Hi, I would like to upload a new release of fwknop to stable-proposed-updates in order to fix the following issue : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717754 The patch has been tested by the bug reported and everything works well. I have enclosed the debdiff so that you can have a look at the changes. Regards, -- Franck Joncourt
diff -Nru fwknop-2.0.0rc2/debian/changelog fwknop-2.0.0rc2/debian/changelog --- fwknop-2.0.0rc2/debian/changelog 2012-11-12 20:30:30.000000000 +0100 +++ fwknop-2.0.0rc2/debian/changelog 2013-08-07 14:03:46.000000000 +0200 @@ -1,3 +1,10 @@ +fwknop (2.0.0rc2-2+deb7u2) stable-proposed-updates; urgency=low + + * Fixed use of uninitialized variable that leads fwknop to randomly fail + to send a SPA packet. New patch : 717754.patch (Closes: #717754) + + -- Franck Joncourt <franck@debian.org> Sat, 27 Jul 2013 22:02:32 +0200 + fwknop (2.0.0rc2-2+deb7u1) testing-proposed-updates; urgency=high * Patches to fix CVE (Closes: #688151): diff -Nru fwknop-2.0.0rc2/debian/patches/717754.patch fwknop-2.0.0rc2/debian/patches/717754.patch --- fwknop-2.0.0rc2/debian/patches/717754.patch 1970-01-01 01:00:00.000000000 +0100 +++ fwknop-2.0.0rc2/debian/patches/717754.patch 2013-08-07 14:03:46.000000000 +0200 @@ -0,0 +1,18 @@ +Description: Fixed uninitialized variable +Forwarded: not-nedded +Author: Franck Joncourt <franck@debian.org> +Origin: vendor, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=7171754 +Bug-Debian: http://bugs.debian.org/717754 +Applied-Upstream: 2.0.4 + +--- a/client/fwknop.c ++++ b/client/fwknop.c +@@ -625,7 +625,7 @@ + char args_save_file[MAX_PATH_LEN]; + char args_str[MAX_LINE_LEN] = ""; + FILE *args_file_ptr = NULL; +- int i = 0, args_str_len; ++ int i = 0, args_str_len = 0; + + #ifdef WIN32 + /* Not sure what the right thing is here on Win32, just return diff -Nru fwknop-2.0.0rc2/debian/patches/series fwknop-2.0.0rc2/debian/patches/series --- fwknop-2.0.0rc2/debian/patches/series 2012-11-12 20:30:30.000000000 +0100 +++ fwknop-2.0.0rc2/debian/patches/series 2013-08-07 14:03:46.000000000 +0200 @@ -1,3 +1,4 @@ +717754.patch licence.patch cve_2012-4434.patch cve_2012-4435.patch
Attachment:
signature.asc
Description: This is a digitally signed message part.