Bug#786844: xjdic: Multiple buffer overflows
Hello, Many thanks for your bug report, I'll try to fix this problem by adding a few strncpy() where needed in the next days, to provide a better fix. Regards, ludovic Le 26 mai 2015 02:11:28 CEST, Frédéric Brière fbri...@fbriere.net a écrit : Package: xjdic Version: 24-9 Severity: normal Tags: upstream patch [ Although buffer overflows are often regarded as security bugs, I'm filing this bug with normal severity, on the advice of the security team. ] There are several possible buffer overflows throughout the xjdic code (at least in the client). The easiest one to trigger is by reading from /dev/null: $ xjdic_sa /dev/null /dev/null *** buffer overflow detected ***: /usr/bin/xjdic_sa terminated [...] This is due to xjdic usually not checking getchar() for EOF (if not storing its return value outright in an unsigned char), thus appending it to its output buffer in an infinite loop. The one that prompted me to file this bug report occurs when reading a romaji string of 10 kana or more: simply typing @aa will crash the client. (Only romaji is affected; inputting kana directly works fine.) This is due to tempout[] being woefully short at 80 bytes; I'm attaching a patch that pushes that limit far enough for any EDICT entry. (This isn't an actual fix; the client will still crash, only it will take an unusually long input string for this to happen.) -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.16.0-4-amd64 (SMP w/3 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
Bug#788786: backuppc bug
Hi! In fact I had to fight with caching problems with Firefox, so in the end all I had to do to access the backuppc interface was to restart apache2. The warning that you have to restart it is displayed during the installation so, I will close the bug. Best regards, -- Ludovic Drolez Le 15 juin 2015 21:04:24 UTC+02:00, ldro...@debian.org a écrit : Booting on a live image allowed me to reproduce the bug. It seems that it works if you type http://localhost/backuppc/index.cgi Could you confirm ? Regards, Ludovic Le 15 juin 2015 17:30:23 UTC+02:00, Tyson Smith tysonsm...@gmail.com a écrit : Hi, No it is not related to my apache configuration. I have a production box that i had the problem on so i have reproduced this in a fresh install in a VM yesterday. Perform a fresh install of Debian 8.1 in a VM. login open a terminal and su to root apt-get install backuppc allow it to configure apache (default) run the command the installer gives you to reset the backuppc users password to password. open firefox navigate to localhost/backuppc type in backuppc/password on the login prompt. you will then get the BIN file download. It is 100% broken out of the box. Let me know if you have any trouble reproducing as i have reproduced it on a upgraded machine and also on a fresh install in a VM which i did just to test this. On Mon, Jun 15, 2015 at 6:04 AM, Ludovic Drolez ldro...@debian.org wrote: Hello, Sorry, I cannot reproduce your bug. Maybe it's related to your apache configuration. Regards, -- Ludovic Drolez. http://www.aopensource.com - The Android Open Source Portal http://www.drolez.com - Personal site - Linux and Free Software -- Tyson Smith -- Ludovic Drolez. http://www.aopensource.com - The Android Open Source Portal http://www.drolez.com - Personal site - Linux and Free Software
Bug#788786: backuppc bug
