[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#715567: pu: package mdbtools/0.7-1+deb7u1

Hi Julien

I was wondering whether I should open a pu bug myself. Thank you.
I do support your proposal.

I believe we should also include one, possibily two patches from jessie:

1) http://patch-tracker.debian.org/patch/series/view/mdbtools/0.7-2/binaries_to_string
fixes important bug #713826 that got me a RC critical bug and a jessie-ignore
tag.
This is about a missing break within a switch/case, resulting in next case
block being run, and resulting in a SEGV. This only occur when you have binary
in your MDB file.
This is a one-line patch adding the missing break;
This one has been repported on other distros, and upstream. I would really like
to have it fixed.

2) http://patch-tracker.debian.org/patch/series/view/mdbtools/0.7-2/gmdb2_double_free
is a more rare bug, but it also results in SEGV.
This also is a oneliner fix:
gmdb_debug_add_item frees the str parameter.
The line patched was properly calling g_strdup_printf, but discards the
results, resulting in str beeing uninitialized (same value has previous call),
as thus beeing freed twice.

So attached my proposal.

I'm not sure the 2) above qualify for a proposed update. This is a SEGV, but
only in the debug window few people will open, and it has no security impact.
Please advise.

diff -Nru mdbtools-0.7/debian/changelog mdbtools-0.7/debian/changelog
--- mdbtools-0.7/debian/changelog	2012-06-29 02:13:22.000000000 +0200
+++ mdbtools-0.7/debian/changelog	2013-07-10 18:43:42.000000000 +0200
@@ -1,3 +1,12 @@
+mdbtools (0.7-1+deb7u1) wheezy; urgency=low
+
+  * Version libiodbc Breaks now that it can load multiarch drivers, drop
+    matching lintian overrive.
+  * Fix SEGV in blob data handling (Closes: #713826)
+  * Fixed double free SEGV in gmdb2 dissector.
+
+ -- Jean-Michel Vourgère <jmv_deb@nirgal.com>  Wed, 10 Jul 2013 18:42:55 +0200
+
 mdbtools (0.7-1) unstable; urgency=low
 
   * New upstream version
diff -Nru mdbtools-0.7/debian/control mdbtools-0.7/debian/control
--- mdbtools-0.7/debian/control	2012-06-29 02:02:51.000000000 +0200
+++ mdbtools-0.7/debian/control	2013-07-10 18:14:56.000000000 +0200
@@ -101,7 +101,7 @@
 Pre-Depends: ${misc:Pre-Depends}
 Depends: ${misc:Depends}, ${shlibs:Depends}
 Suggests: mdbtools-doc
-Breaks: libiodbc2, odbcinst1debian2 (<< 2.2.14p2-3), unixodbc (<< 2.2.14p2-3)
+Breaks: libiodbc2 (<< 3.52.7-2+deb7u1), odbcinst1debian2 (<< 2.2.14p2-3), unixodbc (<< 2.2.14p2-3)
 Description: MDB tools ODBC module
  This is the software driver to access JET / MS Access database (MDB) files
  through ODBC.
diff -Nru mdbtools-0.7/debian/libmdbodbc1.lintian-overrides mdbtools-0.7/debian/libmdbodbc1.lintian-overrides
--- mdbtools-0.7/debian/libmdbodbc1.lintian-overrides	2012-06-29 00:20:05.000000000 +0200
+++ mdbtools-0.7/debian/libmdbodbc1.lintian-overrides	1970-01-01 01:00:00.000000000 +0100
@@ -1,3 +0,0 @@
-# Multi-Arch totally breaks iodbc
-# See /usr/share/doc/unixodbc/NEWS.Debian.gz
-breaks-without-version libiodbc2
diff -Nru mdbtools-0.7/debian/patches/binaries_to_string mdbtools-0.7/debian/patches/binaries_to_string
--- mdbtools-0.7/debian/patches/binaries_to_string	1970-01-01 01:00:00.000000000 +0100
+++ mdbtools-0.7/debian/patches/binaries_to_string	2013-07-10 16:36:49.000000000 +0200
@@ -0,0 +1,22 @@
+Description: Fix SEGV in blob data handling
+ col_to_string was missing break in a switch/case resulting in an invalid call
+ to mdb_unicode2ascii with an odd number of bytes.
+Author: William Rogers <rogers.wb@gmail.com>
+Origin: https://github.com/rogerswb/mdbtools/commit/0d3d2959c6d5d25d41f5e3f5d23bb38adacc4550
+Bug: https://github.com/brianb/mdbtools/issues/30
+Bug-Debian: http://bugs.debian.org/713826
+Forwarded: https://github.com/brianb/mdbtools/issues/30
+Reviewed-By: Jean-Michel Vourgère <jmv_deb@nirgal.com>
+Last-Update: 2013-06-23
+Applied-Upstream: commit:9cd05ffdcc44a9a151e3c3caded00fda2ad8d203
+
+--- mdbtools-0.7.orig/src/libmdb/data.c
++++ mdbtools-0.7/src/libmdb/data.c
+@@ -929,6 +929,7 @@ char *mdb_col_to_string(MdbHandle *mdb,
+ 				text = g_malloc(size);
+ 				memcpy((char*)buf+start, text, size);
+ 			}
++		break;
+ 		case MDB_TEXT:
+ 			if (size<0) {
+ 				text = g_strdup("");
diff -Nru mdbtools-0.7/debian/patches/gmdb2_double_free mdbtools-0.7/debian/patches/gmdb2_double_free
--- mdbtools-0.7/debian/patches/gmdb2_double_free	1970-01-01 01:00:00.000000000 +0100
+++ mdbtools-0.7/debian/patches/gmdb2_double_free	2013-07-10 16:36:37.000000000 +0200
@@ -0,0 +1,16 @@
+Description: Fixed double free SEGV in gmdb2 dissector
+Author: Jean-Michel Vourgère <jmv_deb@nirgal.com>
+Origin: upstream, https://github.com/brianb/mdbtools/commit/1ff5d62e3070d1f0d325c510f95105497591f5fb
+Last-Update: 2012-07-14
+
+--- mdbtools-0.7.orig/src/gmdb2/debug.c
++++ mdbtools-0.7/src/gmdb2/debug.c
+@@ -530,7 +530,7 @@ gmdb_debug_dissect_row(GtkTreeStore *sto
+ 		((unsigned char*)fbuf)[eod_ptr], ((unsigned char*)fbuf)[eod_ptr]);
+ 	gmdb_debug_add_item(store, parent, str, eod_ptr, 1);
+ 	for (i=0;i<var_cols;i++) {
+-		g_strdup_printf("Var col %d offset: 0x%02x (%u)", var_cols-i,
++		str = g_strdup_printf("Var col %d offset: 0x%02x (%u)", var_cols-i,
+ 			((unsigned char*)fbuf)[eod_ptr+i+1], ((unsigned char*)fbuf)[eod_ptr+i+1]);
+ 		gmdb_debug_add_item(store, parent, str, eod_ptr + i + 1, 1);
+ 	}
diff -Nru mdbtools-0.7/debian/patches/series mdbtools-0.7/debian/patches/series
--- mdbtools-0.7/debian/patches/series	2012-06-29 00:28:30.000000000 +0200
+++ mdbtools-0.7/debian/patches/series	2013-07-10 18:40:32.000000000 +0200
@@ -1,3 +1,5 @@
 01_use_lib_odbc_dir
 06_maintainermode
 export_repid_uuid_as_string_use_char_38_in_mysql
+gmdb2_double_free
+binaries_to_string

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: