[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#861610: unblock: shadowsocks-libev/2.6.3+ds-3

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package shadowsocks-libev

This release includes a few fixes from upstream:
 - Fix manpage docs.
 - Update ACL list (remove one line).
 - Two patches to fix out of bound access issue.

Enclosed is the debdiff from 2.6.3+ds-2 (in testing) to 2.6.3+ds-3 (in
sid).

unblock shadowsocks-libev/2.6.3+ds-3

Thanks and looking forward to the stretch release ahead!

Cheers,
--
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 4096R/6C6ACD6417B3ACB1

diff -Nru shadowsocks-libev-2.6.3+ds/debian/changelog shadowsocks-libev-2.6.3+ds/debian/changelog
--- shadowsocks-libev-2.6.3+ds/debian/changelog	2017-04-04 21:48:26.000000000 +0900
+++ shadowsocks-libev-2.6.3+ds/debian/changelog	2017-04-20 22:44:32.000000000 +0900
@@ -1,3 +1,14 @@
+shadowsocks-libev (2.6.3+ds-3) unstable; urgency=medium
+
+  * debian/patches:
+    - Backport a few patches from upstream:
+      + Fix Upstream BTS#1210 (again):
+        Update doc (manpages) to fix typos. Thanks to Simon Shi.
+      + Update ACL list, Upstream BTS#1394.
+      + Fix two potential out of bound access, Upstream BTS#1465.
+
+ -- Roger Shimizu <rogershimizu@gmail.com>  Thu, 20 Apr 2017 22:44:32 +0900
+
 shadowsocks-libev (2.6.3+ds-2) unstable; urgency=medium
 
   * debian/patches:
diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch
--- shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch	2017-04-04 21:48:26.000000000 +0900
+++ shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch	2017-04-20 22:02:31.000000000 +0900
@@ -7,11 +7,14 @@
 * Update ss-redir.asciidoc
 
 * Update ss-server.asciidoc
+
+* Update ss-tunnel.asciidoc
 ---
  doc/ss-local.asciidoc  | 4 ++--
  doc/ss-redir.asciidoc  | 2 +-
  doc/ss-server.asciidoc | 4 ++--
- 3 files changed, 5 insertions(+), 5 deletions(-)
+ doc/ss-tunnel.asciidoc | 4 ++--
+ 4 files changed, 7 insertions(+), 7 deletions(-)
 
 diff --git a/doc/ss-local.asciidoc b/doc/ss-local.asciidoc
 index a1f2b0f..468d67e 100644
@@ -57,5 +60,21 @@
 - [--plugin <plugin_name>] [--plugin_opts <plugin_options]
 + [--plugin <plugin_name>] [--plugin_opts <plugin_options>]
  
+ DESCRIPTION
+ -----------
+diff --git a/doc/ss-tunnel.asciidoc b/doc/ss-tunnel.asciidoc
+index ffd6ed8..754707f 100644
+--- a/doc/ss-tunnel.asciidoc
++++ b/doc/ss-tunnel.asciidoc
+@@ -12,9 +12,9 @@ SYNOPSIS
+  [-s <server_host>] [-p <server_port>] [-l <local_port>]
+  [-k <password>] [-m <encrypt_method>] [-f <pid_file>]
+  [-t <timeout>] [-c <config_file>] [-i <interface>]
+- [-b <local_addr>] [-a <user_name>] [-n <nofile>]
++ [-b <local_address>] [-a <user_name>] [-n <nofile>]
+  [-L addr:port] [--mtu <MTU>]
+- [--plugin <plugin_name>] [--plugin_opts <plugin_options]
++ [--plugin <plugin_name>] [--plugin_opts <plugin_options>]
+ 
  DESCRIPTION
  -----------
diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch
--- shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch	1970-01-01 09:00:00.000000000 +0900
+++ shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch	2017-04-20 22:02:31.000000000 +0900
@@ -0,0 +1,21 @@
+From: Heiybb <hf.heiybb@gmail.com>
+Date: Thu, 23 Mar 2017 11:19:12 +0800
+Subject: Update gfwlist.acl
+
+V2EX has already registered an ICP license and can be visited normally in CHINA
+---
+ acl/gfwlist.acl | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/acl/gfwlist.acl b/acl/gfwlist.acl
+index d732ae4..03b32bb 100644
+--- a/acl/gfwlist.acl
++++ b/acl/gfwlist.acl
+@@ -398,7 +398,6 @@
+ (^|\.)zynamics\.com$
+ (^|\.)kat\.cr$
+ (^|\.)naughtyamerica\.com$
+-(^|\.)v2ex\.com$
+ (^|\.)0to255\.com$
+ (^|\.)100ke\.org$
+ (^|\.)1000giri\.net$
diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch
--- shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch	1970-01-01 09:00:00.000000000 +0900
+++ shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch	2017-04-20 22:02:31.000000000 +0900
@@ -0,0 +1,22 @@
+From: Max Lv <max.c.lv@gmail.com>
+Date: Wed, 19 Apr 2017 12:16:41 +0800
+Subject: Fix a potential out of bound access. #1465
+
+---
+ src/server.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/server.c b/src/server.c
+index 588fb46..e868504 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -1129,8 +1129,7 @@ server_resolve_cb(struct sockaddr *addr, void *data)
+ 
+             // XXX: should handle buffer carefully
+             if (server->buf->len > 0) {
+-                memcpy(remote->buf->data, server->buf->data + server->buf->idx,
+-                       server->buf->len);
++                memcpy(remote->buf->data, server->buf->data, server->buf->len);
+                 remote->buf->len = server->buf->len;
+                 remote->buf->idx = 0;
+                 server->buf->len = 0;
diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch shadowsocks-libev-2.6.3+ds/debian/patches/backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch
--- shadowsocks-libev-2.6.3+ds/debian/patches/backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch	1970-01-01 09:00:00.000000000 +0900
+++ shadowsocks-libev-2.6.3+ds/debian/patches/backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch	2017-04-20 22:02:31.000000000 +0900
@@ -0,0 +1,69 @@
+From: Max Lv <max.c.lv@gmail.com>
+Date: Wed, 19 Apr 2017 12:46:59 +0800
+Subject: Fix another potential out of bound access. #1465
+
+---
+ src/server.c | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/src/server.c b/src/server.c
+index e868504..cf524f7 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -551,7 +551,7 @@ connect_to_remote(EV_P_ struct addrinfo *res,
+         endpoints.sae_dstaddrlen = res->ai_addrlen;
+ 
+         struct iovec iov;
+-        iov.iov_base = server->buf->data + server->buf->idx;
++        iov.iov_base = server->buf->data;
+         iov.iov_len  = server->buf->len;
+         size_t len;
+         int s = connectx(sockfd, &endpoints, SAE_ASSOCID_ANY, CONNECT_DATA_IDEMPOTENT,
+@@ -560,9 +560,8 @@ connect_to_remote(EV_P_ struct addrinfo *res,
+             s = len;
+         }
+ #else
+-        ssize_t s = sendto(sockfd, server->buf->data + server->buf->idx,
+-                           server->buf->len, MSG_FASTOPEN, res->ai_addr,
+-                           res->ai_addrlen);
++        ssize_t s = sendto(sockfd, server->buf->data, server->buf->len,
++                MSG_FASTOPEN, res->ai_addr, res->ai_addrlen);
+ #endif
+         if (s == -1) {
+             if (errno == CONNECT_IN_PROGRESS || errno == EAGAIN
+@@ -577,12 +576,9 @@ connect_to_remote(EV_P_ struct addrinfo *res,
+             } else {
+                 ERROR("sendto");
+             }
+-        } else if (s <= server->buf->len) {
++        } else {
+             server->buf->idx += s;
+             server->buf->len -= s;
+-        } else {
+-            server->buf->idx = 0;
+-            server->buf->len = 0;
+         }
+     }
+ #endif
+@@ -964,7 +960,9 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
+ 
+                 // XXX: should handle buffer carefully
+                 if (server->buf->len > 0) {
+-                    memcpy(remote->buf->data, server->buf->data, server->buf->len);
++                    brealloc(remote->buf, server->buf->len, BUF_SIZE);
++                    memcpy(remote->buf->data, server->buf->data + server->buf->idx,
++                            server->buf->len);
+                     remote->buf->len = server->buf->len;
+                     remote->buf->idx = 0;
+                     server->buf->len = 0;
+@@ -1129,7 +1127,9 @@ server_resolve_cb(struct sockaddr *addr, void *data)
+ 
+             // XXX: should handle buffer carefully
+             if (server->buf->len > 0) {
+-                memcpy(remote->buf->data, server->buf->data, server->buf->len);
++                brealloc(remote->buf, server->buf->len, BUF_SIZE);
++                memcpy(remote->buf->data, server->buf->data + server->buf->idx,
++                        server->buf->len);
+                 remote->buf->len = server->buf->len;
+                 remote->buf->idx = 0;
+                 server->buf->len = 0;
diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/series shadowsocks-libev-2.6.3+ds/debian/patches/series
--- shadowsocks-libev-2.6.3+ds/debian/patches/series	2017-04-04 21:48:26.000000000 +0900
+++ shadowsocks-libev-2.6.3+ds/debian/patches/series	2017-04-20 22:02:31.000000000 +0900
@@ -8,3 +8,6 @@
 backport/0008-Refine-1133-second-time-1136.patch
 backport/0009-Fix-1148.patch
 backport/0010-Fix-typo-1210.patch
+backport/0011-Update-gfwlist.acl.patch
+backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch
+backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch
Reply to: