Bug#919576: stretch-pu: package ncmpc/0.25-0.1
On Tue, 2019-02-05 at 09:09 +0100, kaliko wrote: > Shame /o\ > > On 04/02/2019 22:26, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Mon, 2019-01-28 at 14:35 +0100, kaliko wrote: > > > On 27/01/2019 09:14, Salvatore Bonaccorso wrote: > > > > On Thu, Jan 17, 2019 at 01:44:14PM +0100, kaliko wrote: > > > > [...] > > > > > Update fixing CVE-2018-9240 / #894724 > > > > > > > > […]> Please use for consistency (although that would be > > > > possible if > > > > 0.25-0.2 was never used) rather 0.25-0.1+deb9u1 for the > > > > version. > > > > > > I updated the patch according to your review (find attached). > > > > The diff you provided is reversed. Please feel free to upload the > > correctly-applied version. > > > Sorry for that, here is the correct patch. As per the above, please feel free to upload. :-) Regards, Adam
Bug#919576: stretch-pu: package ncmpc/0.25-0.1
Shame /o\
On 04/02/2019 22:26, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Mon, 2019-01-28 at 14:35 +0100, kaliko wrote:
>> On 27/01/2019 09:14, Salvatore Bonaccorso wrote:
>>> On Thu, Jan 17, 2019 at 01:44:14PM +0100, kaliko wrote:
> [...]
Update fixing CVE-2018-9240 / #894724
>>> […]> Please use for consistency (although that would be possible if
>>> 0.25-0.2 was never used) rather 0.25-0.1+deb9u1 for the version.
>>
>> I updated the patch according to your review (find attached).
>
> The diff you provided is reversed. Please feel free to upload the
> correctly-applied version.
Sorry for that, here is the correct patch.
Thanks
k
diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog
--- ncmpc-0.25/debian/changelog 2016-10-28 07:05:23.0 +0200
+++ ncmpc-0.25/debian/changelog 2019-01-16 12:51:14.0 +0100
@@ -1,3 +1,10 @@
+ncmpc (0.25-0.1+deb9u1) stretch; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix CVE-2018-9240 (Closes: #894724)
+
+ -- Geoffroy Youri Berret Wed, 16 Jan 2019 12:51:14 +0100
+
ncmpc (0.25-0.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch
--- ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 1970-01-01 01:00:00.0 +0100
+++ ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 2019-01-16 12:51:14.0 +0100
@@ -0,0 +1,19 @@
+Description: Fix NULL dereference on long messages
+Author: Jonathan Neuschäfer
+Origin: https://bugs.debian.org/894724
+Applied-Upstream: v0.30
+Last-Update: 2019-01-16
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/mpdclient.h
b/src/mpdclient.h
+@@ -76,6 +76,9 @@
+ static inline bool
+ mpdclient_finish_command(struct mpdclient *c)
+ {
++ if (!c->connection)
++ return false;
++
+ return mpd_response_finish(c->connection)
+ ? true : mpdclient_handle_error(c);
+ }
diff -Nru ncmpc-0.25/debian/patches/series ncmpc-0.25/debian/patches/series
--- ncmpc-0.25/debian/patches/series 2016-10-28 07:05:23.0 +0200
+++ ncmpc-0.25/debian/patches/series 2019-01-16 12:51:14.0 +0100
@@ -1 +1,2 @@
lirc.patch
+fix-CVE-2018-9240.patch
signature.asc
Description: OpenPGP digital signature
Bug#919576: stretch-pu: package ncmpc/0.25-0.1
Control: tags -1 + confirmed On Mon, 2019-01-28 at 14:35 +0100, kaliko wrote: > Hi Salvatore > > On 27/01/2019 09:14, Salvatore Bonaccorso wrote: > > On Thu, Jan 17, 2019 at 01:44:14PM +0100, kaliko wrote: [...] > > > Update fixing CVE-2018-9240 / #894724 > > […]> Please use for consistency (although that would be possible if > > 0.25-0.2 was never used) rather 0.25-0.1+deb9u1 for the version. > > I updated the patch according to your review (find attached). The diff you provided is reversed. Please feel free to upload the correctly-applied version. Regards, Adam
Bug#919576: stretch-pu: package ncmpc/0.25-0.1
Hi Salvatore
On 27/01/2019 09:14, Salvatore Bonaccorso wrote:
> On Thu, Jan 17, 2019 at 01:44:14PM +0100, kaliko wrote:
>> Package: release.debian.org
>> Severity: normal
>> Tags: stretch
>> User: release.debian@packages.debian.org
>> Usertags: pu
>>
> Hi
>
> Update fixing CVE-2018-9240 / #894724
> […]> Please use for consistency (although that would be possible if
> 0.25-0.2 was never used) rather 0.25-0.1+deb9u1 for the version.
I updated the patch according to your review (find attached).
