Hi, I'm considering uploading polipo to lenny for CVE-2009-4413 and CVE-2009-3305. debdiff follows, let me know if it's ok for p-u. Cheers, Julien diff -u polipo-1.0.4/debian/patches/00list polipo-1.0.4/debian/patches/00list --- polipo-1.0.4/debian/patches/00list +++ polipo-1.0.4/debian/patches/00list @@ -3,0 +4,2 @@ +40_segfault_max_age.dpatch +50_integer_overflow.dpatch diff -u polipo-1.0.4/debian/control polipo-1.0.4/debian/control --- polipo-1.0.4/debian/control +++ polipo-1.0.4/debian/control @@ -1,7 +1,7 @@ Source: polipo Section: web Priority: optional -Maintainer: Denis V. Sirotkin <fechiny@gmail.com> +Maintainer: Debian QA Group <packages@qa.debian.org> Build-Depends: debhelper (>= 5), cdbs, texinfo, dpatch Standards-Version: 3.7.3 Homepage: http://www.pps.jussieu.fr/~jch/software/polipo/ diff -u polipo-1.0.4/debian/changelog polipo-1.0.4/debian/changelog --- polipo-1.0.4/debian/changelog +++ polipo-1.0.4/debian/changelog @@ -1,3 +1,30 @@ +polipo (1.0.4-1+lenny1) stable; urgency=low + + * Upload to stable. Fix CVE reference in 1.0.4-2 changelog (oops). + + -- Julien Cristau <jcristau@debian.org> Wed, 27 Jan 2010 15:16:00 +0100 + +polipo (1.0.4-2) unstable; urgency=high + + [ Andreas Kirschbaum ] + * Apply upstream commit to fix DoS via overly large "Content-Length" + header; fixes CVE-2009-4413 (closes: #560779) + + [ Julien Cristau ] + * QA upload. + * Set Maintainer to Debian QA Group (see #566150). + * High urgency for RC bugfix. + + -- Julien Cristau <jcristau@debian.org> Wed, 27 Jan 2010 15:01:52 +0100 + +polipo (1.0.4-1.1) unstable; urgency=medium + + * Non-maintainer upload for RC bug fix. + * Fix segfault when server sends Cache-Control: max-age without a value + (closes: #547047). + + -- Stefan Fritsch <sf@debian.org> Wed, 23 Sep 2009 21:29:43 +0200 + polipo (1.0.4-1) unstable; urgency=low * New upstream release only in patch2: unchanged: --- polipo-1.0.4.orig/debian/patches/50_integer_overflow.dpatch +++ polipo-1.0.4/debian/patches/50_integer_overflow.dpatch @@ -0,0 +1,46 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 50_integer_overflow.dpatch by Andreas Kirschbaum <kirschbaum@in-medias-res.com> +## +## DP: Fix an integer overflow in processing client connections + +if [ $# -lt 1 ]; then + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1 +fi + +[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts +patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}" + +case "$1" in + -patch) patch -p1 ${patch_opts} < $0;; + -unpatch) patch -R -p1 ${patch_opts} < $0;; + *) + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1;; +esac + +exit 0 + +@DPATCH@ +--- polipo-1.0.4.orig/CHANGES ++++ polipo-1.0.4/CHANGES +@@ -1,3 +1,7 @@ ++Polipo 1.0.5 (unreleased) ++ ++ * Fix a integer overflow in processing client requests. ++ + 8 January 2008: Polipo 1.0.4: + + * Fixed the handling of tunnels with a parent proxy (thanks to +--- polipo-1.0.4.orig/client.c ++++ polipo-1.0.4/client.c +@@ -978,7 +978,7 @@ + if(connection->bodylen < 0) + goto fail; + +- if(connection->bodylen + connection->reqbegin < connection->reqlen) { ++ if(connection->bodylen < connection->reqlen - connection->reqbegin) { + connection->reqbegin += connection->bodylen; + connection->bodylen = 0; + } else { + only in patch2: unchanged: --- polipo-1.0.4.orig/debian/patches/40_segfault_max_age.dpatch +++ polipo-1.0.4/debian/patches/40_segfault_max_age.dpatch @@ -0,0 +1,77 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## DP: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547047 + +if [ $# -lt 1 ]; then + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1 +fi + +[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts +patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}" + +case "$1" in + -patch) patch -p1 ${patch_opts} < $0;; + -unpatch) patch -R -p1 ${patch_opts} < $0;; + *) + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1;; +esac + +exit 0 + +@DPATCH@ +--- polipo-1.0.4.orig/http_parse.c ++++ polipo-1.0.4/http_parse.c +@@ -1088,9 +1088,10 @@ + (v_end >= 0 ? v_end : token_end) - + token_start); + do_log(L_WARN, "\n"); ++ } else { ++ a = atoi(buf + v_start); ++ cache_control.max_age = a; + } +- a = atoi(buf + v_start); +- cache_control.max_age = a; + } else if(token_compare(buf, token_start, token_end, + "s-maxage")) { + int a; +@@ -1100,9 +1101,10 @@ + (v_end >= 0 ? v_end : token_end) - + token_start); + do_log(L_WARN, "\n"); ++ } else { ++ a = atoi(buf + v_start); ++ cache_control.max_age = a; + } +- a = atoi(buf + v_start); +- cache_control.max_age = a; + } else if(token_compare(buf, token_start, token_end, + "min-fresh")) { + int a; +@@ -1112,9 +1114,10 @@ + (v_end >= 0 ? v_end : token_end) - + token_start); + do_log(L_WARN, "\n"); ++ } else { ++ a = atoi(buf + v_start); ++ cache_control.max_age = a; + } +- a = atoi(buf + v_start); +- cache_control.max_age = a; + } else if(token_compare(buf, token_start, token_end, + "max-stale")) { + int a; +@@ -1124,9 +1127,10 @@ + (v_end >= 0 ? v_end : token_end) - + token_start); + do_log(L_WARN, "\n"); ++ } else { ++ a = atoi(buf + v_start); ++ cache_control.max_stale = a; + } +- a = atoi(buf + v_start); +- cache_control.max_stale = a; + } else { + do_log(L_WARN, "Unsupported Cache-Control directive "); + do_log_n(L_WARN, buf + token_start,
Attachment:
signature.asc
Description: Digital signature