Hi,
I'm considering uploading polipo to lenny for CVE-2009-4413 and
CVE-2009-3305. debdiff follows, let me know if it's ok for p-u.
Cheers,
Julien
diff -u polipo-1.0.4/debian/patches/00list polipo-1.0.4/debian/patches/00list
--- polipo-1.0.4/debian/patches/00list
+++ polipo-1.0.4/debian/patches/00list
@@ -3,0 +4,2 @@
+40_segfault_max_age.dpatch
+50_integer_overflow.dpatch
diff -u polipo-1.0.4/debian/control polipo-1.0.4/debian/control
--- polipo-1.0.4/debian/control
+++ polipo-1.0.4/debian/control
@@ -1,7 +1,7 @@
Source: polipo
Section: web
Priority: optional
-Maintainer: Denis V. Sirotkin <fechiny@gmail.com>
+Maintainer: Debian QA Group <packages@qa.debian.org>
Build-Depends: debhelper (>= 5), cdbs, texinfo, dpatch
Standards-Version: 3.7.3
Homepage: http://www.pps.jussieu.fr/~jch/software/polipo/
diff -u polipo-1.0.4/debian/changelog polipo-1.0.4/debian/changelog
--- polipo-1.0.4/debian/changelog
+++ polipo-1.0.4/debian/changelog
@@ -1,3 +1,30 @@
+polipo (1.0.4-1+lenny1) stable; urgency=low
+
+ * Upload to stable. Fix CVE reference in 1.0.4-2 changelog (oops).
+
+ -- Julien Cristau <jcristau@debian.org> Wed, 27 Jan 2010 15:16:00 +0100
+
+polipo (1.0.4-2) unstable; urgency=high
+
+ [ Andreas Kirschbaum ]
+ * Apply upstream commit to fix DoS via overly large "Content-Length"
+ header; fixes CVE-2009-4413 (closes: #560779)
+
+ [ Julien Cristau ]
+ * QA upload.
+ * Set Maintainer to Debian QA Group (see #566150).
+ * High urgency for RC bugfix.
+
+ -- Julien Cristau <jcristau@debian.org> Wed, 27 Jan 2010 15:01:52 +0100
+
+polipo (1.0.4-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload for RC bug fix.
+ * Fix segfault when server sends Cache-Control: max-age without a value
+ (closes: #547047).
+
+ -- Stefan Fritsch <sf@debian.org> Wed, 23 Sep 2009 21:29:43 +0200
+
polipo (1.0.4-1) unstable; urgency=low
* New upstream release
only in patch2:
unchanged:
--- polipo-1.0.4.orig/debian/patches/50_integer_overflow.dpatch
+++ polipo-1.0.4/debian/patches/50_integer_overflow.dpatch
@@ -0,0 +1,46 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 50_integer_overflow.dpatch by Andreas Kirschbaum <kirschbaum@in-medias-res.com>
+##
+## DP: Fix an integer overflow in processing client connections
+
+if [ $# -lt 1 ]; then
+ echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
+ exit 1
+fi
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
+
+case "$1" in
+ -patch) patch -p1 ${patch_opts} < $0;;
+ -unpatch) patch -R -p1 ${patch_opts} < $0;;
+ *)
+ echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
+ exit 1;;
+esac
+
+exit 0
+
+@DPATCH@
+--- polipo-1.0.4.orig/CHANGES
++++ polipo-1.0.4/CHANGES
+@@ -1,3 +1,7 @@
++Polipo 1.0.5 (unreleased)
++
++ * Fix a integer overflow in processing client requests.
++
+ 8 January 2008: Polipo 1.0.4:
+
+ * Fixed the handling of tunnels with a parent proxy (thanks to
+--- polipo-1.0.4.orig/client.c
++++ polipo-1.0.4/client.c
+@@ -978,7 +978,7 @@
+ if(connection->bodylen < 0)
+ goto fail;
+
+- if(connection->bodylen + connection->reqbegin < connection->reqlen) {
++ if(connection->bodylen < connection->reqlen - connection->reqbegin) {
+ connection->reqbegin += connection->bodylen;
+ connection->bodylen = 0;
+ } else {
+
only in patch2:
unchanged:
--- polipo-1.0.4.orig/debian/patches/40_segfault_max_age.dpatch
+++ polipo-1.0.4/debian/patches/40_segfault_max_age.dpatch
@@ -0,0 +1,77 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+##
+## DP: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547047
+
+if [ $# -lt 1 ]; then
+ echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
+ exit 1
+fi
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
+
+case "$1" in
+ -patch) patch -p1 ${patch_opts} < $0;;
+ -unpatch) patch -R -p1 ${patch_opts} < $0;;
+ *)
+ echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
+ exit 1;;
+esac
+
+exit 0
+
+@DPATCH@
+--- polipo-1.0.4.orig/http_parse.c
++++ polipo-1.0.4/http_parse.c
+@@ -1088,9 +1088,10 @@
+ (v_end >= 0 ? v_end : token_end) -
+ token_start);
+ do_log(L_WARN, "\n");
++ } else {
++ a = atoi(buf + v_start);
++ cache_control.max_age = a;
+ }
+- a = atoi(buf + v_start);
+- cache_control.max_age = a;
+ } else if(token_compare(buf, token_start, token_end,
+ "s-maxage")) {
+ int a;
+@@ -1100,9 +1101,10 @@
+ (v_end >= 0 ? v_end : token_end) -
+ token_start);
+ do_log(L_WARN, "\n");
++ } else {
++ a = atoi(buf + v_start);
++ cache_control.max_age = a;
+ }
+- a = atoi(buf + v_start);
+- cache_control.max_age = a;
+ } else if(token_compare(buf, token_start, token_end,
+ "min-fresh")) {
+ int a;
+@@ -1112,9 +1114,10 @@
+ (v_end >= 0 ? v_end : token_end) -
+ token_start);
+ do_log(L_WARN, "\n");
++ } else {
++ a = atoi(buf + v_start);
++ cache_control.max_age = a;
+ }
+- a = atoi(buf + v_start);
+- cache_control.max_age = a;
+ } else if(token_compare(buf, token_start, token_end,
+ "max-stale")) {
+ int a;
+@@ -1124,9 +1127,10 @@
+ (v_end >= 0 ? v_end : token_end) -
+ token_start);
+ do_log(L_WARN, "\n");
++ } else {
++ a = atoi(buf + v_start);
++ cache_control.max_stale = a;
+ }
+- a = atoi(buf + v_start);
+- cache_control.max_stale = a;
+ } else {
+ do_log(L_WARN, "Unsupported Cache-Control directive ");
+ do_log_n(L_WARN, buf + token_start,
Attachment:
signature.asc
Description: Digital signature