Yes, Really strange, because I could reproduce this on a fresh vm. Did you run apache2ctl restart, as suggested during the installation? -- Ludovic Drolez Le 15 juin 2015 17:30:23 UTC+02:00, Tyson Smith tysonsm...@gmail.com a écrit : Hi, No it is not related to my apache configuration. I have a production box that i had the problem on so i have reproduced this in a fresh install in a VM yesterday. Perform a fresh install of Debian 8.1 in a VM. login open a terminal and su to root apt-get install backuppc allow it to configure apache (default) run the command the installer gives you to reset the backuppc users password to password. open firefox navigate to localhost/backuppc type in backuppc/password on the login prompt. you will then get the BIN file download. It is 100% broken out of the box. Let me know if you have any trouble reproducing as i have reproduced it on a upgraded machine and also on a fresh install in a VM which i did just to test this. On Mon, Jun 15, 2015 at 6:04 AM, Ludovic Drolez ldro...@debian.org wrote: Hello, Sorry, I cannot reproduce your bug. Maybe it's related to your apache configuration. Regards, -- Ludovic Drolez. http://www.aopensource.com - The Android Open Source Portal http://www.drolez.com - Personal site - Linux and Free Software -- Tyson Smith
Bug#788786: backuppc bug
Booting on a live image allowed me to reproduce the bug. It seems that it works if you type http://localhost/backuppc/index.cgi Could you confirm ? Regards, Ludovic Le 15 juin 2015 17:30:23 UTC+02:00, Tyson Smith tysonsm...@gmail.com a écrit : Hi, No it is not related to my apache configuration. I have a production box that i had the problem on so i have reproduced this in a fresh install in a VM yesterday. Perform a fresh install of Debian 8.1 in a VM. login open a terminal and su to root apt-get install backuppc allow it to configure apache (default) run the command the installer gives you to reset the backuppc users password to password. open firefox navigate to localhost/backuppc type in backuppc/password on the login prompt. you will then get the BIN file download. It is 100% broken out of the box. Let me know if you have any trouble reproducing as i have reproduced it on a upgraded machine and also on a fresh install in a VM which i did just to test this. On Mon, Jun 15, 2015 at 6:04 AM, Ludovic Drolez ldro...@debian.org wrote: Hello, Sorry, I cannot reproduce your bug. Maybe it's related to your apache configuration. Regards, -- Ludovic Drolez. http://www.aopensource.com - The Android Open Source Portal http://www.drolez.com - Personal site - Linux and Free Software -- Tyson Smith -- Ludovic Drolez. http://www.aopensource.com - The Android Open Source Portal http://www.drolez.com - Personal site - Linux and Free Software -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#762132: fglrx-driver: Update to 1:14.6~ga14.201-1 amd64: Mouse cursor gone
Hi ! Same problem here with an hybrid Radeon R7 M265 + Intel Haswell-ULT HD Graphics 4000. 3D acceleration is fine as well as opencl but, the desktop is unusable because of this bug. xeyes helps a little :-) ... Anybody knows about something better than xeyes to WA this bug ? TIA, -- Ludovic Drolez. http://www.aopensource.com - The Android Open Source Portal http://www.drolez.com - Personal site - Linux and Free Software -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#555544: blocking the ppc64el architecture bootstrap
Ok, I´ll upload a package this week. Thanks, -- Ludovic Drolez On 25 août 2014 05:27:43 UTC+02:00, Aurelien Jarno aure...@debian.org wrote: Dear maintainer, The ppc64el architecture has been added to the Debian archive. Your package swish-e fails to build as reported in bug #44 and the build log is available on [1]. It would be very nice if you can upload a fixed version of this package. Don't hesitate to ask questions if you need help to fix this bug. If you lack time for that, I can also proceed with an NMU. Thanks, Aurelien [1] https://buildd.debian.org/status/logs.php?pkg=swish-earch=ppc64el -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net
Bug#716516: [Mayhem] Bug report on xjdic: xjdxgen crashes with exit status 139
