tags 475279 + patch pending
tags 555232 + patch pending
tags 555233 + patch pending
tags 560468 + patch pending
thanks
Dear maintainer,
I've prepared an NMU for mediatomb (versioned as 0.12.0~svn2018-4.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
I updated "mediatomb-get-orig-source" to remove the embedded
prototype.js and use the one from the Debian package libjs-prototype,
which seems to work fine with the Web UI.
Regards.
--
Mehdi Dogguy
diff -u mediatomb-0.12.0~svn2018/debian/changelog mediatomb-0.12.0~svn2018/debian/changelog
--- mediatomb-0.12.0~svn2018/debian/changelog
+++ mediatomb-0.12.0~svn2018/debian/changelog
@@ -1,3 +1,21 @@
+mediatomb (0.12.0~svn2018-4.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix FTBFS due to invalid string constant to char* conversion in
+ src/tools.cc (added const_char_conversion.patch) (Closes: #560468)
+ * Fix non-uninstallability of mediatomb-daemon, thanks to Raul Sanchez
+ Siles for the hint (Closes: #562372)
+ * Fix security issue in prototype.js (CVE-2008-7720 and CVE-2007-2383)
+ by using the one from the Debian package libjs-prototype
+ (Closes: #555232, #555233, #475279)
+ + set urgency to medium
+ + Make mediatomb-common depend on libjs-prototype
+ + Set a symbolic link to prototype.js using mediatomb-common.links
+ + Update mediatomb-get-orig-source in order to remove "prototype.js"
+ for future releases.
+
+ -- Mehdi Dogguy <me...@debian.org> Tue, 02 Feb 2010 00:37:16 +0100
+
mediatomb (0.12.0~svn2018-4) unstable; urgency=low
[ Andreas Henriksson ]
diff -u mediatomb-0.12.0~svn2018/debian/rules mediatomb-0.12.0~svn2018/debian/rules
--- mediatomb-0.12.0~svn2018/debian/rules
+++ mediatomb-0.12.0~svn2018/debian/rules
@@ -92,6 +92,7 @@
$(CURDIR)/debian/tmp/usr/share/pixmaps/mediatomb.xpm
install -D -m 0644 debian/mediatomb.desktop \
$(CURDIR)/debian/tmp/usr/share/applications/mediatomb.desktop
+ $(RM) -f $(CURDIR)/debian/tmp/usr/share/mediatomb/web/js/prototype.js
override_dh_install:
dh_install --sourcedir=debian/tmp
diff -u mediatomb-0.12.0~svn2018/debian/control mediatomb-0.12.0~svn2018/debian/control
--- mediatomb-0.12.0~svn2018/debian/control
+++ mediatomb-0.12.0~svn2018/debian/control
@@ -16,7 +16,7 @@
Package: mediatomb-common
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, libjs-prototype
Description: UPnP MediaServer (base package)
MediaTomb is an UPnP MediaServer with a nice web user interface, it allows you
to stream your digital media through your home network and listen to/watch it
diff -u mediatomb-0.12.0~svn2018/debian/mediatomb-get-orig-source mediatomb-0.12.0~svn2018/debian/mediatomb-get-orig-source
--- mediatomb-0.12.0~svn2018/debian/mediatomb-get-orig-source
+++ mediatomb-0.12.0~svn2018/debian/mediatomb-get-orig-source
@@ -47,6 +47,9 @@
rm -rf $SVN_DIR
done
+ # Remove embeded prototype.js
+ find mediatomb-$MEDIATOMB_VERSION -name "prototype.js" -delete
+
# Create configure_aux directory in top source directory
mkdir mediatomb-$MEDIATOMB_VERSION/configure_aux
echo "Dummy file so configure_aux shows up in svn. Ignore this file." \
diff -u mediatomb-0.12.0~svn2018/debian/mediatomb-daemon.postrm mediatomb-0.12.0~svn2018/debian/mediatomb-daemon.postrm
--- mediatomb-0.12.0~svn2018/debian/mediatomb-daemon.postrm
+++ mediatomb-0.12.0~svn2018/debian/mediatomb-daemon.postrm
@@ -7,10 +7,10 @@
if [ "$1" = "purge" ] ; then
rm -rf /var/log/mediatomb /var/log/mediatomb* \
/var/run/mediatomb.pid /var/lib/mediatomb
- deluser mediatomb || true
- delgroup mediatomb || true
dpkg-statoverride --remove /etc/mediatomb/config.xml
dpkg-statoverride --remove /var/lib/mediatomb
+ deluser mediatomb || true
+ delgroup mediatomb || true
fi
#DEBHELPER#
diff -u mediatomb-0.12.0~svn2018/debian/patches/series mediatomb-0.12.0~svn2018/debian/patches/series
--- mediatomb-0.12.0~svn2018/debian/patches/series
+++ mediatomb-0.12.0~svn2018/debian/patches/series
@@ -4,0 +5 @@
+const_char_conversion.patch
only in patch2:
unchanged:
--- mediatomb-0.12.0~svn2018.orig/debian/mediatomb-common.links
+++ mediatomb-0.12.0~svn2018/debian/mediatomb-common.links
@@ -0,0 +1 @@
+/usr/share/javascript/prototype/prototype.js /usr/share/mediatomb/web/js/prototype.js
only in patch2:
unchanged:
--- mediatomb-0.12.0~svn2018.orig/debian/patches/const_char_conversion.patch
+++ mediatomb-0.12.0~svn2018/debian/patches/const_char_conversion.patch
@@ -0,0 +1,45 @@
+--- a/src/tools.cc
++++ b/src/tools.cc
+@@ -297,14 +297,14 @@
+
+ String hex_decode_string(String encoded)
+ {
+- char *ptr = encoded.c_str();
++ char *ptr = const_cast<char *>(encoded.c_str());
+ int len = encoded.length();
+
+ Ref<StringBuffer> buf(new StringBuffer(len / 2));
+ for (int i = 0; i < len; i += 2)
+ {
+- char *chi = strchr(HEX_CHARS, ptr[i]);
+- char *clo = strchr(HEX_CHARS, ptr[i + 1]);
++ char *chi = strchr(const_cast<char *>(HEX_CHARS), ptr[i]);
++ char *clo = strchr(const_cast<char *>(HEX_CHARS), ptr[i + 1]);
+ int hi, lo;
+
+ if (chi)
+@@ -381,7 +381,7 @@
+
+ String url_unescape(String str)
+ {
+- char *data = str.c_str();
++ char *data = const_cast<char *>(str.c_str());
+ int len = str.length();
+ Ref<StringBuffer> buf(new StringBuffer(len));
+
+@@ -399,13 +399,13 @@
+
+ char *pos;
+
+- pos = strchr(hex, chi);
++ pos = strchr(const_cast<char *>(hex), chi);
+ if (!pos)
+ hi = 0;
+ else
+ hi = pos - hex;
+
+- pos = strchr(hex, clo);
++ pos = strchr(const_cast<char *>(hex), clo);
+ if (!pos)
+ lo = 0;
+ else
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
