Bug#1070357: bookworm-pu: package tcl-unix-sockets/0.5-1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu Hi, please reject that package from p-u NEW. I'm sorry for the faulty upload, this one should've targeted unstable. Sven
Bug#1055350: bookworm-pu: package exfatprogs/1.2.0-1+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: exfatpr...@packages.debian.org Control: affects -1 + src:exfatprogs [ Reason ] https://security-tracker.debian.org/tracker/CVE-2023-45897 Low priority security issue, out-of-bounds memory access in the exFAT fsck utility exfat2img helper. [ Impact ] Low priority security issue is fixed. [ Tests ] Manual tests performed that effected tools still work. [ Risks ] - [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] Adds a patch bundling the three upstream commits which are referenced together with the CVE ID. gbp.conf and Vcs-Git reference the bookworm branch [ Other info ] There wasn't a bug filled for this CVE in the BTS. The regular upload of 1.2.2 to unstable fixed the issue before the CVE ID was published, so there is not yet a CVE ID mentioned in the unstable changelog. diff -Nru exfatprogs-1.2.0/debian/changelog exfatprogs-1.2.0/debian/changelog --- exfatprogs-1.2.0/debian/changelog 2022-10-28 14:48:05.0 +0200 +++ exfatprogs-1.2.0/debian/changelog 2023-11-04 17:56:01.0 +0100 @@ -1,3 +1,11 @@ +exfatprogs (1.2.0-1+deb12u1) bookworm; urgency=medium + + * CVE-2023-45897 Add debian/patches/CVE-2023-45897-out-of-bounds-memory-access +to fix three out-of-bounds memory access issues. + * Add bookworm branch information to Vcs-Git and gbp.conf. + + -- Sven Hoexter Sat, 04 Nov 2023 17:56:01 +0100 + exfatprogs (1.2.0-1) unstable; urgency=medium * New upstream release. diff -Nru exfatprogs-1.2.0/debian/control exfatprogs-1.2.0/debian/control --- exfatprogs-1.2.0/debian/control 2022-10-28 14:47:18.0 +0200 +++ exfatprogs-1.2.0/debian/control 2023-11-04 17:38:34.0 +0100 @@ -6,7 +6,7 @@ Standards-Version: 4.6.1 Rules-Requires-Root: no Homepage: https://github.com/exfatprogs/exfatprogs -Vcs-Git: https://git.sven.stormbind.net/exfatprogs.git +Vcs-Git: https://git.sven.stormbind.net/exfatprogs.git -b bookworm Vcs-Browser: https://git.sven.stormbind.net/?p=sven/exfatprogs.git Package: exfatprogs diff -Nru exfatprogs-1.2.0/debian/gbp.conf exfatprogs-1.2.0/debian/gbp.conf --- exfatprogs-1.2.0/debian/gbp.conf2022-10-28 14:19:18.0 +0200 +++ exfatprogs-1.2.0/debian/gbp.conf2023-11-04 16:39:40.0 +0100 @@ -1,2 +1,3 @@ [DEFAULT] pristine-tar = True +debian-branch = bookworm diff -Nru exfatprogs-1.2.0/debian/patches/CVE-2023-45897-out-of-bounds-memory-access exfatprogs-1.2.0/debian/patches/CVE-2023-45897-out-of-bounds-memory-access --- exfatprogs-1.2.0/debian/patches/CVE-2023-45897-out-of-bounds-memory-access 1970-01-01 01:00:00.0 +0100 +++ exfatprogs-1.2.0/debian/patches/CVE-2023-45897-out-of-bounds-memory-access 2023-11-04 16:39:40.0 +0100 @@ -0,0 +1,67 @@ +Description: CVE-2023-45897 out-of-bounds memory access +Origin: https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf + https://github.com/exfatprogs/exfatprogs/commit/22d0e43e8d24119cbfc6efafabb0dec6517a86c4 + https://github.com/exfatprogs/exfatprogs/commit/4abc55e976573991e6a1117bb2b3711e59da07ae +Last-Update: 2023-10-31 +Index: exfatprogs/exfat2img/exfat2img.c +=== +--- exfatprogs.orig/exfat2img/exfat2img.c exfatprogs/exfat2img/exfat2img.c +@@ -319,7 +319,7 @@ static int read_file_dentry_set(struct e + if (!node) + return -ENOMEM; + +- for (i = 2; i <= file_de->file_num_ext; i++) { ++ for (i = 2; i <= MIN(file_de->file_num_ext, 1 + MAX_NAME_DENTRIES); i++) { + ret = exfat_de_iter_get(iter, i, ); + if (ret || dentry->type != EXFAT_NAME) + break; +Index: exfatprogs/fsck/fsck.c +=== +--- exfatprogs.orig/fsck/fsck.c exfatprogs/fsck/fsck.c +@@ -769,7 +769,7 @@ ask_again: + char *rename = NULL; + __u16 hash; + struct exfat_dentry *stream_de; +- int name_len, ret; ++ int ret; + + switch (num) { + case 1: +@@ -798,11 +798,11 @@ ask_again: + if (ret < 0) + return ret; + ++ ret >>=1; + memcpy(dentry->name_unicode, utf16_name, ENTRY_NAME_MAX * 2); +- name_len = exfat_utf16_len(utf16_name, ENTRY_NAME_MAX * 2); +- hash = exfat_calc_name_hash(iter->exfat, utf16_name, (int)name_len); ++ hash = exfat_calc_name_hash(iter->exfat, utf16_name, ret); + exfat_de_iter_get_dirty(iter, 1, _de); +- stream_de->stream_name_len = (__u8)name_len; ++
Re: New proposed-updates diff: libapache2-mod-rivet 3.2.1-1
On Sat, Nov 13, 2021 at 08:27:39PM +, Adam D. Barratt wrote: > Hi, > > On Sat, 2021-11-13 at 20:03 +, Debian Queue Viewer wrote: > > Version in base suite: 3.2.0-1 > > > > Base version: libapache2-mod-rivet_3.2.0-1 > > Target version: libapache2-mod-rivet_3.2.1-1 > > +libapache2-mod-rivet (3.2.1-1) stable; urgency=medium > + > + * New upstream release. > + * New rivet version addresses issue with multiple AM_AUTOMAKE_INIT > +expansion (Closes: #998490). > + * Correcting the name of the target directory where rivet library and > +Tcl scripts are moved into (it still had the old 3.1 version name) > > I'm assuming that you intended to upload this to unstable, not stable. > If targetting stable was actually intentional, then I'm afraid that you > need to fix the issue in unstable before we can consider accepting it > for stable. Hello Adam, yes that was intended to be uploaded to unstable, I missed the issue and I screwed that up as the sponsor. Please remove the package from the queue. Sorry for the noise. Regards, Sven signature.asc Description: PGP signature
Bug#968037: buster-pu: package facter/3.11.0-2+deb10u1
On Sat, Aug 15, 2020 at 05:45:51PM +0100, Adam D. Barratt wrote: > On Fri, 2020-08-07 at 10:46 +0200, Sven Hoexter wrote: > > if you run facter in the context of Googles GCE it will fetch > > information from Googles metadata service, but form an old > > beta API endpoint. This one is due to get shutdown by the > > end of September 2020. > > https://cloud.google.com/compute/docs/migrating-to-v1-metadata-server > > Do we have an idea of how widely used this particular combination is? TBH no idea. We use it in combination with ansible on GCE VMs. Looking through the facter_* facts we still use, they could by now probably be replaced with some ansible build in facts. That would mean this combination is mostly used in setups with some technical debt. That said there might be people running puppet with the puppet packages from Debian/main on GCE VMs which could be also impacted. > The reason I ask is that, even if we pull the 10.6 point release back > in line with where it would have been if 10.5 hadn't been delayed for > the Grub issues, that would still be during the second half of > September and quite close to the shutdown date. Well our internal ticket about Google urging us to move away from the old API endpoint was lingering for several weeks. I guess they also pinged other customers and nobody cared enough to investigate it or at least report a bug in the bts. So probably that issue is less important/urgen than I initially thought. None the less I still believe it's sensible to fix it in a forthcoming point release, whenever that will be. Cheers, Sven
Bug#968037: buster-pu: package facter/3.11.0-2+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hi, if you run facter in the context of Googles GCE it will fetch information from Googles metadata service, but form an old beta API endpoint. This one is due to get shutdown by the end of September 2020. https://cloud.google.com/compute/docs/migrating-to-v1-metadata-server This was fixed upstream already some time ago for the 3.11.x branch in https://github.com/puppetlabs/facter/commit/1a0bc4e984716dc5145e5bb8fbf14b1ac0fd8c04 For unstable I've uploaded a NMU to delayed-10 which got processed a few minutes ago. That is https://bugs.debian.org/966374 I also tested a private build of the package inside the infrastructure at work for the past ten days without issues. Here is a proposed upload targeting buster to get this one also fixed for our current stable release. Additionally I made that available to the maintainer group at salsa at https://salsa.debian.org/puppet-team/facter/-/merge_requests/1 Cheers, Sven -- System Information: Debian Release: 10.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (90, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-10-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -Nru facter-3.11.0/debian/changelog facter-3.11.0/debian/changelog --- facter-3.11.0/debian/changelog 2019-07-17 22:04:05.0 +0200 +++ facter-3.11.0/debian/changelog 2020-07-27 17:27:11.0 +0200 @@ -1,3 +1,11 @@ +facter (3.11.0-2+deb10u2) buster; urgency=medium + + * Change Google GCE Metadata endpoint from "v1beta1" to "v1". +Adds patch debian/patches/FACT-2018-update-gce-metadata-endpoint.patch +(Closes: #966374) + + -- Sven Hoexter Mon, 27 Jul 2020 17:27:11 +0200 + facter (3.11.0-2+deb10u1) buster; urgency=medium * Fix parsing of Linux route non-kv flags (e.g. onlink) (Closes: #918250) diff -Nru facter-3.11.0/debian/patches/FACT-2018-update-gce-metadata-endpoint.patch facter-3.11.0/debian/patches/FACT-2018-update-gce-metadata-endpoint.patch --- facter-3.11.0/debian/patches/FACT-2018-update-gce-metadata-endpoint.patch 1970-01-01 01:00:00.0 +0100 +++ facter-3.11.0/debian/patches/FACT-2018-update-gce-metadata-endpoint.patch 2020-07-27 17:27:11.0 +0200 @@ -0,0 +1,30 @@ +From: Gabriel Nagy +Subject: (FACT-2018) Update GCE metadata endpoint + +Google Compute Engine's internal metadata service will be deprecating +the 'v1beta1' endpoint sometime before end of calendar year 2019. This +commit updates the GCE resolver to use the 'v1' endpoint instead. + +Using the 'v1' endpoint also requires setting a custom User-Agent +header that was not necessary in the old 'v1beta1' endpoint. + +For more details about GCE metadata, please see +https://cloud.google.com/compute/docs/storing-retrieving-metadata + + +Origin: upstream, https://github.com/puppetlabs/facter/commit/1a0bc4e984716dc5145e5bb8fbf14b1ac0fd8c04 +Bug-Debian: http://bugs.debian.org/966374 +Index: facter/lib/src/facts/resolvers/gce_resolver.cc +=== +--- facter.orig/lib/src/facts/resolvers/gce_resolver.cc facter/lib/src/facts/resolvers/gce_resolver.cc +@@ -240,7 +240,8 @@ namespace facter { namespace facts { nam + + try + { +-lth_curl::request req("http://metadata.google.internal/computeMetadata/v1beta1/?recursive=true=json;); ++lth_curl::request req("http://metadata.google.internal/computeMetadata/v1/?recursive=true=json;); ++req.add_header("Metadata-Flavor", "Google"); + req.connection_timeout(GCE_CONNECTION_TIMEOUT); + req.timeout(GCE_SESSION_TIMEOUT); + if (!http_langs().empty()) diff -Nru facter-3.11.0/debian/patches/series facter-3.11.0/debian/patches/series --- facter-3.11.0/debian/patches/series 2019-07-17 22:03:31.0 +0200 +++ facter-3.11.0/debian/patches/series 2020-07-27 17:27:11.0 +0200 @@ -1,3 +1,4 @@ +FACT-2018-update-gce-metadata-endpoint.patch use-shared-cpp-hocon.patch ruby-fix-library-name.patch disable-facter-smoke.patch
Bug#948088: buster-pu: reject package from NEW queue libsoldout/1.4-3
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hi, I made a mistake and uploaded libsoldout/1.4-3 to stable instead of unstable. Please reject the package from the pu NEW queue. I'm sorry. :( Sven
Bug#804208: jessie-pu: package fuse-exfat/1.1.0-2+deb8u1
On Sat, Dec 05, 2015 at 07:13:42PM +, Adam D. Barratt wrote: Hi Adam, > Please go ahead. Uploaded a minute ago. Cheers, Sven
Bug#804209: wheezy-pu: package fuse-exfat/0.9.7-2+deb7u1
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian@packages.debian.org Usertags: pu Hi, since exfat-utils and fuse-exfat share the same code base, but are released as seperate source packages, I've now prepared updates for fuse-exfat as well to fix the issues found by The Fuzzing Project. Changes: fuse-exfat (0.9.7-2+deb7u1) wheezy; urgency=medium . * Add d/patches/check-sector-and-cluster-size. Fix for https://github.com/relan/exfat/issues/5 found and reported by The Fuzzing Project. * Add d/patches/detect-infinite-loop. Fix for https://github.com/relan/exfat/issues/6 found and reported by The Fuzzing Project. -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -u fuse-exfat-0.9.7/debian/gbp.conf fuse-exfat-0.9.7/debian/gbp.conf --- fuse-exfat-0.9.7/debian/gbp.conf +++ fuse-exfat-0.9.7/debian/gbp.conf @@ -2,0 +3 @@ +debian-branch = wheezy-updates diff -u fuse-exfat-0.9.7/debian/changelog fuse-exfat-0.9.7/debian/changelog --- fuse-exfat-0.9.7/debian/changelog +++ fuse-exfat-0.9.7/debian/changelog @@ -1,3 +1,14 @@ +fuse-exfat (0.9.7-2+deb7u1) wheezy; urgency=medium + + * Add d/patches/check-sector-and-cluster-size. Fix for +https://github.com/relan/exfat/issues/5 found and reported by +The Fuzzing Project. + * Add d/patches/detect-infinite-loop. Fix for +https://github.com/relan/exfat/issues/6 found and reported by +The Fuzzing Project. + + -- Sven Hoexter <hoex...@debian.org> Fri, 06 Nov 2015 08:20:29 +0100 + fuse-exfat (0.9.7-2) unstable; urgency=low * Switch from dh compat level 8 to 9. diff -u fuse-exfat-0.9.7/debian/patches/series fuse-exfat-0.9.7/debian/patches/series --- fuse-exfat-0.9.7/debian/patches/series +++ fuse-exfat-0.9.7/debian/patches/series @@ -2,0 +3,2 @@ +check-sector-and-cluster-size +detect-infinite-loop only in patch2: unchanged: --- fuse-exfat-0.9.7.orig/debian/patches/check-sector-and-cluster-size +++ fuse-exfat-0.9.7/debian/patches/check-sector-and-cluster-size @@ -0,0 +1,49 @@ +Patch for https://github.com/relan/exfat/issues/5 +See also: +https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html +Index: exfat-utils/libexfat/mount.c +=== +--- exfat-utils.orig/libexfat/mount.c exfat-utils/libexfat/mount.c +@@ -172,6 +172,24 @@ int exfat_mount(struct exfat* ef, const + exfat_error("exFAT file system is not found"); + return -EIO; + } ++ /* sector cannot be smaller than 512 bytes */ ++if (ef->sb->sector_bits < 9) ++{ ++exfat_close(ef->dev); ++exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits); ++free(ef->sb); ++return -EIO; ++} ++/* officially exFAT supports cluster size up to 32 MB */ ++if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25) ++{ ++exfat_close(ef->dev); ++exfat_error("too big cluster size: 2^(%hhd+%hhd)", ++ef->sb->sector_bits, ef->sb->spc_bits); ++free(ef->sb); ++return -EIO; ++} ++ + if (ef->sb->version.major != 1 || ef->sb->version.minor != 0) + { + exfat_close(ef->dev); +@@ -187,16 +205,6 @@ int exfat_mount(struct exfat* ef, const + exfat_error("unsupported FAT count: %hhu", ef->sb->fat_count); + return -EIO; + } +- /* officially exFAT supports cluster size up to 32 MB */ +- if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25) +- { +- exfat_close(ef->dev); +- free(ef->sb); +- exfat_error("too big cluster size: 2^%d", +-(int) ef->sb->sector_bits + (int) ef->sb->spc_bits); +- return -EIO; +- } +- + ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb)); + if (ef->zero_cluster == NULL) + { only in patch2: unchanged: --- fuse-exfat-0.9.7.orig/debian/patches/detect-infinite-loop +++ fuse-exfat-0.9.7/debian/patches/detect-infinite-loop @@ -0,0 +1,48 @@ +Patch for https://github.com/relan/exfat/issues/6 +See also: +https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html +Index: exfat-utils/libexfat/mount.c +=== +--- exfat-utils.orig/libexfat/mount.c exfat-utils/libexfat/mount.c +@@ -27,17 +27,32 @@ + + static uint64_t rootdir_size(const struct exfat* ef) + { +- uint64_t clusters = 0; ++uint32_t clusters
Bug#804208: jessie-pu: package fuse-exfat/1.1.0-2+deb8u1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi, since exfat-utils and fuse-exfat share the same code base, but are released as seperate source packages, I've now prepared updates for fuse-exfat as well to fix the issues found by The Fuzzing Project. Changes: fuse-exfat (1.1.0-2+deb8u1) jessie; urgency=medium . * Add the fix for https://github.com/relan/exfat/issues/5 found and reported by The Fuzzing Project. Check sector and cluster size. * Add the fix for https://github.com/relan/exfat/issues/6 found and reported by The Fuzzing Project. Detect infinite loop. -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -u fuse-exfat-1.1.0/debian/changelog fuse-exfat-1.1.0/debian/changelog --- fuse-exfat-1.1.0/debian/changelog +++ fuse-exfat-1.1.0/debian/changelog @@ -1,3 +1,12 @@ +fuse-exfat (1.1.0-2+deb8u1) jessie; urgency=medium + + * Add the fix for https://github.com/relan/exfat/issues/5 found +and reported by The Fuzzing Project. Check sector and cluster size. + * Add the fix for https://github.com/relan/exfat/issues/6 found +and reported by The Fuzzing Project. Detect infinite loop. + + -- Sven Hoexter <hoex...@debian.org> Fri, 06 Nov 2015 08:08:13 +0100 + fuse-exfat (1.1.0-2) unstable; urgency=low * Remove debian/watch - recent changes at Google code required diff -u fuse-exfat-1.1.0/debian/gbp.conf fuse-exfat-1.1.0/debian/gbp.conf --- fuse-exfat-1.1.0/debian/gbp.conf +++ fuse-exfat-1.1.0/debian/gbp.conf @@ -2,0 +3 @@ +debian-branch = jessie-updates only in patch2: unchanged: --- fuse-exfat-1.1.0.orig/libexfat/mount.c +++ fuse-exfat-1.1.0/libexfat/mount.c @@ -30,23 +30,32 @@ static uint64_t rootdir_size(const struct exfat* ef) { - uint64_t clusters = 0; + uint32_t clusters = 0; + uint32_t clusters_max = le32_to_cpu(ef->sb->cluster_count); cluster_t rootdir_cluster = le32_to_cpu(ef->sb->rootdir_cluster); - while (!CLUSTER_INVALID(rootdir_cluster)) + /* Iterate all clusters of the root directory to calculate its size. + It can't be contiguous because there is no flag to indicate this. */ + do { - clusters++; - /* root directory cannot be contiguous because there is no flag - to indicate this */ + if (clusters == clusters_max) /* infinite loop detected */ + { + exfat_error("root directory cannot occupy all %d clusters", + clusters); + return 0; + } + if (CLUSTER_INVALID(rootdir_cluster)) + { + exfat_error("bad cluster %#x while reading root directory", + rootdir_cluster); + return 0; + } rootdir_cluster = exfat_next_cluster(ef, ef->root, rootdir_cluster); + clusters++; } - if (rootdir_cluster != EXFAT_CLUSTER_END) - { - exfat_error("bad cluster %#x while reading root directory", -rootdir_cluster); - return 0; - } - return clusters * CLUSTER_SIZE(*ef->sb); + while (rootdir_cluster != EXFAT_CLUSTER_END); + + return (uint64_t) clusters * CLUSTER_SIZE(*ef->sb); } static const char* get_option(const char* options, const char* option_name) @@ -208,6 +217,23 @@ exfat_error("exFAT file system is not found"); return -EIO; } + /* sector cannot be smaller than 512 bytes */ + if (ef->sb->sector_bits < 9) + { + exfat_close(ef->dev); + exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits); + free(ef->sb); + return -EIO; + } + /* officially exFAT supports cluster size up to 32 MB */ + if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25) + { + exfat_close(ef->dev); + exfat_error("too big cluster size: 2^(%hhd+%hhd)", +ef->sb->sector_bits, ef->sb->spc_bits); + free(ef->sb); + return -EIO; + } ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb)); if (ef->zero_cluster == NULL) { @@ -242,16 +268,6 @@ free(ef->sb); return -EIO; } - /* officially exFAT supports cluster size up to 32 MB */ - if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25) - { - free(ef->zero_cluster); - exfat_close(ef->dev); - exfat_error("too big cluster size: 2^%d", -(int) ef->sb->sector_bits + (int) ef->sb->spc_bits); - free(ef->sb); - return -EIO; - } if (le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb) > exfat_get_size(ef->dev)) {
Bug#803387: wheezy-pu: package exfat-utils/0.9.7-2+deb7u1
On Fri, Oct 30, 2015 at 04:51:57PM +, Adam D. Barratt wrote: Hello Adam, > Please go ahead. Uploaded. Regards, Sven
Bug#803362: jessie-pu: package exfat-utils/1.1.0-2+deb8u1
On Thu, Oct 29, 2015 at 06:28:39PM +, Julien Cristau wrote: Hi, > The more obvious way is to not change the source format and not add quilt. Ok I thought it would be a slightly better choice to avoid the old school big diff.gz but since I've it as git commits at my end I'm fine. So here's the changelog and the new debdiff: exfat-utils (1.1.0-2+deb8u1) jessie; urgency=medium . * Add the fix for https://github.com/relan/exfat/issues/5 found and reported by The Fuzzing Project. Check sector and cluster size. * Add the fix for https://github.com/relan/exfat/issues/6 found and reported by The Fuzzing Project. Detect infinite loop. Sven diff -u exfat-utils-1.1.0/debian/changelog exfat-utils-1.1.0/debian/changelog --- exfat-utils-1.1.0/debian/changelog +++ exfat-utils-1.1.0/debian/changelog @@ -1,3 +1,12 @@ +exfat-utils (1.1.0-2+deb8u1) jessie; urgency=medium + + * Add the fix for https://github.com/relan/exfat/issues/5 found +and reported by The Fuzzing Project. Check sector and cluster size. + * Add the fix for https://github.com/relan/exfat/issues/6 found +and reported by The Fuzzing Project. Detect infinite loop. + + -- Sven Hoexter <hoex...@debian.org> Fri, 30 Oct 2015 10:28:28 +0100 + exfat-utils (1.1.0-2) unstable; urgency=low * Remove debian/watch - recent changes at Google code required diff -u exfat-utils-1.1.0/debian/gbp.conf exfat-utils-1.1.0/debian/gbp.conf --- exfat-utils-1.1.0/debian/gbp.conf +++ exfat-utils-1.1.0/debian/gbp.conf @@ -2,0 +3 @@ +debian-branch = jessie-updates only in patch2: unchanged: --- exfat-utils-1.1.0.orig/libexfat/mount.c +++ exfat-utils-1.1.0/libexfat/mount.c @@ -30,23 +30,32 @@ static uint64_t rootdir_size(const struct exfat* ef) { - uint64_t clusters = 0; + uint32_t clusters = 0; + uint32_t clusters_max = le32_to_cpu(ef->sb->cluster_count); cluster_t rootdir_cluster = le32_to_cpu(ef->sb->rootdir_cluster); - while (!CLUSTER_INVALID(rootdir_cluster)) + /* Iterate all clusters of the root directory to calculate its size. + It can't be contiguous because there is no flag to indicate this. */ + do { - clusters++; - /* root directory cannot be contiguous because there is no flag - to indicate this */ + if (clusters == clusters_max) /* infinite loop detected */ + { + exfat_error("root directory cannot occupy all %d clusters", + clusters); + return 0; + } + if (CLUSTER_INVALID(rootdir_cluster)) + { + exfat_error("bad cluster %#x while reading root directory", + rootdir_cluster); + return 0; + } rootdir_cluster = exfat_next_cluster(ef, ef->root, rootdir_cluster); + clusters++; } - if (rootdir_cluster != EXFAT_CLUSTER_END) - { - exfat_error("bad cluster %#x while reading root directory", -rootdir_cluster); - return 0; - } - return clusters * CLUSTER_SIZE(*ef->sb); + while (rootdir_cluster != EXFAT_CLUSTER_END); + + return (uint64_t) clusters * CLUSTER_SIZE(*ef->sb); } static const char* get_option(const char* options, const char* option_name) @@ -208,6 +217,23 @@ exfat_error("exFAT file system is not found"); return -EIO; } + /* sector cannot be smaller than 512 bytes */ + if (ef->sb->sector_bits < 9) + { + exfat_close(ef->dev); + exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits); + free(ef->sb); + return -EIO; + } + /* officially exFAT supports cluster size up to 32 MB */ + if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25) + { + exfat_close(ef->dev); + exfat_error("too big cluster size: 2^(%hhd+%hhd)", +ef->sb->sector_bits, ef->sb->spc_bits); + free(ef->sb); + return -EIO; + } ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb)); if (ef->zero_cluster == NULL) { @@ -242,16 +268,6 @@ free(ef->sb); return -EIO; } - /* officially exFAT supports cluster size up to 32 MB */ - if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25) - { - free(ef->zero_cluster); - exfat_close(ef->dev); - exfat_error("too big cluster size: 2^%d", -(int) ef->sb->sector_bits + (int) ef->sb->spc_bits); - free(ef->sb); - return -EIO; - } if (le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb) > exfat_get_size(ef->dev)) {
Bug#803362: jessie-pu: package exfat-utils/1.1.0-2+deb8u1
On Fri, Oct 30, 2015 at 02:22:45PM +, Adam D. Barratt wrote: Hi, > [I also note with a little amusement that the version of exfat-utils in > wheezy appears to have been the only revision of the package ever to > have had an explicit patch system (not counting the change to "3.0 > (quilt)".] I added and droped it whenever patching was required or not. Turned out to be a pain in the ass so that I now moved on to 3.0(quilt). > Please go ahead; thanks. Uploaded for jessie. This ack was only for jessie and we handle the wheezy upload in the other bug, right? Sven
Bug#803387: wheezy-pu: package exfat-utils/0.9.7-2+deb7u1
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian@packages.debian.org Usertags: pu Hi, The Fuzzing Project found two issues in the exfat-utils package and the security team asked me to fix them via a stable update. exfat-utils (0.9.7-2+deb7u1) wheezy; urgency=medium * Add d/patches/check-sector-and-cluster-size. Fix for https://github.com/relan/exfat/issues/5 found and reported by The Fuzzing Project. * Add d/patches/detect-infinite-loop. Fix for https://github.com/relan/exfat/issues/6 found and reported by The Fuzzing Project. -- Sven Hoexter <hoex...@debian.org> Thu, 29 Oct 2015 12:37:48 +0100 -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -u exfat-utils-0.9.7/debian/gbp.conf exfat-utils-0.9.7/debian/gbp.conf --- exfat-utils-0.9.7/debian/gbp.conf +++ exfat-utils-0.9.7/debian/gbp.conf @@ -2,0 +3 @@ +debian-branch = wheezy-updates diff -u exfat-utils-0.9.7/debian/changelog exfat-utils-0.9.7/debian/changelog --- exfat-utils-0.9.7/debian/changelog +++ exfat-utils-0.9.7/debian/changelog @@ -1,3 +1,14 @@ +exfat-utils (0.9.7-2+deb7u1) wheezy; urgency=medium + + * Add d/patches/check-sector-and-cluster-size. Fix for +https://github.com/relan/exfat/issues/5 found and reported by +The Fuzzing Project. + * Add d/patches/detect-infinite-loop. Fix for +https://github.com/relan/exfat/issues/6 found and reported by +The Fuzzing Project. + + -- Sven Hoexter <hoex...@debian.org> Thu, 29 Oct 2015 12:37:48 +0100 + exfat-utils (0.9.7-2) unstable; urgency=low * Move manual link creation from debian/rules to debian/links diff -u exfat-utils-0.9.7/debian/patches/series exfat-utils-0.9.7/debian/patches/series --- exfat-utils-0.9.7/debian/patches/series +++ exfat-utils-0.9.7/debian/patches/series @@ -2,0 +3,2 @@ +check-sector-and-cluster-size +detect-infinite-loop only in patch2: unchanged: --- exfat-utils-0.9.7.orig/debian/patches/check-sector-and-cluster-size +++ exfat-utils-0.9.7/debian/patches/check-sector-and-cluster-size @@ -0,0 +1,49 @@ +Patch for https://github.com/relan/exfat/issues/5 +See also: +https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html +Index: exfat-utils/libexfat/mount.c +=== +--- exfat-utils.orig/libexfat/mount.c exfat-utils/libexfat/mount.c +@@ -172,6 +172,24 @@ int exfat_mount(struct exfat* ef, const + exfat_error("exFAT file system is not found"); + return -EIO; + } ++ /* sector cannot be smaller than 512 bytes */ ++if (ef->sb->sector_bits < 9) ++{ ++exfat_close(ef->dev); ++exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits); ++free(ef->sb); ++return -EIO; ++} ++/* officially exFAT supports cluster size up to 32 MB */ ++if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25) ++{ ++exfat_close(ef->dev); ++exfat_error("too big cluster size: 2^(%hhd+%hhd)", ++ef->sb->sector_bits, ef->sb->spc_bits); ++free(ef->sb); ++return -EIO; ++} ++ + if (ef->sb->version.major != 1 || ef->sb->version.minor != 0) + { + exfat_close(ef->dev); +@@ -187,16 +205,6 @@ int exfat_mount(struct exfat* ef, const + exfat_error("unsupported FAT count: %hhu", ef->sb->fat_count); + return -EIO; + } +- /* officially exFAT supports cluster size up to 32 MB */ +- if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25) +- { +- exfat_close(ef->dev); +- free(ef->sb); +- exfat_error("too big cluster size: 2^%d", +-(int) ef->sb->sector_bits + (int) ef->sb->spc_bits); +- return -EIO; +- } +- + ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb)); + if (ef->zero_cluster == NULL) + { only in patch2: unchanged: --- exfat-utils-0.9.7.orig/debian/patches/detect-infinite-loop +++ exfat-utils-0.9.7/debian/patches/detect-infinite-loop @@ -0,0 +1,48 @@ +Patch for https://github.com/relan/exfat/issues/6 +See also: +https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html +Index: exfat-utils/libexfat/mount.c +=== +--- exfat-utils.orig/libexfat/mount.c exfat-utils/libexfat/mount.c +@@ -27,17 +27,32 @@ + + static uint64_t rootdir_size(const struct exfat* ef) + { +- uint64_t clusters = 0; ++
Bug#803362: jessie-pu: package exfat-utils/1.1.0-2+deb8u1
On Thu, Oct 29, 2015 at 03:01:09PM +, Adam D. Barratt wrote: > On 2015-10-29 8:57, Sven Hoexter wrote: Hi Adam, > > * Add quilt to build-deps. > > * Add --with quilt to dh invocation in d/rules. > > Why is that being suggested for the jessie update but not the equivalent > wheezy update? (For completeness we're generally not in favour of adding > patch systems in stable updates.) Because the jessie package is source format 1.0 without a patch system ATM. I thought adding quilt again is less invasive then changing the source format. For the package in unstable I already opted to use source format 3.0(quilt). > > * Add d/patches/check-sector-and-cluster-size. Fix for > >https://github.com/relan/exfat/issues/5 found and reported by > >The Fuzzing Project. > > * Add d/patches/detect-infinite-loop. Fix for > >https://github.com/relan/exfat/issues/6 found and reported by > >The Fuzzing Project. > > Are both of these issues resolved in (or not relevant to) unstable? They're already fixed in 1.2.1 which is part of unstable and testing. Sven
Bug#803362: jessie-pu: package exfat-utils/1.1.0-2+deb8u1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi, The Fuzzing Project found two issues in the exfat-utils package and the security team asked me to fix them via a stable update. Changelog: exfat-utils (1.1.0-2+deb8u1) jessie; urgency=medium * Add quilt to build-deps. * Add --with quilt to dh invocation in d/rules. * Add d/patches/check-sector-and-cluster-size. Fix for https://github.com/relan/exfat/issues/5 found and reported by The Fuzzing Project. * Add d/patches/detect-infinite-loop. Fix for https://github.com/relan/exfat/issues/6 found and reported by The Fuzzing Project. -- Sven Hoexter <hoex...@debian.org> Thu, 29 Oct 2015 09:40:20 +0100 -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -u exfat-utils-1.1.0/debian/changelog exfat-utils-1.1.0/debian/changelog --- exfat-utils-1.1.0/debian/changelog +++ exfat-utils-1.1.0/debian/changelog @@ -1,3 +1,16 @@ +exfat-utils (1.1.0-2+deb8u1) jessie; urgency=medium + + * Add quilt to build-deps. + * Add --with quilt to dh invocation in d/rules. + * Add d/patches/check-sector-and-cluster-size. Fix for +https://github.com/relan/exfat/issues/5 found and reported by +The Fuzzing Project. + * Add d/patches/detect-infinite-loop. Fix for +https://github.com/relan/exfat/issues/6 found and reported by +The Fuzzing Project. + + -- Sven Hoexter <hoex...@debian.org> Thu, 29 Oct 2015 09:40:20 +0100 + exfat-utils (1.1.0-2) unstable; urgency=low * Remove debian/watch - recent changes at Google code required diff -u exfat-utils-1.1.0/debian/control exfat-utils-1.1.0/debian/control --- exfat-utils-1.1.0/debian/control +++ exfat-utils-1.1.0/debian/control @@ -2,7 +2,7 @@ Section: otherosfs Priority: optional Maintainer: Sven Hoexter <hoex...@debian.org> -Build-Depends: debhelper (>= 9), scons +Build-Depends: debhelper (>= 9), scons, quilt Standards-Version: 3.9.5 Homepage: http://code.google.com/p/exfat/ Vcs-Git: git://git.sven.stormbind.net/git/sven/exfat-utils.git diff -u exfat-utils-1.1.0/debian/gbp.conf exfat-utils-1.1.0/debian/gbp.conf --- exfat-utils-1.1.0/debian/gbp.conf +++ exfat-utils-1.1.0/debian/gbp.conf @@ -2,0 +3 @@ +debian-branch = jessie-updates diff -u exfat-utils-1.1.0/debian/rules exfat-utils-1.1.0/debian/rules --- exfat-utils-1.1.0/debian/rules +++ exfat-utils-1.1.0/debian/rules @@ -6,7 +6,7 @@ export CCFLAGS = $(CFLAGS) -Wall -std=c99 -D_GNU_SOURCE %: - dh $@ + dh $@ --with quilt override_dh_auto_build: scons only in patch2: unchanged: --- exfat-utils-1.1.0.orig/debian/README.source +++ exfat-utils-1.1.0/debian/README.source @@ -0,0 +1,5 @@ +This package uses quilt to manage the patches in debian/patches. +For further information please install the quilt package and read +/usr/share/doc/quilt/README.source. + + -- sven <sven@shoexter.internal>, Thu, 29 Oct 2015 09:05:34 +0100 only in patch2: unchanged: --- exfat-utils-1.1.0.orig/debian/patches/check-sector-and-cluster-size +++ exfat-utils-1.1.0/debian/patches/check-sector-and-cluster-size @@ -0,0 +1,48 @@ +Patch for https://github.com/relan/exfat/issues/5 +See also: +https://blog.fuzzing-project.org/25-Heap-overflow-and-endless-loop-in-exfatfsck-exfat-utils.html +Index: exfat-utils/libexfat/mount.c +=== +--- exfat-utils.orig/libexfat/mount.c exfat-utils/libexfat/mount.c +@@ -208,6 +208,23 @@ int exfat_mount(struct exfat* ef, const + exfat_error("exFAT file system is not found"); + return -EIO; + } ++ /* sector cannot be smaller than 512 bytes */ ++ if (ef->sb->sector_bits < 9) ++ { ++ exfat_close(ef->dev); ++ exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits); ++ free(ef->sb); ++ return -EIO; ++ } ++ /* officially exFAT supports cluster size up to 32 MB */ ++ if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25) ++ { ++ exfat_close(ef->dev); ++ exfat_error("too big cluster size: 2^(%hhd+%hhd)", ++ef->sb->sector_bits, ef->sb->spc_bits); ++ free(ef->sb); ++ return -EIO; ++ } + ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb)); + if (ef->zero_cluster == NULL) + { +@@ -242,16 +259,6 @@ int exfat_mount(struct exfat* ef, const + free(ef->sb); + return -EIO; + } +- /* officially exFAT supports cluster size up to 32 MB */ +- if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25) +- { +- free(ef->zero_cluster); +- exfat_close(ef->dev); +- exfat_error("too big cluster size: 2^%d",
Re: libapache2-mod-rpaf upload to stable-proposed-updates
On Thu, Dec 27, 2012 at 05:14:39PM +0400, Sergey B Kirpichev wrote: Hi, I would like to make an upload to stable in order to fix bugs #636893 (drop yada using) and #653330 (configuration file ignored). The full debdiff between this new package version and the version 0.5-3+squeeze1 currently in Squeeze is attached. Sven, would you like to sponsor this upload? Do we have a real demand to get this fixed in squeeze? As far as I remember there were some crash issue with the mod_rpaf version in squeeze, which led me to the QA upload of the 0.6 release back then. In all cases of mod_rpaf usage I've been involved lately, we've used a backport of the unstable package. So while I'm in general willing to sponsor the upload, in case the stable release team is ok with this change, I currently don't see the benefit. Cheers, Sven -- We are what you say We are not what you think [ Dead Sara - We are what you say ] -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121227133149.GA2915@colin
Bug#680783: unblock: netsed/1.00b-2.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package netsed 1.00b-2.1 contains a fix for #676126 (FTBFS and thus RC), changelog is: netsed (1.00b-2.1) unstable; urgency=low . * Non-maintainer upload. * Add 05-ftbfs_ruby1.9_testsuite_require_syntax.diff to adjust to changes in the Ruby 1.9 require syntax. (Closes: #676126) * Build-Depend on procps - ps is used within test/tc_system.rb unblock netsed/1.00b-2.1 TIA, Sven diff -Nru netsed-1.00b/debian/changelog netsed-1.00b/debian/changelog --- netsed-1.00b/debian/changelog 2011-08-24 20:56:14.0 +0200 +++ netsed-1.00b/debian/changelog 2012-07-08 16:33:48.0 +0200 @@ -1,3 +1,12 @@ +netsed (1.00b-2.1) unstable; urgency=low + + * Non-maintainer upload. + * Add 05-ftbfs_ruby1.9_testsuite_require_syntax.diff to adjust to +changes in the Ruby 1.9 require syntax. (Closes: #676126) + * Build-Depend on procps - ps is used within test/tc_system.rb. + + -- Sven Hoexter hoex...@debian.org Sun, 08 Jul 2012 14:59:24 +0200 + netsed (1.00b-2) unstable; urgency=low * debian/control: Improve description. diff -Nru netsed-1.00b/debian/control netsed-1.00b/debian/control --- netsed-1.00b/debian/control 2011-08-24 20:56:14.0 +0200 +++ netsed-1.00b/debian/control 2012-07-08 16:33:08.0 +0200 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Mats Erik Andersson mats.anders...@gisladisker.se Standards-Version: 3.9.2 -Build-Depends: debhelper (= 8.0.0~), ruby +Build-Depends: debhelper (= 8.0.0~), ruby, procps Homepage: http://silicone.homelinux.org/projects/netsed/ Vcs-Git: git://anonscm.debian.org/collab-maint/netsed.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/netsed.git diff -Nru netsed-1.00b/debian/patches/05-ftbfs_ruby1.9_testsuite_require_syntax.diff netsed-1.00b/debian/patches/05-ftbfs_ruby1.9_testsuite_require_syntax.diff --- netsed-1.00b/debian/patches/05-ftbfs_ruby1.9_testsuite_require_syntax.diff 1970-01-01 01:00:00.0 +0100 +++ netsed-1.00b/debian/patches/05-ftbfs_ruby1.9_testsuite_require_syntax.diff 2012-07-08 16:55:06.0 +0200 @@ -0,0 +1,85 @@ +Description: Add ./ prefix to all local require statements + In Ruby 1.9 the syntax to include local files + via require changed. We now have to use a ./ + prefix when local files should be included. +Bug: http://bugs.debian.org/676126 +Author: Sven Hoexter s...@timegate.de +Forwarded: yes +Last-Updated: 2012-07-08 +--- a/test/tc_rules.rb b/test/tc_rules.rb +@@ -5,7 +5,7 @@ + # this file implements checks for netsed rules in class TC_RuleTest + + require 'test/unit' +-require 'test_helper' ++require './test_helper' + + # Test Case for netsed rules + class TC_RuleTest Test::Unit::TestCase +--- a/test/tc_system.rb b/test/tc_system.rb +@@ -5,7 +5,7 @@ + # this file implements checks for netsed system behaviour in class TC_SystemTest + + require 'test/unit' +-require 'test_helper' ++require './test_helper' + require 'thread' + + # Test Case for netsed system behaviour +--- a/test/tc_tcp.rb b/test/tc_tcp.rb +@@ -8,7 +8,7 @@ + # + + require 'test/unit' +-require 'test_helper' ++require './test_helper' + + # Test Case for TCP + # +--- a/test/tc_ttl.rb b/test/tc_ttl.rb +@@ -5,7 +5,7 @@ + # this file implements checks for the TTL (time-to-live) feature of netsed rules in the class TC_TTLTest. + + require 'test/unit' +-require 'test_helper' ++require './test_helper' + + # Test Case for netsed TTL (time-to-live) feature + class TC_TTLTest Test::Unit::TestCase +--- a/test/tc_udp.rb b/test/tc_udp.rb +@@ -1,4 +1,5 @@ + #!/usr/bin/ruby ++# -*- coding: utf-8 -*- + # netsed Unit::Tests + # (c) 2010 Julien Viard de Galbert jul...@silicone.homelinux.org + # +@@ -8,7 +9,7 @@ + # + + require 'test/unit' +-require 'test_helper' ++require './test_helper' + + # Test Case for UDP + # +--- a/test/ts_full.rb b/test/ts_full.rb +@@ -13,11 +13,11 @@ + require 'test/unit' + + Dir.chdir(File.dirname(__FILE__)) +-require 'test_helper' ++require './test_helper' + + Dir .glob('tc_*.rb') { |f| + #puts adding #{f} +- require f ++ require ./ + f + } + + # vim:sw=2:sta:et: diff -Nru netsed-1.00b/debian/patches/series netsed-1.00b/debian/patches/series --- netsed-1.00b/debian/patches/series 2011-08-24 20:56:14.0 +0200 +++ netsed-1.00b/debian/patches/series 2012-07-08 14:55:39.0 +0200 @@ -2,3 +2,4 @@ 02-ftbfs_kfreebsd.diff 03-traditional_rule.diff 04-check_dual_stack.diff +05-ftbfs_ruby1.9_testsuite_require_syntax.diff
Re: [SECURITY] [DSA-2158-1] cgiirc security update
On Wed, Feb 23, 2011 at 10:12:08AM +0100, Philipp Kern wrote: why wasn't this fixed (e.g. through an NMU) in unstable, too? The announcement doesn't even mention unstable albeit it's the same version. sarcasm We currently seem to have a slightly better protection for the unstable package; it doesn't work at all (at least for me). *** An error occurred: Program ending: Bad arg length for Socket::inet_ntoa, length is 0, should be 4 at /usr/lib/cgi-bin/cgiirc/nph-irc.cgi line 673, IP line 7. /sarcasm I'm not sure if that might be IPv6 related. There's some upstream activity so it would be nice to know if des@d.o is already known to be MIA before pushing this for removal or orphan the package. Sven -- And I don't know much, but I do know this: With a golden heart comes a rebel fist. [ Streetlight Manifesto - Here's To Life ] -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110223141123.GA10794@marvin
Re: [SECURITY] [DSA-2158-1] cgiirc security update
On Wed, Feb 23, 2011 at 03:11:23PM +0100, Sven Hoexter wrote: *** An error occurred: Program ending: Bad arg length for Socket::inet_ntoa, length is 0, should be 4 at /usr/lib/cgi-bin/cgiirc/nph-irc.cgi line 673, IP line 7. /sarcasm I'm not sure if that might be IPv6 related. That is indeed v6 related. I've now uploaded a NMU to DELAYED/2 with the patch from the Security Team upload just in case someone would like to object. .diff.gz should hit #612671 soon Sven -- And I don't know much, but I do know this: With a golden heart comes a rebel fist. [ Streetlight Manifesto - Here's To Life ] -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110223165523.GB10794@marvin
Please unblock ptex-bin 3.1.10+0.04b-2.1
Hi, please unblock ptex-bin 3.1.10+0.04b-2.1, this should resolve #503543. Changelog: ptex-bin (3.1.10+0.04b-2.1) unstable; urgency=low * Non-maintainer upload. * Add a lot of if checks for mktexlsr, update-texmf and update-texmf in the maintainer scripts to ensure that they don't break during upgrades (Closes: #503543). * Create /var/lib/texmf/web2c/ptex directory if it doesn't exist in ptex-bin.postinst. This will ensure working upgrades for etch-lenny in cases where the old tetex packages are still installed. The new fmtutil-sys from texlive is capable of creating this directory itself. * Remove or'ed dependency on tetex packages. -- Sven Hoexter [EMAIL PROTECTED] Wed, 05 Nov 2008 20:04:13 +0100 Debdiff of the source is attached. Thanks. Sven -- If God passed a mic to me to speak I'd say stay in bed, world Sleep in peace [The Cardigans - 03:45: No sleep] diff -u ptex-bin-3.1.10+0.04b/debian/ptex-bin.preinst ptex-bin-3.1.10+0.04b/debian/ptex-bin.preinst --- ptex-bin-3.1.10+0.04b/debian/ptex-bin.preinst +++ ptex-bin-3.1.10+0.04b/debian/ptex-bin.preinst @@ -46,7 +46,9 @@ dpkg-divert --package ptex-bin --add --rename --divert \ /usr/share/man/man1/tftopl.nonja.1.gz /usr/share/man/man1/tftopl.1.gz -mktexlsr +if [ -x `which mktexlsr 2/dev/null` ]; then + mktexlsr +fi ;; diff -u ptex-bin-3.1.10+0.04b/debian/control ptex-bin-3.1.10+0.04b/debian/control --- ptex-bin-3.1.10+0.04b/debian/control +++ ptex-bin-3.1.10+0.04b/debian/control @@ -8,7 +8,7 @@ Package: ptex-bin Architecture: any Replaces: platex -Depends: ptex-base (= 1:2.0-3), texlive-base-bin | tetex-bin (= 2.0.2-17), texlive-math-extra | tetex-extra, ${shlibs:Depends} +Depends: ptex-base (= 1:2.0-3), texlive-base-bin, texlive-math-extra, ${shlibs:Depends} Suggests: dvipsk-ja, jbibtex-bin, jmpost, mendexk Conflicts: platex Description: The ASCII pTeX binary files @@ -33,7 +33,7 @@ Package: jmpost Architecture: any -Depends: ${shlibs:Depends}, texlive-base-bin | tetex-bin (= 1.0.7+20011202-5.1) +Depends: ${shlibs:Depends}, texlive-base-bin Recommends: ptex-bin, dvipsk-ja Description: Japanized MetaPost, a system for drawing pictures This is jMetaPost, a Japanized MetaPost based on the original diff -u ptex-bin-3.1.10+0.04b/debian/jbibtex-bin.postrm ptex-bin-3.1.10+0.04b/debian/jbibtex-bin.postrm --- ptex-bin-3.1.10+0.04b/debian/jbibtex-bin.postrm +++ ptex-bin-3.1.10+0.04b/debian/jbibtex-bin.postrm @@ -27,9 +27,13 @@ mv /etc/texmf/texmf.d/60jbibtex.cnf /etc/texmf/texmf.d/60jbibtex.bak - update-texmf - - mktexlsr + if [ -x `which update-texmf 2/dev/null` ]; then + update-texmf + fi + + if [ -x `which mktexlsr 2/dev/null` ]; then + mktexlsr + fi ;; diff -u ptex-bin-3.1.10+0.04b/debian/jmpost.postinst ptex-bin-3.1.10+0.04b/debian/jmpost.postinst --- ptex-bin-3.1.10+0.04b/debian/jmpost.postinst +++ ptex-bin-3.1.10+0.04b/debian/jmpost.postinst @@ -25,7 +25,9 @@ case $1 in configure) -mktexlsr + if [ -x `which mktexlsr 2/dev/null` ]; then + mktexlsr + fi ln -sf /usr/bin/jmpost /usr/bin/inijmpost ln -sf /usr/bin/jmpost /usr/bin/virjmpost diff -u ptex-bin-3.1.10+0.04b/debian/changelog ptex-bin-3.1.10+0.04b/debian/changelog --- ptex-bin-3.1.10+0.04b/debian/changelog +++ ptex-bin-3.1.10+0.04b/debian/changelog @@ -1,3 +1,17 @@ +ptex-bin (3.1.10+0.04b-2.1) unstable; urgency=low + + * Non-maintainer upload. + * Add a lot of if checks for mktexlsr, update-texmf and update-texmf +in the maintainer scripts to ensure that they don't break during +upgrades (Closes: #503543). + * Create /var/lib/texmf/web2c/ptex directory if it doesn't exist in +ptex-bin.postinst. This will ensure working upgrades for etch-lenny +in cases where the old tetex packages are still installed. The new +fmtutil-sys from texlive is capable of creating this directory itself. + * Remove or'ed dependency on tetex packages. + + -- Sven Hoexter [EMAIL PROTECTED] Wed, 05 Nov 2008 20:04:13 +0100 + ptex-bin (3.1.10+0.04b-2) unstable; urgency=low * Bumped to Standards-Version: 3.7.3. diff -u ptex-bin-3.1.10+0.04b/debian/jmpost.postrm ptex-bin-3.1.10+0.04b/debian/jmpost.postrm --- ptex-bin-3.1.10+0.04b/debian/jmpost.postrm +++ ptex-bin-3.1.10+0.04b/debian/jmpost.postrm @@ -19,11 +19,11 @@ case $1 in purge|remove) - if mktexlsr --help /dev/null 21; then - mktexlsr - fi + if [ -x `which mktexlsr 2/dev/null` ]; then + mktexlsr + fi -;; + ;; upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) diff -u ptex-bin-3.1.10+0.04b/debian/ptex-bin.postinst ptex-bin-3.1.10+0.04b/debian/ptex-bin.postinst --- ptex-bin-3.1.10+0.04b/debian/ptex-bin.postinst +++ ptex-bin-3.1.10+0.04b/debian/ptex-bin.postinst @@ -37,7 +37,11 @@ EOF fi + +if [ -x `which update-texmf 2/dev/null` ]; then update-texmf +fi + # Generate /etc/texmf/fmt.d
Permission for xosd NMU?
Hi, while preparing an NMU for xosd #495246 I tried to pick some of the low hanging fruits and the diff got slightly big now. So I'm asking if you'd like to get the whole patch with the following changelog (debdiff attached) or only the bugfixes? xosd (2.2.14-1.6) unstable; urgency=low . * Non-maintainer upload. * Replace pseudo dynamic Build-Conflict on libxosd-dev with an explicit one on libxosd-dev 2.2.14 which is the current source:Version. Closes: #495246 * Replace Source-Version with source:Version for libxosd-dev Depends. * Replace the pseudo Homepage field with the real one. * Change the Homepage from http://www.ignavus.net/software.html to http://libxosd.sourceforge.net which offers a link for the current source download and the old website. * Remove Suggests: xfonts-base-transcoded from libxosd2. Closes: #370034 * Updated the copyright file to reflect the website where you can obtain the source code and the license used. Sven -- If God passed a mic to me to speak I'd say stay in bed, world Sleep in peace [The Cardigans - 03:45: No sleep] diff -u xosd-2.2.14/debian/changelog xosd-2.2.14/debian/changelog --- xosd-2.2.14/debian/changelog +++ xosd-2.2.14/debian/changelog @@ -1,3 +1,20 @@ +xosd (2.2.14-1.6) unstable; urgency=low + + * Non-maintainer upload. + * Replace pseudo dynamic Build-Conflict on libxosd-dev with an explicit +one on libxosd-dev 2.2.14 which is the current source:Version. +Closes: #495246 + * Replace Source-Version with source:Version for libxosd-dev Depends. + * Replace the pseudo Homepage field with the real one. + * Change the Homepage from http://www.ignavus.net/software.html to +http://libxosd.sourceforge.net which offers a link for the current +source download and the old website. + * Remove Suggests: xfonts-base-transcoded from libxosd2. Closes: #370034 + * Updated the copyright file to reflect the website where you can obtain +the source code and the license used. + + -- Sven Hoexter [EMAIL PROTECTED] Mon, 25 Aug 2008 09:34:31 +0200 + xosd (2.2.14-1.5) unstable; urgency=low * Non-maintainer upload. diff -u xosd-2.2.14/debian/copyright xosd-2.2.14/debian/copyright --- xosd-2.2.14/debian/copyright +++ xosd-2.2.14/debian/copyright @@ -5,8 +5,11 @@ -It was downloaded from http://www.ignavus.net/software.html +It was downloaded from http://libxosd.sourceforge.net Upstream author: Andre Renaud [EMAIL PROTECTED] Maintainer: Tim Wright [EMAIL PROTECTED] Copyright: - -See /usr/share/common-licenses/GPL +Copyright 2000, 2001 Andre Renaud ([EMAIL PROTECTED]) +This package is licensed under the GPL version 2 or any +later version. +On a Debian system you can find the licence text in +/usr/share/common-licenses/GPL-2. diff -u xosd-2.2.14/debian/control xosd-2.2.14/debian/control --- xosd-2.2.14/debian/control +++ xosd-2.2.14/debian/control @@ -3,8 +3,10 @@ Priority: optional Maintainer: Philipp Matthias Hahn [EMAIL PROTECTED] Build-Depends: libgtk1.2-dev, libtool, debhelper (= 4.1.0), libgdk-pixbuf-dev, libx11-dev, libxext-dev, x11proto-core-dev, x11proto-xinerama-dev, x11proto-xext-dev, libxinerama-dev, cdbs -Build-Conflicts: libxosd-dev ( ${Source-Version}) +Build-Conflicts: libxosd-dev ( 2.2.14) Standards-Version: 3.6.1.1 +Homepage: http://libxosd.sourceforge.net + Package: libxosd2 Section: libs @@ -12,16 +14,13 @@ Depends: ${shlibs:Depends} Conflicts: libxosd Replaces: libxosd, libxosd0 -Suggests: xfonts-base-transcoded Description: X On-Screen Display library - runtime A library for displaying a TV-like on-screen display in X. - . - Homepage: http://www.ignavus.net/software.html Package: libxosd-dev Section: libdevel Architecture: any -Depends: libxosd2 (= ${Source-Version}), libx11-dev, libxext-dev, ${shlibs:Depends}, libxinerama-dev +Depends: libxosd2 (= ${source:Version}), libx11-dev, libxext-dev, ${shlibs:Depends}, libxinerama-dev Conflicts: libxosd Description: X On-Screen Display library - development A library for displaying a TV-like on-screen display in X. @@ -39,3 +37,0 @@ - . - Homepage: http://www.ignavus.net/software.html -
Please give-back lyx-1.5.5-1 on mipsel
Hi, would be nice if someone could give-back lyx 1.5.5-1 on mipsel. It failed due to a missing dpkg 1.14.19 which seems to be available now. Regards, Sven -- If God passed a mic to me to speak I'd say stay in bed, world Sleep in peace [The Cardigans - 03:45: No sleep] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Pkg-lyx-devel] Please give-back lyx-1.5.4-2 on mips and powerpc
On Thu, May 08, 2008 at 12:40:08PM +0200, Marc 'HE' Brockschmidt wrote: Thiemo Seufer [EMAIL PROTECTED] writes: Hi, For powerpc it seems to be a buildd timeout due to some transient problem. (The lyx build logs show no history of buildd timeouts.) OK, thanks. Given back now. The build on mips was successfull this time but the powerpc build on voltaire failed again. Honestly I've no clue why it stuck and subsequently got killed again. Sven -- If God passed a mic to me to speak I'd say stay in bed, world Sleep in peace [The Cardigans - 03:45: No sleep] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Please give-back lyx-1.5.4-2 on mips and powerpc
Hi, would be cool if someone could give-back lyx-1.5.4-2 on mips and powerpc so that lyx can hopefully migrate to testing in the next days. Currently users of Lenny are hit by #475523 after Qt 4.4 migrated to testing. Thanks, Sven -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: LyX 1.4.3-3 suitable for etch?
On Tue, Mar 13, 2007 at 11:16:03AM +0100, Sven Hoexter wrote: Dear RMs, on 2007-02-22 I got LyX 1.4.3-3 uploaded to unstable with a fix for #411043 which is in some cases a bigger problem then I thought when this bug appeared first. a) Please take a look at the diff between LyX 1.4.3-2 and 1.4.3-3 and decide if the changes are suitable for the Debian/etch release. I've attached the interdiff for your convenience. b) If you think a) is ok maybe you can pull a trigger to get it build on the missing architectures and let it propagate to testing. first of all thanks to the person who made it possible that the package has been build on the missing architectures within the next 24h after I wrote this mail. Now I'd like to ask you (again) if you could hint LyX 1.4.3-3 into testing. The bug that will be fixed resolves a situation where LyX is nearly unusable in some cicumstances. I'd really appreciate if you could hint the package to testing. Thanks for considering, Sven -- If you won't forgive me the rest of my life Let me apologize while I'm still alive I know it's time to face all of my past mistakes [Less than Jake - Rest Of My Life] signature.asc Description: Digital signature
LyX 1.4.3-3 suitable for etch?
Dear RMs, on 2007-02-22 I got LyX 1.4.3-3 uploaded to unstable with a fix for #411043 which is in some cases a bigger problem then I thought when this bug appeared first. Well back in February I thought that it would be possible for the Debian buildd network to get the package build on all release architectures within a week. As of today I'd say that this thought was too naive and the builds for alpha, ppc, mips and mipsel are still missing. Counting in the falling number of RC bugs and we're nearing the release I'm now asking for two things: a) Please take a look at the diff between LyX 1.4.3-2 and 1.4.3-3 and decide if the changes are suitable for the Debian/etch release. I've attached the interdiff for your convenience. b) If you think a) is ok maybe you can pull a trigger to get it build on the missing architectures and let it propagate to testing. Thanks for considering, Sven -- If you won't forgive me the rest of my life Let me apologize while I'm still alive I know it's time to face all of my past mistakes [Less than Jake - Rest Of My Life] diff -u lyx-1.4.3/debian/patches/series lyx-1.4.3/debian/patches/series --- lyx-1.4.3/debian/patches/series +++ lyx-1.4.3/debian/patches/series @@ -2,0 +3 @@ +06.insetassertions diff -u lyx-1.4.3/debian/changelog lyx-1.4.3/debian/changelog --- lyx-1.4.3/debian/changelog +++ lyx-1.4.3/debian/changelog @@ -1,3 +1,11 @@ +lyx (1.4.3-3) unstable; urgency=low + + * Adding patch 06.insetassertions (r16831 from upstream svn) +This is a fix for assertions reported by several people. +Closes: #411043 + + -- Sven Hoexter [EMAIL PROTECTED] Thu, 22 Feb 2007 16:09:16 +0100 + lyx (1.4.3-2) unstable; urgency=low [ Sven Hoexter ] only in patch2: unchanged: --- lyx-1.4.3.orig/debian/patches/06.insetassertions +++ lyx-1.4.3/debian/patches/06.insetassertions @@ -0,0 +1,35 @@ +Index: BRANCH_1_4_X/src/cursor.C +=== +--- BRANCH_1_4_X/src/cursor.C (revision 16431) BRANCH_1_4_X/src/cursor.C (revision 16831) +@@ -99,5 +99,18 @@ + int yo; + InsetBase const * inset = it.inset(); +- Point o = theCoords.getInsets().xy(inset); ++ std::mapInsetBase const *, Point const data = ++theCoords.getInsets().getData(); ++ std::mapInsetBase const *, Point::const_iterator I = data.find(inset); ++ ++ // FIXME: in the case where the inset is not in the cache, this ++ // means that no part of it is visible on screen. In this case ++ // we don't do elaborate search and we just return the forwarded ++ // DocIterator at its beginning. ++ if (I == data.end()) { ++it.top().pos() = 0; ++return it; ++ } ++ ++ Point o = I-second; + inset-cursorPos(it.top(), c.boundary(), xo, yo); + // Convert to absolute +Index: BRANCH_1_4_X/src/coordcache.h +=== +--- BRANCH_1_4_X/src/coordcache.h (revision 10321) BRANCH_1_4_X/src/coordcache.h (revision 16831) +@@ -95,4 +95,6 @@ + typedef std::mapT const *, Point cache_type; + cache_type data_; ++public: ++ cache_type const getData() const { return data_; } + }; + signature.asc Description: Digital signature