[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#782900: marked as done (jessie-pu: package ircd-hybrid/1:8.2.0+dfsg.1-2+deb8u1)

Your message dated Sat, 06 Jun 2015 13:11:11 +0100
with message-id <1433592671.2987.12.camel@adam-barratt.org.uk>
and subject line Fix released with 8.1 point release
has caused the Debian Bug report #782900,
regarding jessie-pu: package ircd-hybrid/1:8.2.0+dfsg.1-2+deb8u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
782900: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782900
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

There are a couple of fixes which didn't quite make it for jessie
but which would be beneficial:

  * Remove Suggests: hybserv as the package isn't in jessie
  * Fix a DoS from localhost clients backported from 8.2.6
    (Closes: #782859)
  * Debconf configuration script no longer ignores the result of
    upgrade questions (Closes: #779082)
  * Don't display upgrade warnings on new installs (Closes: #782883)

Please see attached debdiff.

Thanks for your work on the release so far!

Cheers,
Dominic.

diff --git a/debian/.git-dpm b/debian/.git-dpm
index aa3a238..d47922f 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-49feddb590758a85ea6aae4a25a560763fa60526
-49feddb590758a85ea6aae4a25a560763fa60526
+779c76c0cb228cbca9ff1e60f3cad08ddfc0cd76
+779c76c0cb228cbca9ff1e60f3cad08ddfc0cd76
 f12b9d1d5307ac50ef9d526ed0c95d5113d7434e
 f12b9d1d5307ac50ef9d526ed0c95d5113d7434e
 ircd-hybrid_8.2.0+dfsg.1.orig.tar.gz
diff --git a/debian/changelog b/debian/changelog
index b2b316e..85b74b0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+ircd-hybrid (1:8.2.0+dfsg.1-2+deb8u1) UNRELEASED; urgency=medium
+
+  * Remove Suggests: hybserv as the package isn't in jessie
+  * Fix a DoS from localhost clients backported from 8.2.6
+    (Closes: #782859)
+  * Debconf configuration script no longer ignores the result of
+    upgrade questions (Closes: #779082)
+  * Don't display upgrade warnings on new installs (Closes: #782883)
+
+ -- Dominic Hargreaves <dom@earth.li>  Sat, 18 Apr 2015 21:19:30 +0100
+
 ircd-hybrid (1:8.2.0+dfsg.1-2) unstable; urgency=medium
 
   * Updated Swedish debconf translation (Closes: #761974)
diff --git a/debian/control b/debian/control
index 1182ee8..ce7c683 100644
--- a/debian/control
+++ b/debian/control
@@ -25,7 +25,6 @@ Pre-Depends: debconf (>= 0.5) | debconf-2.0
 Depends: ${shlibs:Depends}, ${misc:Depends} 
 Provides: ircd
 Recommends: whois
-Suggests: hybserv
 Description: high-performance secure IRC server
  ircd-hybrid is a stable, high-performance IRC server that features:
  .
diff --git a/debian/ircd-hybrid.config.nossl b/debian/ircd-hybrid.config.nossl
index 5b88b4a..912027e 100644
--- a/debian/ircd-hybrid.config.nossl
+++ b/debian/ircd-hybrid.config.nossl
@@ -3,9 +3,10 @@
 set -e
 . /usr/share/debconf/confmodule
 
-if dpkg --compare-versions "$2" lt "1:8.0.9.dfsg.1-2"; then
+if dpkg --compare-versions "$2" lt-nl "1:8.0.9.dfsg.1-2"; then
     db_input high ircd-hybrid/upgrade_no_services_warn || true
     db_go
+    db_get ircd-hybrid/upgrade_no_services_warn || true
     if [ "$RET" = "false" ]; then
         echo "Aborting install";
         db_fset ircd-hybrid/upgrade_no_services_warn seen false
diff --git a/debian/ircd-hybrid.config.ssl b/debian/ircd-hybrid.config.ssl
index 4d88433..22e50c0 100644
--- a/debian/ircd-hybrid.config.ssl
+++ b/debian/ircd-hybrid.config.ssl
@@ -3,9 +3,10 @@
 set -e
 . /usr/share/debconf/confmodule
 
-if dpkg --compare-versions "$2" lt "1:8.0.4.dfsg.1-1"; then
+if dpkg --compare-versions "$2" lt-nl "1:8.0.4.dfsg.1-1"; then
     db_input high ircd-hybrid/upgrade_secure_links_warn || true
     db_go
+    db_get ircd-hybrid/upgrade_secure_links_warn
     if [ "$RET" = "false" ]; then
         echo "Aborting install";
         db_fset ircd-hybrid/upgrade_secure_links_warn seen false
@@ -13,9 +14,10 @@ if dpkg --compare-versions "$2" lt "1:8.0.4.dfsg.1-1"; then
     fi
 fi
 
-if dpkg --compare-versions "$2" lt "1:8.0.9.dfsg.1-2"; then
+if dpkg --compare-versions "$2" lt-nl "1:8.0.9.dfsg.1-2"; then
     db_input high ircd-hybrid/upgrade_no_services_warn || true
     db_go
+    db_get ircd-hybrid/upgrade_no_services_warn || true
     if [ "$RET" = "false" ]; then
         echo "Aborting install";
         db_fset ircd-hybrid/upgrade_no_services_warn seen false
diff --git a/debian/patches/fhs_comply.patch b/debian/patches/fhs_comply.patch
index df8c950..b066894 100644
--- a/debian/patches/fhs_comply.patch
+++ b/debian/patches/fhs_comply.patch
@@ -6,8 +6,8 @@ Subject: Adjust paths for Debian/FHS
 Forwarded: not-needed
 Patch-Name: fhs_comply.patch
 ---
- include/defaults.h |   12 ++++++------
- src/Makefile.am    |    2 +-
+ include/defaults.h | 12 ++++++------
+ src/Makefile.am    |  2 +-
  2 files changed, 7 insertions(+), 7 deletions(-)
 
 diff --git a/include/defaults.h b/include/defaults.h
diff --git a/debian/patches/localhost_dos.patch b/debian/patches/localhost_dos.patch
new file mode 100644
index 0000000..ab0375e
--- /dev/null
+++ b/debian/patches/localhost_dos.patch
@@ -0,0 +1,102 @@
+From 779c76c0cb228cbca9ff1e60f3cad08ddfc0cd76 Mon Sep 17 00:00:00 2001
+From: Dominic Hargreaves <dom@earth.li>
+Date: Sat, 18 Apr 2015 21:33:48 +0100
+Subject: Fix a potential DoS from localhost in src/packet.c
+
+Origin: http://svn.ircd-hybrid.org:8000/viewcvs.cgi/ircd-hybrid/releases/8.2.6/src/packet.c?r1=5346&r2=5412&view=patch
+Patch-Name: localhost_dos.patch
+---
+ src/packet.c | 55 +++++++++++++++++++++----------------------------------
+ 1 file changed, 21 insertions(+), 34 deletions(-)
+
+diff --git a/src/packet.c b/src/packet.c
+index 5189e2c..d9f4f32 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -54,25 +54,13 @@ static void client_dopacket(struct Client *, char *, size_t);
+ static int
+ extract_one_line(struct dbuf_queue *qptr, char *buffer)
+ {
+-  int line_bytes = 0, empty_bytes = 0, phase = 0;
+-  unsigned int idx = 0;
+-  dlink_node *ptr = NULL;
++  int line_bytes = 0, eol_bytes = 0;
++  dlink_node *ptr;
+ 
+-  /*
+-   * Phase 0: "empty" characters before the line
+-   * Phase 1: copying the line
+-   * Phase 2: "empty" characters after the line
+-   *          (delete them as well and free some space in the dbuf)
+-   *
+-   * Empty characters are CR, LF and space (but, of course, not
+-   * in the middle of a line). We try to remove as much of them as we can,
+-   * since they simply eat server memory.
+-   *
+-   * --adx
+-   */
+   DLINK_FOREACH(ptr, qptr->blocks.head)
+   {
+     struct dbuf_block *block = ptr->data;
++    unsigned int idx;
+ 
+     if (ptr == qptr->blocks.head)
+       idx = qptr->pos;
+@@ -83,39 +71,38 @@ extract_one_line(struct dbuf_queue *qptr, char *buffer)
+     {
+       char c = block->data[idx];
+ 
+-      if (IsEol(c) || (c == ' ' && phase != 1))
++      if (IsEol(c))
+       {
+-        ++empty_bytes;
++        ++eol_bytes;
+ 
+-        if (phase == 1)
+-          phase = 2;
+-      }
+-      else switch (phase)
+-      {
+-        case 0: phase = 1;
+-        case 1: if (line_bytes++ < IRCD_BUFSIZE - 2)
+-                  *buffer++ = c;
+-                break;
+-        case 2: *buffer = '\0';
+-                dbuf_delete(qptr, line_bytes + empty_bytes);
+-                return IRCD_MIN(line_bytes, IRCD_BUFSIZE - 2);
++        /* Allow 2 eol bytes per message */
++        if (eol_bytes == 2)
++          goto out;
+       }
++      else if (eol_bytes)
++        goto out;
++      else if (line_bytes++ < IRCD_BUFSIZE - 2)
++        *buffer++ = c;
+     }
+   }
+ 
++out:
++
+   /*
+-   * Now, if we haven't reached phase 2, ignore all line bytes
++   * Now, if we haven't found an EOL, ignore all line bytes
+    * that we have read, since this is a partial line case.
+    */
+-  if (phase != 2)
+-    line_bytes = 0;
+-  else
++  if (eol_bytes)
+     *buffer = '\0';
++  else
++    line_bytes = 0;
+ 
+   /* Remove what is now unnecessary */
+-  dbuf_delete(qptr, line_bytes + empty_bytes);
++  dbuf_delete(qptr, line_bytes + eol_bytes);
++
+   return IRCD_MIN(line_bytes, IRCD_BUFSIZE - 2);
+ }
++
+ /*
+  * parse_client_queued - parse client queued messages
+  */
diff --git a/debian/patches/no_ltdl_build.patch b/debian/patches/no_ltdl_build.patch
index 97348fa..b82766e 100644
--- a/debian/patches/no_ltdl_build.patch
+++ b/debian/patches/no_ltdl_build.patch
@@ -5,7 +5,7 @@ Subject: Don't build bundled libltdl
 