I also pushed it in branch stretch-pu:
https://salsa.debian.org/kaliko-guest/ncmpc-gbp/tree/stretch-pu
Cheers
k
diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog
--- ncmpc-0.25/debian/changelog 2019-01-16 12:51:14.0 +0100
+++ ncmpc-0.25/debian/changelog 2016-11-10 08:32:55.0 +0100
@@ -1,10 +1,3 @@
-ncmpc (0.25-0.1+deb9u1) stretch; urgency=medium
-
- * Non-maintainer upload.
- * Fix CVE-2018-9240 (Closes: #894724)
-
- -- Geoffroy Youri Berret Wed, 16 Jan 2019 12:51:14 +0100
-
ncmpc (0.25-0.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch
--- ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 2019-01-16 12:51:14.0 +0100
+++ ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 1970-01-01 01:00:00.0 +0100
@@ -1,19 +0,0 @@
-Description: Fix NULL dereference on long messages
-Author: Jonathan Neuschäfer
-Origin: https://bugs.debian.org/894724
-Applied-Upstream: v0.30
-Last-Update: 2019-01-16
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
a/src/mpdclient.h
-+++ b/src/mpdclient.h
-@@ -76,6 +76,9 @@
- static inline bool
- mpdclient_finish_command(struct mpdclient *c)
- {
-+ if (!c->connection)
-+ return false;
-+
- return mpd_response_finish(c->connection)
- ? true : mpdclient_handle_error(c);
- }
diff -Nru ncmpc-0.25/debian/patches/series ncmpc-0.25/debian/patches/series
--- ncmpc-0.25/debian/patches/series 2019-01-16 12:51:14.0 +0100
+++ ncmpc-0.25/debian/patches/series 2016-11-10 08:32:55.0 +0100
@@ -1,2 +1 @@
lirc.patch
-fix-CVE-2018-9240.patch
signature.asc
Description: OpenPGP digital signature
Bug#919576: stretch-pu: package ncmpc/0.25-0.1
Hi,
On Thu, Jan 17, 2019 at 01:44:14PM +0100, kaliko wrote:
> Package: release.debian.org
> Severity: normal
> Tags: stretch
> User: release.debian@packages.debian.org
> Usertags: pu
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi
>
> Update fixing CVE-2018-9240 / #894724
>
> Source for this patch are on salsa, branch stretch-pu:
>
> https://salsa.debian.org/kaliko-guest/ncmpc-gbp/tree/stretch-pu
>
> - -8<---
>
> +--- a/src/mpdclient.h
> b/src/mpdclient.h
> +@@ -76,6 +76,9 @@
> + static inline bool
> + mpdclient_finish_command(struct mpdclient *c)
> + {
> ++if (!c->connection)
> ++return false;
> ++
> + return mpd_response_finish(c->connection)
> + ? true : mpdclient_handle_error(c);
> + }
>
> - ->8---
>
> See attached debdiff.
> Cheers
>
> -BEGIN PGP SIGNATURE-
>
> iQJGBAEBCgAwFiEEE5yJWkSiFjoTmimKdwOcUqy2lK4FAlxAeJ0SHGthbGlrb0Bh
> enlsdW0ub3JnAAoJEHcDnFKstpSuMYQP/ihkQJeHx8oyexwcnLyeYo1NJNPnMJTZ
> 6fkVMCSrlCtTw43zRDgKTbau6ODIygP8N+mD7eJzXIQmuToO5TkQNaZj1MBAxgMt
> PWiNQiJ/Lh/SAmZcGuvUpPMbu/puyiZhJFbMakaZtqoVmIFCnV2zqCMZ5rxM4lRb
> mRFyPnpn4bW7aXGSCM6AT1gqOkPpV/jIFvaF4c4wQXQvT67yGdC4NPP5cP8EpdgG
> ZJlK89EsWEifGe9vV8qEfUHRO4KN8/FD3KFqYpsiMgQ/a/T6QMnucQqXKnv8xdpr
> K9cyZiCn128Jb+a1qGBSKpdBWfw6NcBaDxIpNqb+qu6Coa3pNkrelf+T1Z+pA6lP
> 8zwola012bn3+HIkWP/BaSpbMO3A2SqU3bZuRZ/ooIbK+bYVQVTNnnoYm3dNjiv5
> roP5PcB/TjMA6Tg4VVWyz1qjSZ189bNIkZ7S5aIsg5NGtEB4RjZN9WSYqVL31pki
> UO3Ome6/YVtzxQ+msZsXmjP+4/pZZVORDEghtXOkmUhn55GgOZ5i5PVzbNZAV/AN
> 4EMCpUQmbQ1AWN2apflfa0TfSjTsUWXM8PRp3demxroRwjChhYhcscVK79GS5jUP
> 0t6wOSebgy47wSSo1ZkJtTJ1LcfexqwTONQs4o6hvHum6GIYUOpSlij7rU0MGbAw
> c+DTGh+iG3Ik
> =v9xZ
> -END PGP SIGNATURE-
> diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog
> --- ncmpc-0.25/debian/changelog 2016-10-28 07:05:23.0 +0200
> +++ ncmpc-0.25/debian/changelog 2019-01-16 12:51:14.0 +0100
> @@ -1,3 +1,10 @@
> +ncmpc (0.25-0.2) stretch; urgency=medium
Please use for consistency (although that would be possible if
0.25-0.2 was never used) rather 0.25-0.1+deb9u1 for the version.
Regards,
Salvatore
Bug#919576: stretch-pu: package ncmpc/0.25-0.1
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
Update fixing CVE-2018-9240 / #894724
Source for this patch are on salsa, branch stretch-pu:
https://salsa.debian.org/kaliko-guest/ncmpc-gbp/tree/stretch-pu
- -8<---
+--- a/src/mpdclient.h
b/src/mpdclient.h
+@@ -76,6 +76,9 @@
+ static inline bool
+ mpdclient_finish_command(struct mpdclient *c)
+ {
++ if (!c->connection)
++ return false;
++
+ return mpd_response_finish(c->connection)
+ ? true : mpdclient_handle_error(c);
+ }
- ->8---
See attached debdiff.
Cheers
-BEGIN PGP SIGNATURE-
iQJGBAEBCgAwFiEEE5yJWkSiFjoTmimKdwOcUqy2lK4FAlxAeJ0SHGthbGlrb0Bh
enlsdW0ub3JnAAoJEHcDnFKstpSuMYQP/ihkQJeHx8oyexwcnLyeYo1NJNPnMJTZ
6fkVMCSrlCtTw43zRDgKTbau6ODIygP8N+mD7eJzXIQmuToO5TkQNaZj1MBAxgMt
PWiNQiJ/Lh/SAmZcGuvUpPMbu/puyiZhJFbMakaZtqoVmIFCnV2zqCMZ5rxM4lRb
mRFyPnpn4bW7aXGSCM6AT1gqOkPpV/jIFvaF4c4wQXQvT67yGdC4NPP5cP8EpdgG
ZJlK89EsWEifGe9vV8qEfUHRO4KN8/FD3KFqYpsiMgQ/a/T6QMnucQqXKnv8xdpr
K9cyZiCn128Jb+a1qGBSKpdBWfw6NcBaDxIpNqb+qu6Coa3pNkrelf+T1Z+pA6lP
8zwola012bn3+HIkWP/BaSpbMO3A2SqU3bZuRZ/ooIbK+bYVQVTNnnoYm3dNjiv5
roP5PcB/TjMA6Tg4VVWyz1qjSZ189bNIkZ7S5aIsg5NGtEB4RjZN9WSYqVL31pki
UO3Ome6/YVtzxQ+msZsXmjP+4/pZZVORDEghtXOkmUhn55GgOZ5i5PVzbNZAV/AN
4EMCpUQmbQ1AWN2apflfa0TfSjTsUWXM8PRp3demxroRwjChhYhcscVK79GS5jUP
0t6wOSebgy47wSSo1ZkJtTJ1LcfexqwTONQs4o6hvHum6GIYUOpSlij7rU0MGbAw
c+DTGh+iG3Ik
=v9xZ
-END PGP SIGNATURE-
diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog
--- ncmpc-0.25/debian/changelog 2016-10-28 07:05:23.0 +0200
+++ ncmpc-0.25/debian/changelog 2019-01-16 12:51:14.0 +0100
@@ -1,3 +1,10 @@
+ncmpc (0.25-0.2) stretch; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix CVE-2018-9240 (Closes: #894724)
+
+ -- Geoffroy Youri Berret Wed, 16 Jan 2019 12:51:14 +0100
+
ncmpc (0.25-0.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch
ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch
--- ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 1970-01-01
01:00:00.0 +0100
+++ ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 2019-01-16
12:51:14.0 +0100
@@ -0,0 +1,19 @@
+Description: Fix NULL dereference on long messages
+Author: Jonathan Neuschäfer
+Origin: https://bugs.debian.org/894724
+Applied-Upstream: v0.30
+Last-Update: 2019-01-16
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/mpdclient.h
b/src/mpdclient.h
+@@ -76,6 +76,9 @@
+ static inline bool
+ mpdclient_finish_command(struct mpdclient *c)
+ {
++ if (!c->connection)
++ return false;
++
+ return mpd_response_finish(c->connection)
+ ? true : mpdclient_handle_error(c);
+ }
diff -Nru ncmpc-0.25/debian/patches/series ncmpc-0.25/debian/patches/series
--- ncmpc-0.25/debian/patches/series2016-10-28 07:05:23.0 +0200
+++ ncmpc-0.25/debian/patches/series2019-01-16 12:51:14.0 +0100
@@ -1 +1,2 @@
lirc.patch
+fix-CVE-2018-9240.patch