Hi! All the bugs are caused by poor argv parsing. (gdb) bt #0 strcmp () at ../sysdeps/i386/i686/strcmp.S:39 #1 0x08048884 in main (argc=3, argv=0xbe74) at xjdxgen.c:96 How to fix this quickly??? Excerpt of code around xjdxgen.c:96: ap = argv; arg_c = argc; while (arg_c 1) { --ap++; --if(strcmp(*ap,-h) == 0) --- CRASH ... ... --strcpy(strtmp,*ap); --strcpy(Dname,*ap); --strcpy(JDXname,*ap); --strcat(JDXname,.xjdx); --printf(Commandline request to use files %s and %s \n,Dname,JDXname); --ap++; --arg_c--; } -- Ludovic Drolez. http://www.aopensource.com - The Android Open Source Portal http://www.drolez.com - Personal site - Linux and Free Software -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#663975: backuppc: Default date format is confusing outside US
Hi! I'd like to close this bug, but is there a way to detect the prefered system date format ? 'locale' does not help... BR, Ludo Package: backuppc Version: 3.2.1-2 Severity: normal Dear Maintainer, In the web interface, by default, backuppc uses US-style date formats of the form mm/dd, e.g: 3/14. This is confusing to non-US users. In the case of dates like 3/12, the format is even ambiguous. Please change the default to be: $Conf{CgiDateFormatMMDD} = '0'; This has the added benefit of adding the year in the start date colum of the hosts summary. Without the year, for older backups, the creation year remains a guess at best. Regards, Rogier. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (x86_64) Kernel: Linux 3.2.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages backuppc depends on: ii adduser3.113+nmu1 ii bzip2 1.0.6-1 ii debconf [debconf-2.0] 1.5.41 ii dpkg 1.16.1.2 ii exim4 4.77-1 ii exim4-daemon-light [mail-transport-agent] 4.77-1+b1 ii iputils-ping 3:20101006-1+b1 ii libarchive-zip-perl1.30-5 ii libc6 2.13-26 ii libcompress-zlib-perl none ii libtime-modules-perl 2011.0517-1 ii libwww-perl6.04-1 ii mini-httpd [httpd] 1.19-9.2+b1 ii perl [libdigest-md5-perl] 5.14.2-7 ii samba-common-bin 2:3.6.3-1 ii smbclient 2:3.6.3-1 ii tar1.26-4 ii ucf3.0025+nmu2 Versions of packages backuppc recommends: ii libfile-rsyncp-perl 0.68-1.1+b3 ii libio-dirent-perl0.04-2+b3 ii openssh-client [ssh-client] 1:5.9p1-2 ii rrdtool 1.4.7-1 ii rsync3.0.9-1 Versions of packages backuppc suggests: ii elinks [www-browser] 0.12~pre5-7 ii iceweasel [www-browser] 10.0.2-1 ii konqueror [www-browser] 4:4.6.5-1 ii par2 0.4-11 ii w3m [www-browser]0.5.3-5 -- Configuration Files: /etc/backuppc/config.pl [Errno 13] Permission denied: u'/etc/backuppc/config.pl' /etc/backuppc/hosts changed [not included] -- debconf information excluded -- Ludovic Drolez. http://www.aopensource.com - The Android Open Source Portal -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#500845: Dictionary-files are becoming old
Hi! In fact the problem comes from the fact that dict files are updated from the 'edict' package only after the 1st install: iconv -c -f EUC-JP -t UTF-8 /usr/share/edict/kanjidic -o /usr/share/gjiten/dics/kanjidic ... ... So, I should add a fix in the edict package, to update also gjiten files if installed ?? Or add a simple update script for gjiten? As a quick WA, you can uninstall and reinstall gjiten... BR, -- Ludovic Drolez. http://www.aopensource.com - The Android Open Source Portal -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#661011: backuppc: CVE-2011-5081 cross-site scripting via RestoreFile action
Hi ! This bug is fixed in stable and testing, so I think it should be closed. BR, Ludo Source: backuppc Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for backuppc. CVE-2011-5081[0]: | Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC | 3.1.0, 3.2.1, and possibly other earlier versions allows remote | attackers to inject arbitrary web script or HTML via the share | parameter in a RestoreFile action to index.cgi. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5081 http://security-tracker.debian.org/tracker/CVE-2011-5081 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. -- Ludovic Drolez. http://www.aopensource.com - The Android Open Source Portal -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#560939: closing 560939
# Automatically generated email from bts, devscripts version 2.10.35lenny7 #linked against the system libxml close 560939 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org