Hello, On Wed, 10 Sep 2008, Marc 'HE' Brockschmidt wrote: > > If not, I would backport some of the bug fixes (like the buffer > > overflow) and create a 1.6.0-2. > > Please do. I have created the necessary changes. (The interdiff between 1.6.0-1 and 1.6.0-2) is attached. Could you please confirm that this can be uploaded to unstable enroute to lenny? Regards, Kapil. --
diff -u conky-1.6.0/debian/changelog conky-1.6.0/debian/changelog --- conky-1.6.0/debian/changelog +++ conky-1.6.0/debian/changelog @@ -1,3 +1,14 @@ +conky (1.6.0-2) unstable; urgency=low + + * Backport of fixes from version 1.6.1-1. + * debian/patches/ifaddr_buffer_overflow: fix buffer + overflow in update_net_stats. Thanks to Miroslav Lichvar. + * debian/NEWS: documented the need to re-examine the conky + configuration file for the changes since version 1.5.x. + Closes: #495864. + + -- Kapil Hari Paranjape <kapil@debian.org> Wed, 10 Sep 2008 12:10:31 +0530 + conky (1.6.0-1) unstable; urgency=low * New upstream release (1.6.0). diff -u conky-1.6.0/debian/NEWS conky-1.6.0/debian/NEWS --- conky-1.6.0/debian/NEWS +++ conky-1.6.0/debian/NEWS @@ -1,3 +1,12 @@ +conky (1.6.0-1) unstable; urgency=low + + User's may find that older conky configuration files give + unexpected results. This is because some buffer sizes have been + "optimized". For the details about these changes please refer + to the man page. + + -- Kapil Hari Paranjape <kapil@debian.org> Tue, 09 Sep 2008 08:44:42 +0530 + conky (1.5.1-1) unstable; urgency=low The system default config file for conky is an external diff -u conky-1.6.0/debian/patches/series conky-1.6.0/debian/patches/series --- conky-1.6.0/debian/patches/series +++ conky-1.6.0/debian/patches/series @@ -1,3 +1,4 @@ +ifaddr_buffer_overflow x86_64_rdtsc man_page_type_first_char move_compile_end_man_page only in patch2: unchanged: --- conky-1.6.0.orig/debian/patches/ifaddr_buffer_overflow +++ conky-1.6.0/debian/patches/ifaddr_buffer_overflow @@ -0,0 +1,33 @@ +I'm getting glibc errors that a buffer overflow is detected. I've +traced it to the sprintf call on line 428 in linux.c file, where the +temp_addr array doesn't have space for trailing \0. + +The attached patch should fix it. + +Miroslav Lichvar + +Index: conky-1.6.1/src/linux.c +=================================================================== +--- conky-1.6.1.orig/src/linux.c 2008-09-08 10:14:57.000000000 +0530 ++++ conky-1.6.1/src/linux.c 2008-09-08 10:54:34.000000000 +0530 +@@ -353,7 +353,7 @@ + for (i2 = 0; i2 < 16; i2++) { + struct net_stat *ns; + char *s, *p; +- char temp_addr[17]; ++ char temp_addr[18]; + long long r, t, last_recv, last_trans; + + if (fgets(buf, 255, net_dev_fp) == NULL) { +@@ -380,9 +380,9 @@ + memset(&(ns->addr.sa_data), 0, 14); + + if(NULL == ns->addrs) +- ns->addrs = (char*) malloc(17 * 16); ++ ns->addrs = (char*) malloc(17 * 16 + 1); + if(NULL != ns->addrs) +- memset(ns->addrs, 0, 17 * 16); /* Up to 17 chars per ip, max 16 interfaces. Nasty memory usage... */ ++ memset(ns->addrs, 0, 17 * 16 + 1); /* Up to 17 chars per ip, max 16 interfaces. Nasty memory usage... */ + + last_recv = ns->recv; + last_trans = ns->trans;
Attachment:
signature.asc
Description: Digital signature