Your message dated Sat, 15 Dec 2012 17:05:20 +0100 with message-id <20121215160520.GQ5634@radis.cristau.org> and subject line Re: Bug#691186: unblock: icecast2/2.3.2-9+deb7u2 has caused the Debian Bug report #691186, regarding unblock: icecast2/2.3.2-9+deb7u2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 691186: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691186 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: icecast2/2.3.2-9+deb7u2
- From: Moritz Muehlenhoff <jmm@debian.org>
- Date: Mon, 22 Oct 2012 20:53:49 +0200
- Message-id: <20121022185349.12807.81245.reportbug@pisco.westfalen.local>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Ok to upload to t-p-u with the attached debdiff? This fixes CVE-2011-4612 / #652663) unblock icecast2/2.3.2-9+deb7u2 Cheers, Moritzdiff -Nru icecast2-2.3.2/debian/changelog icecast2-2.3.2/debian/changelog --- icecast2-2.3.2/debian/changelog 2012-09-14 00:55:08.000000000 +0200 +++ icecast2-2.3.2/debian/changelog 2012-10-22 20:40:33.000000000 +0200 @@ -1,3 +1,9 @@ +icecast2 (2.3.2-9+deb7u2) wheezy; urgency=low + + * CVE-2011-4612 (Closes: #652663) + + -- Moritz Muehlenhoff <jmm@debian.org> Sun, 21 Oct 2012 18:32:47 +0200 + icecast2 (2.3.2-9+deb7u1) wheezy; urgency=low * Team upload. diff -Nru icecast2-2.3.2/debian/patches/1004_CVE-2011-4612.patch icecast2-2.3.2/debian/patches/1004_CVE-2011-4612.patch --- icecast2-2.3.2/debian/patches/1004_CVE-2011-4612.patch 1970-01-01 01:00:00.000000000 +0100 +++ icecast2-2.3.2/debian/patches/1004_CVE-2011-4612.patch 2012-10-22 20:43:21.000000000 +0200 @@ -0,0 +1,227 @@ +diff -aur icecast2-2.3.2.orig/src/format_mp3.c icecast2-2.3.2/src/format_mp3.c +--- icecast2-2.3.2.orig/src/format_mp3.c 2007-10-19 05:02:35.000000000 +0200 ++++ icecast2-2.3.2/src/format_mp3.c 2012-10-22 20:37:31.000000000 +0200 +@@ -595,7 +595,7 @@ + memcpy (meta->data, source_mp3->build_metadata, + source_mp3->build_metadata_len); + +- DEBUG1("shoutcast metadata %.4080s", meta->data+1); ++ DEBUG2("shoutcast metadata %.*s", 4080, meta->data+1); + if (strncmp (meta->data+1, "StreamTitle=", 12) == 0) + { + filter_shoutcast_metadata (source, source_mp3->build_metadata, +diff -aur icecast2-2.3.2.orig/src/fserve.c icecast2-2.3.2/src/fserve.c +--- icecast2-2.3.2.orig/src/fserve.c 2008-04-29 06:32:10.000000000 +0200 ++++ icecast2-2.3.2/src/fserve.c 2012-10-22 20:37:31.000000000 +0200 +@@ -397,7 +397,7 @@ + FILE *file; + + fullpath = util_get_path_from_normalised_uri (path); +- INFO2 ("checking for file %s (%s)", path, fullpath); ++ INFO2 ("checking for file %H (%H)", path, fullpath); + + if (strcmp (util_get_extension (fullpath), "m3u") == 0) + m3u_requested = 1; +@@ -411,7 +411,7 @@ + /* the m3u can be generated, but send an m3u file if available */ + if (m3u_requested == 0 && xspf_requested == 0) + { +- WARN2 ("req for file \"%s\" %s", fullpath, strerror (errno)); ++ WARN2 ("req for file \"%H\" %s", fullpath, strerror (errno)); + client_send_404 (httpclient, "The file you requested could not be found"); + free (fullpath); + return -1; +@@ -482,7 +482,7 @@ + config = config_get_config(); + if (config->fileserve == 0) + { +- DEBUG1 ("on demand file \"%s\" refused", fullpath); ++ DEBUG1 ("on demand file \"%H\" refused", fullpath); + client_send_404 (httpclient, "The file you requested could not be found"); + config_release_config(); + free (fullpath); +@@ -493,7 +493,7 @@ + if (S_ISREG (file_buf.st_mode) == 0) + { + client_send_404 (httpclient, "The file you requested could not be found"); +- WARN1 ("found requested file but there is no handler for it: %s", fullpath); ++ WARN1 ("found requested file but there is no handler for it: %H", fullpath); + free (fullpath); + return -1; + } +@@ -501,7 +501,7 @@ + file = fopen (fullpath, "rb"); + if (file == NULL) + { +- WARN1 ("Problem accessing file \"%s\"", fullpath); ++ WARN1 ("Problem accessing file \"%H\"", fullpath); + client_send_404 (httpclient, "File not readable"); + free (fullpath); + return -1; +diff -aur icecast2-2.3.2.orig/src/log/log.c icecast2-2.3.2/src/log/log.c +--- icecast2-2.3.2.orig/src/log/log.c 2008-01-24 04:10:20.000000000 +0100 ++++ icecast2-2.3.2/src/log/log.c 2012-10-22 20:37:31.000000000 +0200 +@@ -420,11 +420,132 @@ + _unlock_logger (); + } + ++static void __vsnprintf(char *str, size_t size, const char *format, va_list ap) { ++ int in_block = 0; ++ int block_size = 0; ++ int block_len; ++ const char * arg; ++ char buf[80]; ++ ++ for (; *format && size; format++) ++ { ++ if ( !in_block ) ++ { ++ if ( *format == '%' ) { ++ in_block = 1; ++ block_size = 0; ++ block_len = 0; ++ } ++ else ++ { ++ *(str++) = *format; ++ size--; ++ } ++ } ++ else ++ { ++ // TODO: %l*[sdupi] as well as %.4080s and "%.*s ++ arg = NULL; ++ switch (*format) ++ { ++ case 'l': ++ block_size++; ++ break; ++ case '.': ++ // just ignore '.'. If somebody cares: fix it. ++ break; ++ case '*': ++ block_len = va_arg(ap, int); ++ break; ++ case '1': ++ case '2': ++ case '3': ++ case '4': ++ case '5': ++ case '6': ++ case '7': ++ case '8': ++ case '9': ++ block_len = atoi(format); ++ for (; *format >= '0' && *format <= '9'; format++); ++ break; ++ case 'p': ++ snprintf(buf, sizeof(buf), "%p", (void*)va_arg(ap, void *)); ++ arg = buf; ++ case 'd': ++ case 'i': ++ case 'u': ++ if (!arg) ++ { ++ switch (block_size) ++ { ++ case 0: ++ if (*format == 'u') ++ snprintf(buf, sizeof(buf), "%u", (unsigned int)va_arg(ap, unsigned int)); ++ else ++ snprintf(buf, sizeof(buf), "%i", (int)va_arg(ap, int)); ++ break; ++ case 1: ++ if (*format == 'u') ++ snprintf(buf, sizeof(buf), "%lu", (unsigned long int)va_arg(ap, unsigned long int)); ++ else ++ snprintf(buf, sizeof(buf), "%li", (long int)va_arg(ap, long int)); ++ break; ++ case 2: ++ if (*format == 'u') ++ snprintf(buf, sizeof(buf), "%llu", (unsigned long long int)va_arg(ap, unsigned long long int)); ++ else ++ snprintf(buf, sizeof(buf), "%lli", (long long int)va_arg(ap, long long int)); ++ break; ++ default: ++ snprintf(buf, sizeof(buf), "<<<invalid>>>"); ++ break; ++ } ++ arg = buf; ++ } ++ case 's': ++ case 'H': ++ // TODO. ++ if (!arg) ++ arg = va_arg(ap, const char *); ++ if (!arg) ++ arg = "(null)"; ++ if (!block_len) ++ block_len = strlen(arg); ++ ++ // the if() is the outer structure so the inner for() ++ // is branch optimized. ++ if (*format == 'H' ) ++ { ++ for (; *arg && block_len && size; arg++, size--) ++ { ++ if (*arg <= '"') ++ *(str++) = '.'; ++ else ++ *(str++) = *arg; ++ } ++ } ++ else ++ { ++ for (; *arg && block_len && size; arg++, size--) ++ *(str++) = *arg; ++ } ++ in_block = 0; ++ break; ++ } ++ } ++ } ++ ++ if ( !size ) ++ str--; ++ ++ *str = 0; ++} + + void log_write(int log_id, unsigned priority, const char *cat, const char *func, + const char *fmt, ...) + { +- static char *prior[] = { "EROR", "WARN", "INFO", "DBUG" }; ++ static const char *prior[] = { "EROR", "WARN", "INFO", "DBUG" }; + int datelen; + time_t now; + char pre[256]; +@@ -435,16 +556,16 @@ + if (loglist[log_id].level < priority) return; + if (priority > sizeof(prior)/sizeof(prior[0])) return; /* Bad priority */ + ++ + va_start(ap, fmt); +- vsnprintf(line, LOG_MAXLINELEN, fmt, ap); ++ __vsnprintf(line, sizeof(line), fmt, ap); ++ va_end(ap); + + now = time(NULL); +- +- _lock_logger(); + datelen = strftime (pre, sizeof (pre), "[%Y-%m-%d %H:%M:%S]", localtime(&now)); +- + snprintf (pre+datelen, sizeof (pre)-datelen, " %s %s%s ", prior [priority-1], cat, func); + ++ _lock_logger(); + if (_log_open (log_id)) + { + int len = create_log_entry (log_id, pre, line); +@@ -452,8 +573,6 @@ + loglist[log_id].size += len; + } + _unlock_logger(); +- +- va_end(ap); + } + + void log_write_direct(int log_id, const char *fmt, ...) diff -Nru icecast2-2.3.2/debian/patches/series icecast2-2.3.2/debian/patches/series --- icecast2-2.3.2/debian/patches/series 2012-09-14 00:55:08.000000000 +0200 +++ icecast2-2.3.2/debian/patches/series 2012-10-22 20:40:50.000000000 +0200 @@ -1,3 +1,4 @@ 1001_autotools_avoid_debian-subdir.patch 1002_add_missing_xspf_file 1003_fix_memory_leak.patch +1004_CVE-2011-4612.patch \ Kein Zeilenumbruch am Dateiende.
--- End Message ---
--- Begin Message ---
- To: Moritz Mühlenhoff <jmm@inutil.org>, 691186-done@bugs.debian.org
- Cc: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Subject: Re: Bug#691186: unblock: icecast2/2.3.2-9+deb7u2
- From: Julien Cristau <jcristau@debian.org>
- Date: Sat, 15 Dec 2012 17:05:20 +0100
- Message-id: <20121215160520.GQ5634@radis.cristau.org>
- In-reply-to: <[🔎] 20121214222100.GB6757@pisco.westfalen.local>
- References: <20121022185349.12807.81245.reportbug@pisco.westfalen.local> <[🔎] 1355339044.13966.4.camel@jacala.jungle.funky-badger.org> <[🔎] 20121214222100.GB6757@pisco.westfalen.local>
On Fri, Dec 14, 2012 at 23:21:01 +0100, Moritz Mühlenhoff wrote: > On Wed, Dec 12, 2012 at 07:04:04PM +0000, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Mon, 2012-10-22 at 20:53 +0200, Moritz Muehlenhoff wrote: > > > Ok to upload to t-p-u with the attached debdiff? > > > > > > This fixes CVE-2011-4612 / #652663) > > > > Much as I dislike wheel re-inventing, I'm assuming the patch matches how > > upstream decided to resolve the issue; please go ahead. A more > > descriptive changelog entry would be good. ;-) > > Thanks, that's indeed the backported upstream fix. Uploaded. > Approved. Cheers, JulienAttachment: signature.asc
Description: Digital signature
--- End Message ---