Dear Maintainer,
there is a new upstream version, which fixes this issue. Please, could you integrate this critical patch in bookworm?
Here the link: http://ftp.gnu.org/gnu/cgicc/cgicc-3.2.20.tar.gz
With best regards
Andreas
--
team member “long-term preservation“
Saxon State- and University Library Dresden (SLUB)
Department 2 (IT), Division 2.3 (infrastructure and digital long-term preservation)
Zellescher Weg 18 | 01069 Dresden
phone: +49 351 4677 763
E-Mail: Andreas.Romeyke@slub-dresden.de
http://www.slub-dresden.de/ | @slubdresden
> -----Ursprüngliche Nachricht-----
> Von: Romeyke, Andreas
> Gesendet: Freitag, 23. Juli 2021 13:01
> An: '985941@bugs.debian.org' <985941@bugs.debian.org>
> Betreff: Fix available (attached): Bug#985941: Acknowledgement (libcgicc3:
> wrong file length if file upload via POST as "multipart/form-data")
>
>
> Dear Maintainer,
>
> the fix is very easy:
>
> The problem is the line 494 in Cgicc.cpp, the '-2' is wrong, because at end of
> file content there is no trailing \r\n. The comment in lin 492 is wrong, too.
>
> The fix is easy:
> --------------------------------------------
> Index: cgicc/Cgicc.cpp
> ==========================================================
> =========
> RCS file: /sources/cgicc/cgicc/cgicc/Cgicc.cpp,v
> retrieving revision 1.34
> diff -b -d -u -r1.34 Cgicc.cpp
> --- cgicc/Cgicc.cpp 23 Apr 2014 20:55:04 -0000 1.34
> +++ cgicc/Cgicc.cpp 23 Jul 2021 10:25:58 -0000
> @@ -489,9 +489,9 @@
> if(std::string::npos == headLimit)
> throw std::runtime_error("Malformed input");
>
> - // Extract the value - there is still a trailing CR/LF to be subtracted off
> + // Extract the value
> std::string::size_type valueStart = headLimit + end.length();
> - std::string value = data.substr(valueStart, data.length() - valueStart - 2);
> + std::string value = data.substr(valueStart, data.length() -
> + valueStart);
>
> // Parse the header - pass trailing CR/LF x 2 to parseHeader
> MultipartHeader head = parseHeader(data.substr(0, valueStart));
> --------------------------------------------
>
> With best regards
>
> Andreas
> --
> team member “long-term preservation“
>
> Saxon State- and University Library Dresden (SLUB) Department 2 (IT),
> Division 2.3 (infrastructure and digital long-term preservation) Zellescher
> Weg 18 | 01069 Dresden
> phone: +49 351 4677 763
> E-Mail: Andreas.Romeyke@slub-dresden.de http://www.slub-dresden.de/
> | @slubdresden
>
>
> -----Ursprüngliche Nachricht-----
> Von: Debian Bug Tracking System <owner@bugs.debian.org>
> Gesendet: Freitag, 26. März 2021 14:27
> An: Romeyke, Andreas <Andreas.Romeyke@slub-dresden.de>
> Betreff: Bug#985941: Acknowledgement (libcgicc3: wrong file length if file
> upload via POST as "multipart/form-data")
>
> Thank you for filing a new Bug report with Debian.
>
> You can follow progress on this Bug here: 985941:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985941.
>
> This is an automatically generated reply to let you know your message has
> been received.
>
> Your message is being forwarded to the package maintainers and other
> interested parties for their attention; they will reply in due course.
>
> Your message has been sent to the package maintainer(s):
> Chris Butler <chrisb@debian.org>
>
> If you wish to submit further information on this problem, please send it to
> 985941@bugs.debian.org.
>
> Please do not send mail to owner@bugs.debian.org unless you wish to
> report a problem with the Bug-tracking system.
>
> --
> 985941: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985941
> Debian Bug Tracking System
> Contact owner@bugs.debian.org with problems
Attachment:
smime.p7s
Description: S/MIME cryptographic signature