Re: T minus 19 hours; outstanding issues?

To: debian-release@lists.debian.org
Subject: Re: T minus 19 hours; outstanding issues?
From: Domenico Andreoli <cavok@debian.org>
Date: Sat, 4 Jun 2005 09:20:41 +0200
Message-id: <[🔎] 20050604072040.GA4559@raptus.dandreoli.com>
Mail-followup-to: debian-release@lists.debian.org
In-reply-to: <[🔎] 20050604002951.GA10761@nevyn.them.org>
References: <[🔎] 20050604001920.GD31133@mauritius.dodds.net> <[🔎] 20050604002951.GA10761@nevyn.them.org>

On Fri, Jun 03, 2005 at 08:29:52PM -0400, Daniel Jacobowitz wrote:
> On Fri, Jun 03, 2005 at 05:19:20PM -0700, Steve Langasek wrote:
> > Ok, here's a rundown of issues I know are outstanding at this point, that we
> > need to try to get cleaned up before release:
> > 
> > snort 2.3.2-3 (bug #311257, bug #311263): missing build on hppa; serious
> >  bugs only; could be pushed in on all archs but hppa and synced up at point
> >  release time.
> > 
> > openldap2.2 2.2.23-8 (bug #255276, #308234): missing build on hppa; rather
> >  ugly bugs, but again we could sync archs in a point release.
> > 
> > samba 3.0.14a-4 (bug #310982): missing build on mipsel; security fix, can be
> >  synced after release.
> 
> If you're syncing security fixes missing on only one architecture,
> should gdb 6.3-6 go in also?

i'd have... ahem..  curl with #310948 (it _was_ grave :}), going into archive tomorrow... :}

$ debdiff curl_7.13.2-2.dsc curl_7.13.2-3.dsc
diff -u curl-7.13.2/debian/changelog curl-7.13.2/debian/changelog
--- curl-7.13.2/debian/changelog
+++ curl-7.13.2/debian/changelog
@@ -1,3 +1,10 @@
+curl (7.13.2-3) unstable; urgency=high
+
+  * HTTP response headers with null bytes are now correctly managed
+    (closes: #310948).
+
+ -- Domenico Andreoli <cavok@debian.org>  Fri,  3 Jun 2005 23:59:30 +0200
+
 curl (7.13.2-2) unstable; urgency=low
 
   * Fixed conditional build of package libcurl3-gssapi
only in patch2:
unchanged:
--- curl-7.13.2.orig/lib/transfer.c
+++ curl-7.13.2/lib/transfer.c
@@ -355,7 +355,7 @@
             /* str_start is start of line within buf */
             k->str_start = k->str;
 
-            k->end_ptr = strchr (k->str_start, '\n');
+            k->end_ptr = memchr(k->str_start, '\n', nread);
 
             if (!k->end_ptr) {
               /* Not a complete header line within buffer, append the data to
@@ -423,7 +423,7 @@
             }
 
             /* copy to end of line */
-            strncpy (k->hbufp, k->str_start, full_length);
+            memcpy(k->hbufp, k->str_start, full_length);
             k->hbufp += full_length;
             k->hbuflen += full_length;
             *k->hbufp = 0;


> Not a big deal if it doesn't.  It's not important as security fixes go.

same here.

cheers
domenico

-----[ Domenico Andreoli, aka cavok
 --[ http://people.debian.org/~cavok/gpgkey.asc
   ---[ 3A0F 2F80 F79C 678A 8936  4FEE 0677 9033 A20E BC50

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- T minus 19 hours; outstanding issues?
  - From: Steve Langasek <vorlon@debian.org>
- Re: T minus 19 hours; outstanding issues?
  - From: Daniel Jacobowitz <dan@debian.org>

Prev by Date: Re: T minus 19 hours; outstanding issues?
Next by Date: Re: Please consider samba 3.0.14a-4 for sarge
Previous by thread: Re: T minus 19 hours; outstanding issues?
Next by thread: important vorbis-tools bug solved. possible accept for sarge? please, Accept if.
Index(es):
- Date
- Thread