permission to upload bip/0.8.2-1squeeze3 to testing proposed updates

To: debian-release@lists.debian.org
Subject: permission to upload bip/0.8.2-1squeeze3 to testing proposed updates
From: Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>
Date: Wed, 19 Jan 2011 01:59:18 +0100
Message-id: <[🔎] 4D363766.2060702@gmx.fr>

Hi !

I am the upstream and sponsored Debian maintainer of Bip.

A user of bip reported a bug which can be used to do a remote DOS of
bip. Bug is present in bip/0.8.2-1squeeze2.

debdiff (bip/0.8.2-1squeeze2 and bip/0.8.2-1squeeze3 source packages)
containing the fix is attached.

Regards,

Pierre-Louis

Format: 1.0
Source: bip
Binary: bip
Architecture: any
Version: 0.8.2-1squeeze3
Maintainer: Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>
Uploaders: Arnaud Cornet <acornet@debian.org>
Homepage: http://bip.t1r.net
Standards-Version: 3.8.3
Build-Depends: debhelper (>= 7.0.50~), bison, flex, libssl-dev, quilt
Checksums-Sha1: 
 a75da8be7f9984e02b61916e6a7d658bb1da1375 208502 bip_0.8.2.orig.tar.gz
 6c5594ec04bd82d9196f42b3b1d267cf0a190b20 8468 bip_0.8.2-1squeeze3.diff.gz
Checksums-Sha256: 
 3367f4e6a3a352fd756db478d4a92378e370318a4c961ae03b0a1b40f46a1cfd 208502 bip_0.8.2.orig.tar.gz
 a6411d6ff2a99df185bafcae8dcf09d2e1a9f8dfb5c409793f8092d47b7224eb 8468 bip_0.8.2-1squeeze3.diff.gz
Files: 
 3f3a66f6179456ba7efb1970a89f46dd 208502 bip_0.8.2.orig.tar.gz
 30e7bbed2fc5f1f43ebb5045abda56c6 8468 bip_0.8.2-1squeeze3.diff.gz

diff -u bip-0.8.2/debian/changelog bip-0.8.2/debian/changelog
--- bip-0.8.2/debian/changelog
+++ bip-0.8.2/debian/changelog
@@ -1,3 +1,9 @@
+bip (0.8.2-1squeeze3) testing-proposed-updates; urgency=low
+
+  * add fix_DOS.patch, backported from 0.8.7. 
+
+ -- Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>  Sat, 15 Jan 2011 19:12:33 +0100
+
 bip (0.8.2-1squeeze2) testing-proposed-updates; urgency=low
 
   * New maintainer (with Nohar's blessing).
diff -u bip-0.8.2/debian/patches/series bip-0.8.2/debian/patches/series
--- bip-0.8.2/debian/patches/series
+++ bip-0.8.2/debian/patches/series
@@ -1,0 +2 @@
+fix_DOS.patch
only in patch2:
unchanged:
--- bip-0.8.2.orig/debian/patches/fix_DOS.patch
+++ bip-0.8.2/debian/patches/fix_DOS.patch
@@ -0,0 +1,20 @@
+Fix DOS. Backported From 0.8.7.
+--- a/src/log.c
++++ b/src/log.c
+@@ -472,10 +472,14 @@
+ 		const char *newnick)
+ {
+ 	char *oldnick = nick_from_ircmask(ircmask);
++	logstore_t* oldstore;
++	logstore_t* newstore;
+ 
+-	if (hash_includes(&logdata->logfgs, oldnick)) {
+-		if (hash_includes(&logdata->logfgs, newnick))
++	if ((oldstore = hash_get(&logdata->logfgs, oldnick))) {
++		if ((newstore = hash_get(&logdata->logfgs, newnick))
++			&& oldstore != newstore) {
+ 			log_drop(logdata, newnick);
++		}
+ 		hash_rename_key(&logdata->logfgs, oldnick, newnick);
+ 	}
+ 	free(oldnick);

Reply to:

Follow-Ups:
- Re: permission to upload bip/0.8.2-1squeeze3 to testing proposed updates
  - From: Thijs Kinkhorst <thijs@debian.org>
- Re: permission to upload bip/0.8.2-1squeeze3 to testing proposed updates
  - From: Julien Cristau <jcristau@debian.org>

Prev by Date: Bug#610052: unblock: util-linux/2.17.2-6
Next by Date: NEW changes in proposedupdates
Previous by thread: Bug#610476: marked as done (unblock: zoneminder/1.24.2-8)
Next by thread: Re: permission to upload bip/0.8.2-1squeeze3 to testing proposed updates
Index(es):
- Date
- Thread