Bug#919576: stretch-pu: package ncmpc/0.25-0.1
On Tue, 2019-02-05 at 09:09 +0100, kaliko wrote: > Shame /o\ > > On 04/02/2019 22:26, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Mon, 2019-01-28 at 14:35 +0100, kaliko wrote: > > > On 27/01/2019 09:14, Salvatore Bonaccorso wrote: > > > > On Thu, Jan 17, 2019 at 01:44:14PM +0100, kaliko wrote: > > > > [...] > > > > > Update fixing CVE-2018-9240 / #894724 > > > > > > > > […]> Please use for consistency (although that would be > > > > possible if > > > > 0.25-0.2 was never used) rather 0.25-0.1+deb9u1 for the > > > > version. > > > > > > I updated the patch according to your review (find attached). > > > > The diff you provided is reversed. Please feel free to upload the > > correctly-applied version. > > > Sorry for that, here is the correct patch. As per the above, please feel free to upload. :-) Regards, Adam
Bug#919576: stretch-pu: package ncmpc/0.25-0.1
Shame /o\ On 04/02/2019 22:26, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Mon, 2019-01-28 at 14:35 +0100, kaliko wrote: >> On 27/01/2019 09:14, Salvatore Bonaccorso wrote: >>> On Thu, Jan 17, 2019 at 01:44:14PM +0100, kaliko wrote: > [...] Update fixing CVE-2018-9240 / #894724 >>> […]> Please use for consistency (although that would be possible if >>> 0.25-0.2 was never used) rather 0.25-0.1+deb9u1 for the version. >> >> I updated the patch according to your review (find attached). > > The diff you provided is reversed. Please feel free to upload the > correctly-applied version. Sorry for that, here is the correct patch. Thanks k diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog --- ncmpc-0.25/debian/changelog 2016-10-28 07:05:23.0 +0200 +++ ncmpc-0.25/debian/changelog 2019-01-16 12:51:14.0 +0100 @@ -1,3 +1,10 @@ +ncmpc (0.25-0.1+deb9u1) stretch; urgency=medium + + * Non-maintainer upload. + * Fix CVE-2018-9240 (Closes: #894724) + + -- Geoffroy Youri Berret Wed, 16 Jan 2019 12:51:14 +0100 + ncmpc (0.25-0.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch --- ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 1970-01-01 01:00:00.0 +0100 +++ ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 2019-01-16 12:51:14.0 +0100 @@ -0,0 +1,19 @@ +Description: Fix NULL dereference on long messages +Author: Jonathan Neuschäfer +Origin: https://bugs.debian.org/894724 +Applied-Upstream: v0.30 +Last-Update: 2019-01-16 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/src/mpdclient.h b/src/mpdclient.h +@@ -76,6 +76,9 @@ + static inline bool + mpdclient_finish_command(struct mpdclient *c) + { ++ if (!c->connection) ++ return false; ++ + return mpd_response_finish(c->connection) + ? true : mpdclient_handle_error(c); + } diff -Nru ncmpc-0.25/debian/patches/series ncmpc-0.25/debian/patches/series --- ncmpc-0.25/debian/patches/series 2016-10-28 07:05:23.0 +0200 +++ ncmpc-0.25/debian/patches/series 2019-01-16 12:51:14.0 +0100 @@ -1 +1,2 @@ lirc.patch +fix-CVE-2018-9240.patch signature.asc Description: OpenPGP digital signature
Bug#919576: stretch-pu: package ncmpc/0.25-0.1
Control: tags -1 + confirmed On Mon, 2019-01-28 at 14:35 +0100, kaliko wrote: > Hi Salvatore > > On 27/01/2019 09:14, Salvatore Bonaccorso wrote: > > On Thu, Jan 17, 2019 at 01:44:14PM +0100, kaliko wrote: [...] > > > Update fixing CVE-2018-9240 / #894724 > > […]> Please use for consistency (although that would be possible if > > 0.25-0.2 was never used) rather 0.25-0.1+deb9u1 for the version. > > I updated the patch according to your review (find attached). The diff you provided is reversed. Please feel free to upload the correctly-applied version. Regards, Adam
Bug#919576: stretch-pu: package ncmpc/0.25-0.1
Hi Salvatore On 27/01/2019 09:14, Salvatore Bonaccorso wrote: > On Thu, Jan 17, 2019 at 01:44:14PM +0100, kaliko wrote: >> Package: release.debian.org >> Severity: normal >> Tags: stretch >> User: release.debian@packages.debian.org >> Usertags: pu >> > Hi > > Update fixing CVE-2018-9240 / #894724 > […]> Please use for consistency (although that would be possible if > 0.25-0.2 was never used) rather 0.25-0.1+deb9u1 for the version. I updated the patch according to your review (find attached). I also pushed it in branch stretch-pu: https://salsa.debian.org/kaliko-guest/ncmpc-gbp/tree/stretch-pu Cheers k diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog --- ncmpc-0.25/debian/changelog 2019-01-16 12:51:14.0 +0100 +++ ncmpc-0.25/debian/changelog 2016-11-10 08:32:55.0 +0100 @@ -1,10 +1,3 @@ -ncmpc (0.25-0.1+deb9u1) stretch; urgency=medium - - * Non-maintainer upload. - * Fix CVE-2018-9240 (Closes: #894724) - - -- Geoffroy Youri Berret Wed, 16 Jan 2019 12:51:14 +0100 - ncmpc (0.25-0.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch --- ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 2019-01-16 12:51:14.0 +0100 +++ ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 1970-01-01 01:00:00.0 +0100 @@ -1,19 +0,0 @@ -Description: Fix NULL dereference on long messages -Author: Jonathan Neuschäfer -Origin: https://bugs.debian.org/894724 -Applied-Upstream: v0.30 -Last-Update: 2019-01-16 -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ a/src/mpdclient.h -+++ b/src/mpdclient.h -@@ -76,6 +76,9 @@ - static inline bool - mpdclient_finish_command(struct mpdclient *c) - { -+ if (!c->connection) -+ return false; -+ - return mpd_response_finish(c->connection) - ? true : mpdclient_handle_error(c); - } diff -Nru ncmpc-0.25/debian/patches/series ncmpc-0.25/debian/patches/series --- ncmpc-0.25/debian/patches/series 2019-01-16 12:51:14.0 +0100 +++ ncmpc-0.25/debian/patches/series 2016-11-10 08:32:55.0 +0100 @@ -1,2 +1 @@ lirc.patch -fix-CVE-2018-9240.patch signature.asc Description: OpenPGP digital signature
Bug#919576: stretch-pu: package ncmpc/0.25-0.1
Hi, On Thu, Jan 17, 2019 at 01:44:14PM +0100, kaliko wrote: > Package: release.debian.org > Severity: normal > Tags: stretch > User: release.debian@packages.debian.org > Usertags: pu > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi > > Update fixing CVE-2018-9240 / #894724 > > Source for this patch are on salsa, branch stretch-pu: > > https://salsa.debian.org/kaliko-guest/ncmpc-gbp/tree/stretch-pu > > - -8<--- > > +--- a/src/mpdclient.h > b/src/mpdclient.h > +@@ -76,6 +76,9 @@ > + static inline bool > + mpdclient_finish_command(struct mpdclient *c) > + { > ++if (!c->connection) > ++return false; > ++ > + return mpd_response_finish(c->connection) > + ? true : mpdclient_handle_error(c); > + } > > - ->8--- > > See attached debdiff. > Cheers > > -BEGIN PGP SIGNATURE- > > iQJGBAEBCgAwFiEEE5yJWkSiFjoTmimKdwOcUqy2lK4FAlxAeJ0SHGthbGlrb0Bh > enlsdW0ub3JnAAoJEHcDnFKstpSuMYQP/ihkQJeHx8oyexwcnLyeYo1NJNPnMJTZ > 6fkVMCSrlCtTw43zRDgKTbau6ODIygP8N+mD7eJzXIQmuToO5TkQNaZj1MBAxgMt > PWiNQiJ/Lh/SAmZcGuvUpPMbu/puyiZhJFbMakaZtqoVmIFCnV2zqCMZ5rxM4lRb > mRFyPnpn4bW7aXGSCM6AT1gqOkPpV/jIFvaF4c4wQXQvT67yGdC4NPP5cP8EpdgG > ZJlK89EsWEifGe9vV8qEfUHRO4KN8/FD3KFqYpsiMgQ/a/T6QMnucQqXKnv8xdpr > K9cyZiCn128Jb+a1qGBSKpdBWfw6NcBaDxIpNqb+qu6Coa3pNkrelf+T1Z+pA6lP > 8zwola012bn3+HIkWP/BaSpbMO3A2SqU3bZuRZ/ooIbK+bYVQVTNnnoYm3dNjiv5 > roP5PcB/TjMA6Tg4VVWyz1qjSZ189bNIkZ7S5aIsg5NGtEB4RjZN9WSYqVL31pki > UO3Ome6/YVtzxQ+msZsXmjP+4/pZZVORDEghtXOkmUhn55GgOZ5i5PVzbNZAV/AN > 4EMCpUQmbQ1AWN2apflfa0TfSjTsUWXM8PRp3demxroRwjChhYhcscVK79GS5jUP > 0t6wOSebgy47wSSo1ZkJtTJ1LcfexqwTONQs4o6hvHum6GIYUOpSlij7rU0MGbAw > c+DTGh+iG3Ik > =v9xZ > -END PGP SIGNATURE- > diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog > --- ncmpc-0.25/debian/changelog 2016-10-28 07:05:23.0 +0200 > +++ ncmpc-0.25/debian/changelog 2019-01-16 12:51:14.0 +0100 > @@ -1,3 +1,10 @@ > +ncmpc (0.25-0.2) stretch; urgency=medium Please use for consistency (although that would be possible if 0.25-0.2 was never used) rather 0.25-0.1+deb9u1 for the version. Regards, Salvatore
Bug#919576: stretch-pu: package ncmpc/0.25-0.1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Update fixing CVE-2018-9240 / #894724 Source for this patch are on salsa, branch stretch-pu: https://salsa.debian.org/kaliko-guest/ncmpc-gbp/tree/stretch-pu - -8<--- +--- a/src/mpdclient.h b/src/mpdclient.h +@@ -76,6 +76,9 @@ + static inline bool + mpdclient_finish_command(struct mpdclient *c) + { ++ if (!c->connection) ++ return false; ++ + return mpd_response_finish(c->connection) + ? true : mpdclient_handle_error(c); + } - ->8--- See attached debdiff. Cheers -BEGIN PGP SIGNATURE- iQJGBAEBCgAwFiEEE5yJWkSiFjoTmimKdwOcUqy2lK4FAlxAeJ0SHGthbGlrb0Bh enlsdW0ub3JnAAoJEHcDnFKstpSuMYQP/ihkQJeHx8oyexwcnLyeYo1NJNPnMJTZ 6fkVMCSrlCtTw43zRDgKTbau6ODIygP8N+mD7eJzXIQmuToO5TkQNaZj1MBAxgMt PWiNQiJ/Lh/SAmZcGuvUpPMbu/puyiZhJFbMakaZtqoVmIFCnV2zqCMZ5rxM4lRb mRFyPnpn4bW7aXGSCM6AT1gqOkPpV/jIFvaF4c4wQXQvT67yGdC4NPP5cP8EpdgG ZJlK89EsWEifGe9vV8qEfUHRO4KN8/FD3KFqYpsiMgQ/a/T6QMnucQqXKnv8xdpr K9cyZiCn128Jb+a1qGBSKpdBWfw6NcBaDxIpNqb+qu6Coa3pNkrelf+T1Z+pA6lP 8zwola012bn3+HIkWP/BaSpbMO3A2SqU3bZuRZ/ooIbK+bYVQVTNnnoYm3dNjiv5 roP5PcB/TjMA6Tg4VVWyz1qjSZ189bNIkZ7S5aIsg5NGtEB4RjZN9WSYqVL31pki UO3Ome6/YVtzxQ+msZsXmjP+4/pZZVORDEghtXOkmUhn55GgOZ5i5PVzbNZAV/AN 4EMCpUQmbQ1AWN2apflfa0TfSjTsUWXM8PRp3demxroRwjChhYhcscVK79GS5jUP 0t6wOSebgy47wSSo1ZkJtTJ1LcfexqwTONQs4o6hvHum6GIYUOpSlij7rU0MGbAw c+DTGh+iG3Ik =v9xZ -END PGP SIGNATURE- diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog --- ncmpc-0.25/debian/changelog 2016-10-28 07:05:23.0 +0200 +++ ncmpc-0.25/debian/changelog 2019-01-16 12:51:14.0 +0100 @@ -1,3 +1,10 @@ +ncmpc (0.25-0.2) stretch; urgency=medium + + * Non-maintainer upload. + * Fix CVE-2018-9240 (Closes: #894724) + + -- Geoffroy Youri Berret Wed, 16 Jan 2019 12:51:14 +0100 + ncmpc (0.25-0.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch --- ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 1970-01-01 01:00:00.0 +0100 +++ ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 2019-01-16 12:51:14.0 +0100 @@ -0,0 +1,19 @@ +Description: Fix NULL dereference on long messages +Author: Jonathan Neuschäfer +Origin: https://bugs.debian.org/894724 +Applied-Upstream: v0.30 +Last-Update: 2019-01-16 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/src/mpdclient.h b/src/mpdclient.h +@@ -76,6 +76,9 @@ + static inline bool + mpdclient_finish_command(struct mpdclient *c) + { ++ if (!c->connection) ++ return false; ++ + return mpd_response_finish(c->connection) + ? true : mpdclient_handle_error(c); + } diff -Nru ncmpc-0.25/debian/patches/series ncmpc-0.25/debian/patches/series --- ncmpc-0.25/debian/patches/series2016-10-28 07:05:23.0 +0200 +++ ncmpc-0.25/debian/patches/series2019-01-16 12:51:14.0 +0100 @@ -1 +1,2 @@ lirc.patch +fix-CVE-2018-9240.patch