Bug#782900: jessie-pu: package ircd-hybrid/1:8.2.0+dfsg.1-2+deb8u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#782900: jessie-pu: package ircd-hybrid/1:8.2.0+dfsg.1-2+deb8u1
From: Dominic Hargreaves <dom@earth.li>
Date: Sun, 19 Apr 2015 16:40:57 +0100
Message-id: <[🔎] 20150419154057.24457.44972.reportbug@callisto.larted.org.uk>
Reply-to: Dominic Hargreaves <dom@earth.li>, 782900@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

There are a couple of fixes which didn't quite make it for jessie
but which would be beneficial:

  * Remove Suggests: hybserv as the package isn't in jessie
  * Fix a DoS from localhost clients backported from 8.2.6
    (Closes: #782859)
  * Debconf configuration script no longer ignores the result of
    upgrade questions (Closes: #779082)
  * Don't display upgrade warnings on new installs (Closes: #782883)

Please see attached debdiff.

Thanks for your work on the release so far!

Cheers,
Dominic.

diff --git a/debian/.git-dpm b/debian/.git-dpm
index aa3a238..d47922f 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-49feddb590758a85ea6aae4a25a560763fa60526
-49feddb590758a85ea6aae4a25a560763fa60526
+779c76c0cb228cbca9ff1e60f3cad08ddfc0cd76
+779c76c0cb228cbca9ff1e60f3cad08ddfc0cd76
 f12b9d1d5307ac50ef9d526ed0c95d5113d7434e
 f12b9d1d5307ac50ef9d526ed0c95d5113d7434e
 ircd-hybrid_8.2.0+dfsg.1.orig.tar.gz
diff --git a/debian/changelog b/debian/changelog
index b2b316e..85b74b0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+ircd-hybrid (1:8.2.0+dfsg.1-2+deb8u1) UNRELEASED; urgency=medium
+
+  * Remove Suggests: hybserv as the package isn't in jessie
+  * Fix a DoS from localhost clients backported from 8.2.6
+    (Closes: #782859)
+  * Debconf configuration script no longer ignores the result of
+    upgrade questions (Closes: #779082)
+  * Don't display upgrade warnings on new installs (Closes: #782883)
+
+ -- Dominic Hargreaves <dom@earth.li>  Sat, 18 Apr 2015 21:19:30 +0100
+
 ircd-hybrid (1:8.2.0+dfsg.1-2) unstable; urgency=medium
 
   * Updated Swedish debconf translation (Closes: #761974)
diff --git a/debian/control b/debian/control
index 1182ee8..ce7c683 100644
--- a/debian/control
+++ b/debian/control
@@ -25,7 +25,6 @@ Pre-Depends: debconf (>= 0.5) | debconf-2.0
 Depends: ${shlibs:Depends}, ${misc:Depends} 
 Provides: ircd
 Recommends: whois
-Suggests: hybserv
 Description: high-performance secure IRC server
  ircd-hybrid is a stable, high-performance IRC server that features:
  .
diff --git a/debian/ircd-hybrid.config.nossl b/debian/ircd-hybrid.config.nossl
index 5b88b4a..912027e 100644
--- a/debian/ircd-hybrid.config.nossl
+++ b/debian/ircd-hybrid.config.nossl
@@ -3,9 +3,10 @@
 set -e
 . /usr/share/debconf/confmodule
 
-if dpkg --compare-versions "$2" lt "1:8.0.9.dfsg.1-2"; then
+if dpkg --compare-versions "$2" lt-nl "1:8.0.9.dfsg.1-2"; then
     db_input high ircd-hybrid/upgrade_no_services_warn || true
     db_go
+    db_get ircd-hybrid/upgrade_no_services_warn || true
     if [ "$RET" = "false" ]; then
         echo "Aborting install";
         db_fset ircd-hybrid/upgrade_no_services_warn seen false
diff --git a/debian/ircd-hybrid.config.ssl b/debian/ircd-hybrid.config.ssl
index 4d88433..22e50c0 100644
--- a/debian/ircd-hybrid.config.ssl
+++ b/debian/ircd-hybrid.config.ssl
@@ -3,9 +3,10 @@
 set -e
 . /usr/share/debconf/confmodule
 
-if dpkg --compare-versions "$2" lt "1:8.0.4.dfsg.1-1"; then
+if dpkg --compare-versions "$2" lt-nl "1:8.0.4.dfsg.1-1"; then
     db_input high ircd-hybrid/upgrade_secure_links_warn || true
     db_go
+    db_get ircd-hybrid/upgrade_secure_links_warn
     if [ "$RET" = "false" ]; then
         echo "Aborting install";
         db_fset ircd-hybrid/upgrade_secure_links_warn seen false
@@ -13,9 +14,10 @@ if dpkg --compare-versions "$2" lt "1:8.0.4.dfsg.1-1"; then
     fi
 fi
 
-if dpkg --compare-versions "$2" lt "1:8.0.9.dfsg.1-2"; then
+if dpkg --compare-versions "$2" lt-nl "1:8.0.9.dfsg.1-2"; then
     db_input high ircd-hybrid/upgrade_no_services_warn || true
     db_go
+    db_get ircd-hybrid/upgrade_no_services_warn || true
     if [ "$RET" = "false" ]; then
         echo "Aborting install";
         db_fset ircd-hybrid/upgrade_no_services_warn seen false
diff --git a/debian/patches/fhs_comply.patch b/debian/patches/fhs_comply.patch
index df8c950..b066894 100644
--- a/debian/patches/fhs_comply.patch
+++ b/debian/patches/fhs_comply.patch
@@ -6,8 +6,8 @@ Subject: Adjust paths for Debian/FHS
 Forwarded: not-needed
 Patch-Name: fhs_comply.patch
 ---
- include/defaults.h |   12 ++++++------
- src/Makefile.am    |    2 +-
+ include/defaults.h | 12 ++++++------
+ src/Makefile.am    |  2 +-
  2 files changed, 7 insertions(+), 7 deletions(-)
 
 diff --git a/include/defaults.h b/include/defaults.h
diff --git a/debian/patches/localhost_dos.patch b/debian/patches/localhost_dos.patch
new file mode 100644
index 0000000..ab0375e
--- /dev/null
+++ b/debian/patches/localhost_dos.patch
@@ -0,0 +1,102 @@
+From 779c76c0cb228cbca9ff1e60f3cad08ddfc0cd76 Mon Sep 17 00:00:00 2001
+From: Dominic Hargreaves <dom@earth.li>
+Date: Sat, 18 Apr 2015 21:33:48 +0100
+Subject: Fix a potential DoS from localhost in src/packet.c
+
+Origin: http://svn.ircd-hybrid.org:8000/viewcvs.cgi/ircd-hybrid/releases/8.2.6/src/packet.c?r1=5346&r2=5412&view=patch
+Patch-Name: localhost_dos.patch
+---
+ src/packet.c | 55 +++++++++++++++++++++----------------------------------
+ 1 file changed, 21 insertions(+), 34 deletions(-)
+
+diff --git a/src/packet.c b/src/packet.c
+index 5189e2c..d9f4f32 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -54,25 +54,13 @@ static void client_dopacket(struct Client *, char *, size_t);
+ static int
+ extract_one_line(struct dbuf_queue *qptr, char *buffer)
+ {
+-  int line_bytes = 0, empty_bytes = 0, phase = 0;
+-  unsigned int idx = 0;
+-  dlink_node *ptr = NULL;
++  int line_bytes = 0, eol_bytes = 0;
++  dlink_node *ptr;
+ 
+-  /*
+-   * Phase 0: "empty" characters before the line
+-   * Phase 1: copying the line
+-   * Phase 2: "empty" characters after the line
+-   *          (delete them as well and free some space in the dbuf)
+-   *
+-   * Empty characters are CR, LF and space (but, of course, not
+-   * in the middle of a line). We try to remove as much of them as we can,
+-   * since they simply eat server memory.
+-   *
+-   * --adx
+-   */
+   DLINK_FOREACH(ptr, qptr->blocks.head)
+   {
+     struct dbuf_block *block = ptr->data;
++    unsigned int idx;
+ 
+     if (ptr == qptr->blocks.head)
+       idx = qptr->pos;
+@@ -83,39 +71,38 @@ extract_one_line(struct dbuf_queue *qptr, char *buffer)
+     {
+       char c = block->data[idx];
+ 
+-      if (IsEol(c) || (c == ' ' && phase != 1))
++      if (IsEol(c))
+       {
+-        ++empty_bytes;
++        ++eol_bytes;
+ 
+-        if (phase == 1)
+-          phase = 2;
+-      }
+-      else switch (phase)
+-      {
+-        case 0: phase = 1;
+-        case 1: if (line_bytes++ < IRCD_BUFSIZE - 2)
+-                  *buffer++ = c;
+-                break;
+-        case 2: *buffer = '\0';
+-                dbuf_delete(qptr, line_bytes + empty_bytes);
+-                return IRCD_MIN(line_bytes, IRCD_BUFSIZE - 2);
++        /* Allow 2 eol bytes per message */
++        if (eol_bytes == 2)
++          goto out;
+       }
++      else if (eol_bytes)
++        goto out;
++      else if (line_bytes++ < IRCD_BUFSIZE - 2)
++        *buffer++ = c;
+     }
+   }
+ 
++out:
++
+   /*
+-   * Now, if we haven't reached phase 2, ignore all line bytes
++   * Now, if we haven't found an EOL, ignore all line bytes
+    * that we have read, since this is a partial line case.
+    */
+-  if (phase != 2)
+-    line_bytes = 0;
+-  else
++  if (eol_bytes)
+     *buffer = '\0';
++  else
++    line_bytes = 0;
+ 
+   /* Remove what is now unnecessary */
+-  dbuf_delete(qptr, line_bytes + empty_bytes);
++  dbuf_delete(qptr, line_bytes + eol_bytes);
++
+   return IRCD_MIN(line_bytes, IRCD_BUFSIZE - 2);
+ }
++
+ /*
+  * parse_client_queued - parse client queued messages
+  */
diff --git a/debian/patches/no_ltdl_build.patch b/debian/patches/no_ltdl_build.patch
index 97348fa..b82766e 100644
--- a/debian/patches/no_ltdl_build.patch
+++ b/debian/patches/no_ltdl_build.patch
@@ -5,7 +5,7 @@ Subject: Don't build bundled libltdl
 
