[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#790060: jessie-pu: nbd update?

On Sun, Jul 19, 2015 at 04:29:30PM +0200, Julien Cristau wrote:
> On Sun, Jul 19, 2015 at 14:37:57 +0200, Wouter Verhelst wrote:
> 
> > On Sat, Jul 18, 2015 at 02:59:08PM +0100, Adam D. Barratt wrote:
> > > On Sat, 2015-07-18 at 15:33 +0200, Wouter Verhelst wrote:
> > > > On Sat, Jul 18, 2015 at 12:07:13PM +0100, Adam D. Barratt wrote:
> > > > > That's much bigger than I was expecting given your description, and I'm
> > > > > not sure all of the changes were intended to be included.
> > > > 
> > > > Crap. I fucked up again. Can you reject that, or is it too late?
> > > 
> > > No problem. There's a gateway policy queue (slightly incorrectly
> > > referred to as "stable-new") in front of proposed-updates which we have
> > > to accept or reject packages from before they hit p-u.
> > > 
> > > I've flagged the upload for rejection but unfortunately just missed the
> > > start of the 13:52 dinstall, so it will need to wait until after that
> > > for dak to notice.
> > 
> > Thanks.
> > 
> > If you don't want me to immediately upload, what do you want me to do
> > instead?
> > 
> Send us the proposed (source) debdiff.

Attached.

-- 
It is easy to love a country that is famous for chocolate and beer

  -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26

diff -u nbd-3.8/debian/changelog nbd-3.8/debian/changelog
--- nbd-3.8/debian/changelog
+++ nbd-3.8/debian/changelog
@@ -1,3 +1,10 @@
+nbd (1:3.8-4+deb8u2) jessie; urgency=low
+
+  * Cherry-pick two commits from 3.10 to fix authfile parsing.
+    Closes: #785727.
+
+ -- Wouter Verhelst <wouter@debian.org>  Fri, 17 Jul 2015 21:52:40 +0200
+
 nbd (1:3.8-4+deb8u1) jessie-security; urgency=medium
 
   * Add fix for CVE-2015-0847. Closes: #784657.
only in patch2:
unchanged:
--- nbd-3.8.orig/nbdsrv.c
+++ nbd-3.8/nbdsrv.c
@@ -21,14 +21,14 @@
 
 #include <cliserv.h>
 
-bool address_matches(const char* mask, const void* addr, int af, GError** err) {
+bool address_matches(const char* mask, const struct sockaddr* addr, GError** err) {
 	struct addrinfo *res, *aitmp, hints;
 	char *masksep;
 	char privmask[strlen(mask)+1];
 	int masklen;
-	int addrlen = af == AF_INET ? 4 : 16;
+	int addrlen = addr->sa_family == AF_INET ? 4 : 16;
 
-	assert(af == AF_INET || af == AF_INET6);
+	assert(addr->sa_family == AF_INET || addr->sa_family == AF_INET6);
 
 	strcpy(privmask, mask);
 
@@ -50,18 +50,20 @@
 	}
 	aitmp = res;
 	while(res) {
-		const uint8_t* byte_s = addr;
+		const uint8_t* byte_s;
 		uint8_t* byte_t;
 		uint8_t mask = 0;
 		int len_left = masklen;
-		if(res->ai_family != af) {
+		if(res->ai_family != addr->sa_family) {
 			goto next;
 		}
-		switch(af) {
+		switch(addr->sa_family) {
 			case AF_INET:
+				byte_s = (const uint8_t*)(&(((struct sockaddr_in*)addr)->sin_addr));
 				byte_t = (uint8_t*)(&(((struct sockaddr_in*)(res->ai_addr))->sin_addr));
 				break;
 			case AF_INET6:
+				byte_s = (const uint8_t*)(&(((struct sockaddr_in6*)addr)->sin6_addr));
 				byte_t = (uint8_t*)(&(((struct sockaddr_in6*)(res->ai_addr))->sin6_addr));
 				break;
 		}
@@ -129,8 +131,7 @@
 		if(!(*pos)) {
 			continue;
 		}
-		struct sockaddr* sa = (struct sockaddr*)&opts->clientaddr;
-		if(address_matches(line, sa->sa_data, sa->sa_family, NULL)) {
+		if(address_matches(line, (struct sockaddr*)&opts->clientaddr, NULL)) {
 			fclose(f);
 			return 1;
 		}
only in patch2:
unchanged:
--- nbd-3.8.orig/nbdsrv.h
+++ nbd-3.8/nbdsrv.h
@@ -123,14 +123,13 @@
   * Check whether a given address matches a given netmask.
   *
   * @param mask the address or netmask to check against, in ASCII representation
-  * @param addr the address to check, in network byte order
-  * @param af the address family of the passed address (AF_INET or AF_INET6)
+  * @param addr the address to check
   *
   * @return true if the address matches the mask, false otherwise; in case of
   * failure to parse netmask, returns false with err set appropriately.
   * @todo decide what to do with v6-mapped IPv4 addresses.
   */
-bool address_matches(const char* mask, const void* addr, int af, GError** err);
+bool address_matches(const char* mask, const struct sockaddr* addr, GError** err);
 
 /**
   * Gets a byte to allow for address masking.
only in patch2:
unchanged:
--- nbd-3.8.orig/tests/code/clientacl.c
+++ nbd-3.8/tests/code/clientacl.c
@@ -31,7 +31,7 @@
 					   &(((struct sockaddr_in*)res->ai_addr)->sin_addr),
 					       buf,
 					       res->ai_addrlen));
-		if(address_matches(netmask, &(((struct sockaddr_in*)res->ai_addr)->sin_addr), res->ai_family, NULL)) {
+		if(address_matches(netmask, (struct sockaddr_in*)res->ai_addr, NULL)) {
 			printf("Yes!\n");
 			freeaddrinfo(tmp);
 			return true;
Reply to: