--- Begin Message ---
Package: sponsorship-requests
Severity: important
Dear mentors,
I am looking for a sponsor for my package "terminology"
* Package name : terminology
Version : 0.9.1-0.1
Upstream Author : Enlightenment team
* URL : https://www.enlightenment.org/about-terminology
* License : BSD
Section : x11
It builds those binary packages:
terminology - Enlightenment efl based terminal emulator
terminology-data - Enlightenment efl based terminal emulator data
To access further information about this package, please visit the
following URL:
https://mentors.debian.net/package/terminology
Alternatively, one can download the package with dget using this command:
dget -x https://mentors.debian.net/debian/pool/main/t/terminology/terminology_0.9.1-0.1.dsc
Changes since the last upload:
[ Ross Vandegrift ]
* Non-maintainer upload.
* New upstream release
- Fix for "CVE-2015-8971: Escape Sequence Command Execution
vulnerability" (Closes: #843434)
* Enable build hardening options
* Suggest libemotion-players for media support (Closes: #773057, #766705)
* Reformat package descriptions (Closes: #779494, #782082)
* Use secure Vcs- URLs in debian/control
* Bump Standards-Version to 3.9.8
* fix-minus-signs-manpage.patch: drop patch, fixed upstream
* use-system-lz4.patch: defuzz
* fix-del-backspace-key.patch: defuzz
* Provide x-terminal-emulator alternative (Closes: #774111)
* debian/copyright: remove unused ltmain.sh paragraph
* Add gbp.conf and notes on usage in README.source
[ Nicolas Braud-Santoni ]
* Normalize links and use HTTPS
Regards,
Ross Vandegrift
--- End Message ---
--- Begin Message ---
On Mon, Nov 21, 2016 at 07:07:25PM -0500, Ross Vandegrift wrote:
> On Mon, Nov 21, 2016 at 05:46:24PM -0500, Ross Vandegrift wrote:
> > So I'll prepare another version that consists only of the security fix
> > backported to jessie. The new version will wait for experimental.
>
> Here it is, this time just adopting and fixing the security issue:
> https://mentors.debian.net/debian/pool/main/t/terminology/terminology_0.7.0-2.dsc
>
> No problems with creating new tabs. Updated changelog:
>
> * New Maintainer. Thanks to Anthony for original work. (Closes: #844244)
> * Fix for "CVE-2015-8971: Escape Sequence Command Execution vulnerability"
> backported from upstream rev b80bedc. (Closes: #843434)
Alas, that version doesn't seem that stable either. By randomly going
around options, I got a segfault while changing theme to "nyanology".
I tried to reproduce that crash, without luck; the core I got points to
libedje1 which has no -dbg nor -dbgsym available.
But, it's obviously not a fault of your changes which are really minimal.
I've uploaded as-is, as we really don't want an exploitable bug, other
problems can be investigated at a less urgent pace.
Backtrace from that core attached.
--
An imaginary friend squared is a real enemy.
Reading symbols from /usr/bin/terminology...Reading symbols from /usr/lib/debug/.build-id/d5/f287651afff72e3a0706ae310e000953705572.debug...done.
done.
[New LWP 32165]
[New LWP 32166]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `terminology'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007ff611906a86 in ?? () from /usr/lib/x86_64-linux-gnu/libedje.so.1
[Current thread is 1 (Thread 0x7ff6137211c0 (LWP 32165))]
(gdb) bt
#0 0x00007ff611906a86 in ?? () from /usr/lib/x86_64-linux-gnu/libedje.so.1
#1 0x00007ff611909b19 in ?? () from /usr/lib/x86_64-linux-gnu/libedje.so.1
#2 0x00007ff6119646fd in ?? () from /usr/lib/x86_64-linux-gnu/libedje.so.1
#3 0x00007ff6116d3545 in ?? () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#4 0x00007ff6116d6e5a in eo_do_internal () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#5 0x00007ff61195928e in edje_object_part_swallow () from /usr/lib/x86_64-linux-gnu/libedje.so.1
#6 0x0000558c7a1d2310 in _split_tabcount_update (tm=<optimized out>, sp=<optimized out>) at main.c:182
#7 0x00007ff612421114 in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#8 0x00007ff6116dbfa7 in ?? () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#9 0x00007ff6116d3545 in ?? () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#10 0x00007ff6116d6e5a in eo_do_internal () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#11 0x00007ff6124215a5 in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#12 0x00007ff6124215ff in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#13 0x00007ff61242a4b9 in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#14 0x00007ff6116d3545 in ?? () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#15 0x00007ff6116d6e5a in eo_do_internal () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#16 0x00007ff61242e20b in evas_event_feed_mouse_move () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#17 0x00007ff612424c6e in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#18 0x00007ff6116d3545 in ?? () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#19 0x00007ff6116d6e5a in eo_do_internal () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#20 0x00007ff612450ba1 in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#21 0x00007ff6116d3545 in ?? () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#22 0x00007ff6116d6e5a in eo_do_internal () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#23 0x00007ff6116d6ef5 in eo_do_internal () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#24 0x00007ff61193d976 in ?? () from /usr/lib/x86_64-linux-gnu/libedje.so.1
#25 0x00007ff61193e110 in ?? () from /usr/lib/x86_64-linux-gnu/libedje.so.1
#26 0x00007ff61194fa4b in ?? () from /usr/lib/x86_64-linux-gnu/libedje.so.1
#27 0x00007ff6116d3545 in ?? () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#28 0x00007ff6116d6e5a in eo_do_internal () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#29 0x00007ff61193cb6e in edje_object_file_set () from /usr/lib/x86_64-linux-gnu/libedje.so.1
#30 0x0000558c7a1f857e in theme_apply (edje=0x800000bb400005db, config=0x558c7c301bf0,
group=0x558c7a1fb8c7 "terminology/background") at utils.c:39
#31 0x0000558c7a1d3de1 in change_theme (win=<optimized out>, config=0x558c7c301bf0) at main.c:129
#32 0x00007ff6131f02b7 in ?? () from /usr/lib/x86_64-linux-gnu/libelementary.so.2
#33 0x00007ff612421114 in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#34 0x00007ff6116dbfa7 in ?? () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#35 0x00007ff6116d3545 in ?? () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#36 0x00007ff6116d6e5a in eo_do_internal () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#37 0x00007ff612421693 in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#38 0x00007ff6124215ff in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#39 0x00007ff6124215ff in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#40 0x00007ff6124215ff in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
---Type <return> to continue, or q <return> to quit---
#41 0x00007ff6124215ff in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#42 0x00007ff6124215ff in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#43 0x00007ff6124215ff in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#44 0x00007ff6124215ff in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#45 0x00007ff6124215ff in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#46 0x00007ff6124215ff in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#47 0x00007ff61242ecf2 in ?? () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#48 0x00007ff6116d3545 in ?? () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#49 0x00007ff6116d6e5a in eo_do_internal () from /usr/lib/x86_64-linux-gnu/libeo.so.1
#50 0x00007ff61242d69b in evas_event_feed_mouse_up () from /usr/lib/x86_64-linux-gnu/libevas.so.1
#51 0x00007ff60d10a24e in ?? () from /usr/lib/x86_64-linux-gnu/libecore_input_evas.so.1
#52 0x00007ff6121d1605 in ?? () from /usr/lib/x86_64-linux-gnu/libecore.so.1
#53 0x00007ff6121d7c79 in ?? () from /usr/lib/x86_64-linux-gnu/libecore.so.1
#54 0x00007ff6121d7f67 in ecore_main_loop_begin () from /usr/lib/x86_64-linux-gnu/libecore.so.1
#55 0x0000558c7a1d4eda in elm_main (argc=<optimized out>, argv=<optimized out>) at main.c:3370
#56 0x00007ff60fa6e2b1 in __libc_start_main (main=0x558c7a1c9890 <main>, argc=1, argv=0x7ffc9c773ab8,
init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc9c773aa8)
at ../csu/libc-start.c:291
#57 0x0000558c7a1c98fa in _start ()
--- End Message ---