 Patch-Name: no_ltdl_build.patch
 ---
- Makefile.am |    2 +-
+ Makefile.am | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Makefile.am b/Makefile.am
diff --git a/debian/patches/patchlevel_debian.patch b/debian/patches/patchlevel_debian.patch
index e3c6bf6..6d54430 100644
--- a/debian/patches/patchlevel_debian.patch
+++ b/debian/patches/patchlevel_debian.patch
@@ -7,7 +7,7 @@ Forwarded: not-needed
 
 Patch-Name: patchlevel_debian.patch
 ---
- include/patchlevel.h |    1 +
+ include/patchlevel.h | 1 +
  1 file changed, 1 insertion(+)
 
 diff --git a/include/patchlevel.h b/include/patchlevel.h
diff --git a/debian/patches/series b/debian/patches/series
index 369b00c..eeaa432 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 patchlevel_debian.patch
 fhs_comply.patch
 no_ltdl_build.patch
+localhost_dos.patch
diff --git a/src/packet.c b/src/packet.c
index 5189e2c..d9f4f32 100644
--- a/src/packet.c
+++ b/src/packet.c
@@ -54,25 +54,13 @@ static void client_dopacket(struct Client *, char *, size_t);
 static int
 extract_one_line(struct dbuf_queue *qptr, char *buffer)
 {
-  int line_bytes = 0, empty_bytes = 0, phase = 0;
-  unsigned int idx = 0;
-  dlink_node *ptr = NULL;
+  int line_bytes = 0, eol_bytes = 0;
+  dlink_node *ptr;
 
-  /*
-   * Phase 0: "empty" characters before the line
-   * Phase 1: copying the line
-   * Phase 2: "empty" characters after the line
-   *          (delete them as well and free some space in the dbuf)
-   *
-   * Empty characters are CR, LF and space (but, of course, not
-   * in the middle of a line). We try to remove as much of them as we can,
-   * since they simply eat server memory.
-   *
-   * --adx
-   */
   DLINK_FOREACH(ptr, qptr->blocks.head)
   {
     struct dbuf_block *block = ptr->data;
+    unsigned int idx;
 
     if (ptr == qptr->blocks.head)
       idx = qptr->pos;
@@ -83,39 +71,38 @@ extract_one_line(struct dbuf_queue *qptr, char *buffer)
     {
       char c = block->data[idx];
 
-      if (IsEol(c) || (c == ' ' && phase != 1))
+      if (IsEol(c))
       {
-        ++empty_bytes;
+        ++eol_bytes;
 
-        if (phase == 1)
-          phase = 2;
-      }
-      else switch (phase)
-      {
-        case 0: phase = 1;
-        case 1: if (line_bytes++ < IRCD_BUFSIZE - 2)
-                  *buffer++ = c;
-                break;
-        case 2: *buffer = '\0';
-                dbuf_delete(qptr, line_bytes + empty_bytes);
-                return IRCD_MIN(line_bytes, IRCD_BUFSIZE - 2);
+        /* Allow 2 eol bytes per message */
+        if (eol_bytes == 2)
+          goto out;
       }
+      else if (eol_bytes)
+        goto out;
+      else if (line_bytes++ < IRCD_BUFSIZE - 2)
+        *buffer++ = c;
     }
   }
 
+out:
+
   /*
-   * Now, if we haven't reached phase 2, ignore all line bytes
+   * Now, if we haven't found an EOL, ignore all line bytes
    * that we have read, since this is a partial line case.
    */
-  if (phase != 2)
-    line_bytes = 0;
-  else
+  if (eol_bytes)
     *buffer = '\0';
+  else
+    line_bytes = 0;
 
   /* Remove what is now unnecessary */
-  dbuf_delete(qptr, line_bytes + empty_bytes);
+  dbuf_delete(qptr, line_bytes + eol_bytes);
+
   return IRCD_MIN(line_bytes, IRCD_BUFSIZE - 2);
 }
+
 /*
  * parse_client_queued - parse client queued messages
  */

Reply to:

Follow-Ups:
- Processed: Re: Bug#782900: Acknowledgement (jessie-pu: package ircd-hybrid/1:8.2.0+dfsg.1-2+deb8u1)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: kFreeBSD CD/DVD builds for Jessie
Next by Date: Re: kFreeBSD CD/DVD builds for Jessie
Previous by thread: Re: kFreeBSD CD/DVD builds for Jessie
Next by thread: Bug#782900: Acknowledgement (jessie-pu: package ircd-hybrid/1:8.2.0+dfsg.1-2+deb8u1)
Index(es):
- Date
- Thread