Bug#691171: unblock: pgbouncer

To: Debian Bug Tracking System <691171@bugs.debian.org>
Subject: Bug#691171: unblock: pgbouncer
From: Christoph Berg <myon@debian.org>
Date: Fri, 2 Nov 2012 10:44:13 +0100
Message-id: <[🔎] 20121102094413.GA11550@msgid.df7cb.de>
Mail-followup-to: Christoph Berg <myon@debian.org>, Debian Bug Tracking System <691171@bugs.debian.org>
Reply-to: Christoph Berg <myon@debian.org>, 691171@bugs.debian.org
In-reply-to: <20121022145326.GA13202@msgid.df7cb.de>
References: <20121022145326.GA13202@msgid.df7cb.de>

Control: retitle -1 unblock: pgbouncer/1.5.2-4

Re: To Debian Bug Tracking System 2012-10-22 <20121022145326.GA13202@msgid.df7cb.de>
> unblock pgbouncer/1.5.2-3

In the meantime, there's an additional fix for #692103 (grave) in
unstable:

diff -Nru pgbouncer-1.5.2/debian/changelog pgbouncer-1.5.2/debian/changelog
--- pgbouncer-1.5.2/debian/changelog	2012-10-07 19:16:41.000000000 +0200
+++ pgbouncer-1.5.2/debian/changelog	2012-11-02 10:07:46.000000000 +0100
@@ -1,3 +1,20 @@
+pgbouncer (1.5.2-4) unstable; urgency=medium
+
+  * Cherry-pick from 1.5.3:  Closes: #692103.
+    http://git.postgresql.org/gitweb/?p=pgbouncer.git;a=commitdiff;h=4b92112b820830b30cd7bc91bef3dd8f35305525
+    Thanks to Markus Wanner for helping fix this.
+
+    = Critical fix =
+    * Too long database names can lead to crash, which
+      is remotely triggerable if autodbs are enabled.
+
+      The original checks assumed all names come from config files,
+      thus using fatal() was fine, but when autodbs are enabled
+      - by '*' in [databases] section - the database name can come
+      from network thus making remote shutdown possible.
+
+ -- Christoph Berg <myon@debian.org>  Fri, 02 Nov 2012 10:05:27 +0100
+
 pgbouncer (1.5.2-3) unstable; urgency=low
 
   * Re-add check for START=0 in the init script.  Spotted by Sergey Burladyan.
diff -Nru pgbouncer-1.5.2/debian/patches/692103-long-db-name pgbouncer-1.5.2/debian/patches/692103-long-db-name
--- pgbouncer-1.5.2/debian/patches/692103-long-db-name	1970-01-01 01:00:00.000000000 +0100
+++ pgbouncer-1.5.2/debian/patches/692103-long-db-name	2012-11-02 10:10:41.000000000 +0100
@@ -0,0 +1,15 @@
+--- a/src/objects.c
++++ b/src/objects.c
+@@ -303,7 +303,11 @@
+ 			return NULL;
+ 
+ 		list_init(&db->head);
+-		safe_strcpy(db->name, name, sizeof(db->name));
++		if (strlcpy(db->name, name, sizeof(db->name)) >= sizeof(db->name)) {
++			log_warning("Too long db name: %s", name);
++			slab_free(db_cache, db);
++			return NULL;
++		}
+ 		put_in_order(&db->head, &database_list, cmp_database);
+ 	}
+ 
diff -Nru pgbouncer-1.5.2/debian/patches/series pgbouncer-1.5.2/debian/patches/series
--- pgbouncer-1.5.2/debian/patches/series	2012-10-07 17:23:40.000000000 +0200
+++ pgbouncer-1.5.2/debian/patches/series	2012-11-02 10:09:33.000000000 +0100
@@ -1 +1,2 @@
+692103-long-db-name
 debian-config

Please
unblock pgbouncer/1.5.2-4

Thanks,
Christoph
-- 
cb@df7cb.de | http://www.df7cb.de/

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Processed: Re: Bug#691171: unblock: pgbouncer
Next by Date: Bug#691171: marked as done (unblock: pgbouncer/1.5.2-4)
Previous by thread: Processed: Re: unblock: procps/1:3.3.5-1
Next by thread: Processed: Re: Bug#691171: unblock: pgbouncer
Index(es):
- Date
- Thread