 Patch-Name: no_ltdl_build.patch
 ---
- Makefile.am |    2 +-
+ Makefile.am | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Makefile.am b/Makefile.am
diff --git a/debian/patches/patchlevel_debian.patch b/debian/patches/patchlevel_debian.patch
index e3c6bf6..6d54430 100644
--- a/debian/patches/patchlevel_debian.patch
+++ b/debian/patches/patchlevel_debian.patch
@@ -7,7 +7,7 @@ Forwarded: not-needed
 
 Patch-Name: patchlevel_debian.patch
 ---
- include/patchlevel.h |    1 +
+ include/patchlevel.h | 1 +
  1 file changed, 1 insertion(+)
 
 diff --git a/include/patchlevel.h b/include/patchlevel.h
diff --git a/debian/patches/series b/debian/patches/series
index 369b00c..eeaa432 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 patchlevel_debian.patch
 fhs_comply.patch
 no_ltdl_build.patch
+localhost_dos.patch
diff --git a/src/packet.c b/src/packet.c
index 5189e2c..d9f4f32 100644
--- a/src/packet.c
+++ b/src/packet.c
@@ -54,25 +54,13 @@ static void client_dopacket(struct Client *, char *, size_t);
 static int
 extract_one_line(struct dbuf_queue *qptr, char *buffer)
 {
-  int line_bytes = 0, empty_bytes = 0, phase = 0;
-  unsigned int idx = 0;
-  dlink_node *ptr = NULL;
+  int line_bytes = 0, eol_bytes = 0;
+  dlink_node *ptr;
 
-  /*
-   * Phase 0: "empty" characters before the line
-   * Phase 1: copying the line
-   * Phase 2: "empty" characters after the line
-   *          (delete them as well and free some space in the dbuf)
-   *
-   * Empty characters are CR, LF and space (but, of course, not
-   * in the middle of a line). We try to remove as much of them as we can,
-   * since they simply eat server memory.
-   *
-   * --adx
-   */
   DLINK_FOREACH(ptr, qptr->blocks.head)
   {
     struct dbuf_block *block = ptr->data;
+    unsigned int idx;
 
     if (ptr == qptr->blocks.head)
       idx = qptr->pos;
@@ -83,39 +71,38 @@ extract_one_line(struct dbuf_queue *qptr, char *buffer)
     {
       char c = block->data[idx];
 
-      if (IsEol(c) || (c == ' ' && phase != 1))
+      if (IsEol(c))
       {
-        ++empty_bytes;
+        ++eol_bytes;
 
-        if (phase == 1)
-          phase = 2;
-      }
-      else switch (phase)
-      {
-        case 0: phase = 1;
-        case 1: if (line_bytes++ < IRCD_BUFSIZE - 2)
-                  *buffer++ = c;
-                break;
-        case 2: *buffer = '\0';
-                dbuf_delete(qptr, line_bytes + empty_bytes);
-                return IRCD_MIN(line_bytes, IRCD_BUFSIZE - 2);
+        /* Allow 2 eol bytes per message */
+        if (eol_bytes == 2)
+          goto out;
       }
+      else if (eol_bytes)
+        goto out;
+      else if (line_bytes++ < IRCD_BUFSIZE - 2)
+        *buffer++ = c;
     }
   }
 
+out:
+
   /*
-   * Now, if we haven't reached phase 2, ignore all line bytes
+   * Now, if we haven't found an EOL, ignore all line bytes
    * that we have read, since this is a partial line case.
    */
-  if (phase != 2)
-    line_bytes = 0;
-  else
+  if (eol_bytes)
     *buffer = '\0';
+  else
+    line_bytes = 0;
 
   /* Remove what is now unnecessary */
-  dbuf_delete(qptr, line_bytes + empty_bytes);
+  dbuf_delete(qptr, line_bytes + eol_bytes);
+
   return IRCD_MIN(line_bytes, IRCD_BUFSIZE - 2);
 }
+
 /*
  * parse_client_queued - parse client queued messages
  */

--- End Message ---
--- Begin Message --- 
Version: 8.1

Hi,

The fix discussed in this bug was released to stable as part of the 8.1
point release earlier today.

Regards,

Adam

--- End Message ---
Reply to: