java ii libjfreechart-java 1.0.9-1 Chart library for Java test-charts.tar.gz Description: Binary data
Bug#470330: Patch to fix build failure
tags 470330 + patch thanks Linux kernel 2.6.25 removed sequencer instrument layer support: see http://kerneltrap.org/mailarchive/git-commits-head/2008/1/31/669604 libasound2 removed this support in version 1.0.16 (1.0.15rc3 still supports it). The removed events are SND_SEQ_EVENT_SAMPLE* and SND_SEQ_EVENT_INSTR_BEGIN* in libasound2's changeset 2343:e7678910554f. The attached patch removes access to the now non-existing symbols from libtritonus-java. It solves the build failure. The attached patch removed-code.diff should be added as libtritonus-java-20070428/debian/patches/removed-code.diff and applied last in libtritonus-java-20070428/debian/patches/series. diff -urd libtritonus-java-20070428.orig/src/lib/alsa/constants_check.h libtritonus-java-20070428/src/lib/alsa/constants_check.h --- libtritonus-java-20070428.orig/src/lib/alsa/constants_check.h 2002-08-03 07:56:35.0 +0200 +++ libtritonus-java-20070428/src/lib/alsa/constants_check.h 2008-04-06 15:29:08.0 +0200 @@ -70,6 +70,7 @@ assert(SND_SEQ_EVENT_PORT_CHANGE == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_PORT_CHANGE); assert(SND_SEQ_EVENT_PORT_SUBSCRIBED == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_PORT_SUBSCRIBED); assert(SND_SEQ_EVENT_PORT_UNSUBSCRIBED == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_PORT_UNSUBSCRIBED); +/* removed since libasound2 1.0.16 assert(SND_SEQ_EVENT_SAMPLE == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_SAMPLE); assert(SND_SEQ_EVENT_SAMPLE_CLUSTER == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_SAMPLE_CLUSTER); assert(SND_SEQ_EVENT_SAMPLE_START == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_SAMPLE_START); @@ -79,6 +80,7 @@ assert(SND_SEQ_EVENT_SAMPLE_LOOP == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_SAMPLE_LOOP); assert(SND_SEQ_EVENT_SAMPLE_POSITION == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_SAMPLE_POSITION); assert(SND_SEQ_EVENT_SAMPLE_PRIVATE1 == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_SAMPLE_PRIVATE1); +*/ assert(SND_SEQ_EVENT_USR0 == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_USR0); assert(SND_SEQ_EVENT_USR1 == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_USR1); assert(SND_SEQ_EVENT_USR2 == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_USR2); @@ -89,6 +91,7 @@ assert(SND_SEQ_EVENT_USR7 == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_USR7); assert(SND_SEQ_EVENT_USR8 == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_USR8); assert(SND_SEQ_EVENT_USR9 == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_USR9); +/* removed since libasound2 1.0.16 assert(SND_SEQ_EVENT_INSTR_BEGIN == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_BEGIN); assert(SND_SEQ_EVENT_INSTR_END == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_END); assert(SND_SEQ_EVENT_INSTR_INFO == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_INFO); @@ -108,6 +111,7 @@ assert(SND_SEQ_EVENT_INSTR_CLUSTER_GET == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_CLUSTER_GET); assert(SND_SEQ_EVENT_INSTR_CLUSTER_RESULT == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_CLUSTER_RESULT); assert(SND_SEQ_EVENT_INSTR_CHANGE == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_CHANGE); +*/ assert(SND_SEQ_EVENT_SYSEX == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_SYSEX); assert(SND_SEQ_EVENT_BOUNCE == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_BOUNCE); assert(SND_SEQ_EVENT_USR_VAR0 == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_USR_VAR0);
Bug#439614: Investigations about/suggested fix for build failure
The build failure is because the function matrix-concat() was removed from libjaxen-java (which is used by this package); http://jaxen.org/status.html contains Jaxen 1.1 Beta 12 [...] The matrix-concat extension function has been removed because its license staus was unclear, the originator could not be contacted, and it was undocumented and untested. If someone cares to reimplement it, it could be restored in the future. Removing the unit test file dom4j-1.6.1+dfsg/src/test/org/dom4j/xpath/MatrixConcatTest.java fixes the build failure. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#439614: Investigations about/suggested fix for build failure
A simple grep for matrix-concat, matrix, and concat didn't show up anything other than this unit test and dom4j-1.6.1+dfsg/docs/status.html. Can't give any other information since I don't know the internals of this package. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#470341: Patch to fix build failure
tags 470341 + patch thanks Linux kernel 2.6.25 removed sequencer instrument layer support: see http://kerneltrap.org/mailarchive/git-commits-head/2008/1/31/669604 libasound2 removed this support in version 1.0.16 (1.0.15rc3 still supports it). The removed events are SND_SEQ_EVENT_SAMPLE* and SND_SEQ_EVENT_INSTR_BEGIN* in libasound2's changeset 2343:e7678910554f. The attached patch removes access to the now non-existing symbols from kaffe. It solves the build failure. diff -urd kaffe-1.1.8.orig/libraries/clib/sound/alsa/constants_check.h kaffe-1.1.8/libraries/clib/sound/alsa/constants_check.h --- kaffe-1.1.8.orig/libraries/clib/sound/alsa/constants_check.h 2006-01-18 08:37:43.0 +0100 +++ kaffe-1.1.8/libraries/clib/sound/alsa/constants_check.h 2008-04-05 19:22:27.0 +0200 @@ -70,15 +70,6 @@ assert(SND_SEQ_EVENT_PORT_CHANGE == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_PORT_CHANGE); assert(SND_SEQ_EVENT_PORT_SUBSCRIBED == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_PORT_SUBSCRIBED); assert(SND_SEQ_EVENT_PORT_UNSUBSCRIBED == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_PORT_UNSUBSCRIBED); - assert(SND_SEQ_EVENT_SAMPLE == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_SAMPLE); - assert(SND_SEQ_EVENT_SAMPLE_CLUSTER == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_SAMPLE_CLUSTER); - assert(SND_SEQ_EVENT_SAMPLE_START == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_SAMPLE_START); - assert(SND_SEQ_EVENT_SAMPLE_STOP == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_SAMPLE_STOP); - assert(SND_SEQ_EVENT_SAMPLE_FREQ == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_SAMPLE_FREQ); - assert(SND_SEQ_EVENT_SAMPLE_VOLUME == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_SAMPLE_VOLUME); - assert(SND_SEQ_EVENT_SAMPLE_LOOP == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_SAMPLE_LOOP); - assert(SND_SEQ_EVENT_SAMPLE_POSITION == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_SAMPLE_POSITION); - assert(SND_SEQ_EVENT_SAMPLE_PRIVATE1 == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_SAMPLE_PRIVATE1); assert(SND_SEQ_EVENT_USR0 == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_USR0); assert(SND_SEQ_EVENT_USR1 == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_USR1); assert(SND_SEQ_EVENT_USR2 == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_USR2); @@ -89,25 +80,6 @@ assert(SND_SEQ_EVENT_USR7 == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_USR7); assert(SND_SEQ_EVENT_USR8 == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_USR8); assert(SND_SEQ_EVENT_USR9 == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_USR9); - assert(SND_SEQ_EVENT_INSTR_BEGIN == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_BEGIN); - assert(SND_SEQ_EVENT_INSTR_END == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_END); - assert(SND_SEQ_EVENT_INSTR_INFO == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_INFO); - assert(SND_SEQ_EVENT_INSTR_INFO_RESULT == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_INFO_RESULT); - assert(SND_SEQ_EVENT_INSTR_FINFO == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_FINFO); - assert(SND_SEQ_EVENT_INSTR_FINFO_RESULT == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_FINFO_RESULT); - assert(SND_SEQ_EVENT_INSTR_RESET == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_RESET); - assert(SND_SEQ_EVENT_INSTR_STATUS == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_STATUS); - assert(SND_SEQ_EVENT_INSTR_STATUS_RESULT == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_STATUS_RESULT); - assert(SND_SEQ_EVENT_INSTR_PUT == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_PUT); - assert(SND_SEQ_EVENT_INSTR_GET == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_GET); - assert(SND_SEQ_EVENT_INSTR_GET_RESULT == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_GET_RESULT); - assert(SND_SEQ_EVENT_INSTR_FREE == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_FREE); - assert(SND_SEQ_EVENT_INSTR_LIST == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_LIST); - assert(SND_SEQ_EVENT_INSTR_LIST_RESULT == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_LIST_RESULT); - assert(SND_SEQ_EVENT_INSTR_CLUSTER == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_CLUSTER); - assert(SND_SEQ_EVENT_INSTR_CLUSTER_GET == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_CLUSTER_GET); - assert(SND_SEQ_EVENT_INSTR_CLUSTER_RESULT == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_CLUSTER_RESULT); - assert(SND_SEQ_EVENT_INSTR_CHANGE == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_INSTR_CHANGE); assert(SND_SEQ_EVENT_SYSEX == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_SYSEX); assert(SND_SEQ_EVENT_BOUNCE == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_BOUNCE); assert(SND_SEQ_EVENT_USR_VAR0 == org_tritonus_lowlevel_alsa_AlsaSeq_SND_SEQ_EVENT_USR_VAR0); diff -urd kaffe-1.1.8.orig/libraries/javalib/tritonus-sound/org/tritonus/lowlevel/alsa/AlsaSeq.java