[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#861610: marked as done (unblock: shadowsocks-libev/2.6.3+ds-3)



Your message dated Mon, 01 May 2017 16:53:00 +0000
with message-id <f0b0b7d2-d506-584b-6dc3-f187484601ab@thykier.net>
and subject line Re: Bug#861610: unblock: shadowsocks-libev/2.6.3+ds-3
has caused the Debian Bug report #861610,
regarding unblock: shadowsocks-libev/2.6.3+ds-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
861610: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861610
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package shadowsocks-libev

This release includes a few fixes from upstream:
 - Fix manpage docs.
 - Update ACL list (remove one line).
 - Two patches to fix out of bound access issue.

Enclosed is the debdiff from 2.6.3+ds-2 (in testing) to 2.6.3+ds-3 (in
sid).

unblock shadowsocks-libev/2.6.3+ds-3

Thanks and looking forward to the stretch release ahead!

Cheers,
--
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 4096R/6C6ACD6417B3ACB1
diff -Nru shadowsocks-libev-2.6.3+ds/debian/changelog shadowsocks-libev-2.6.3+ds/debian/changelog
--- shadowsocks-libev-2.6.3+ds/debian/changelog	2017-04-04 21:48:26.000000000 +0900
+++ shadowsocks-libev-2.6.3+ds/debian/changelog	2017-04-20 22:44:32.000000000 +0900
@@ -1,3 +1,14 @@
+shadowsocks-libev (2.6.3+ds-3) unstable; urgency=medium
+
+  * debian/patches:
+    - Backport a few patches from upstream:
+      + Fix Upstream BTS#1210 (again):
+        Update doc (manpages) to fix typos. Thanks to Simon Shi.
+      + Update ACL list, Upstream BTS#1394.
+      + Fix two potential out of bound access, Upstream BTS#1465.
+
+ -- Roger Shimizu <rogershimizu@gmail.com>  Thu, 20 Apr 2017 22:44:32 +0900
+
 shadowsocks-libev (2.6.3+ds-2) unstable; urgency=medium
 
   * debian/patches:
diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch
--- shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch	2017-04-04 21:48:26.000000000 +0900
+++ shadowsocks-libev-2.6.3+ds/debian/patches/backport/0010-Fix-typo-1210.patch	2017-04-20 22:02:31.000000000 +0900
@@ -7,11 +7,14 @@
 * Update ss-redir.asciidoc
 
 * Update ss-server.asciidoc
+
+* Update ss-tunnel.asciidoc
 ---
  doc/ss-local.asciidoc  | 4 ++--
  doc/ss-redir.asciidoc  | 2 +-
  doc/ss-server.asciidoc | 4 ++--
- 3 files changed, 5 insertions(+), 5 deletions(-)
+ doc/ss-tunnel.asciidoc | 4 ++--
+ 4 files changed, 7 insertions(+), 7 deletions(-)
 
 diff --git a/doc/ss-local.asciidoc b/doc/ss-local.asciidoc
 index a1f2b0f..468d67e 100644
@@ -57,5 +60,21 @@
 - [--plugin <plugin_name>] [--plugin_opts <plugin_options]
 + [--plugin <plugin_name>] [--plugin_opts <plugin_options>]
  
+ DESCRIPTION
+ -----------
+diff --git a/doc/ss-tunnel.asciidoc b/doc/ss-tunnel.asciidoc
+index ffd6ed8..754707f 100644
+--- a/doc/ss-tunnel.asciidoc
++++ b/doc/ss-tunnel.asciidoc
+@@ -12,9 +12,9 @@ SYNOPSIS
+  [-s <server_host>] [-p <server_port>] [-l <local_port>]
+  [-k <password>] [-m <encrypt_method>] [-f <pid_file>]
+  [-t <timeout>] [-c <config_file>] [-i <interface>]
+- [-b <local_addr>] [-a <user_name>] [-n <nofile>]
++ [-b <local_address>] [-a <user_name>] [-n <nofile>]
+  [-L addr:port] [--mtu <MTU>]
+- [--plugin <plugin_name>] [--plugin_opts <plugin_options]
++ [--plugin <plugin_name>] [--plugin_opts <plugin_options>]
+ 
  DESCRIPTION
  -----------
diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch
--- shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch	1970-01-01 09:00:00.000000000 +0900
+++ shadowsocks-libev-2.6.3+ds/debian/patches/backport/0011-Update-gfwlist.acl.patch	2017-04-20 22:02:31.000000000 +0900
@@ -0,0 +1,21 @@
+From: Heiybb <hf.heiybb@gmail.com>
+Date: Thu, 23 Mar 2017 11:19:12 +0800
+Subject: Update gfwlist.acl
+
+V2EX has already registered an ICP license and can be visited normally in CHINA
+---
+ acl/gfwlist.acl | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/acl/gfwlist.acl b/acl/gfwlist.acl
+index d732ae4..03b32bb 100644
+--- a/acl/gfwlist.acl
++++ b/acl/gfwlist.acl
+@@ -398,7 +398,6 @@
+ (^|\.)zynamics\.com$
+ (^|\.)kat\.cr$
+ (^|\.)naughtyamerica\.com$
+-(^|\.)v2ex\.com$
+ (^|\.)0to255\.com$
+ (^|\.)100ke\.org$
+ (^|\.)1000giri\.net$
diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch
--- shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch	1970-01-01 09:00:00.000000000 +0900
+++ shadowsocks-libev-2.6.3+ds/debian/patches/backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch	2017-04-20 22:02:31.000000000 +0900
@@ -0,0 +1,22 @@
+From: Max Lv <max.c.lv@gmail.com>
+Date: Wed, 19 Apr 2017 12:16:41 +0800
+Subject: Fix a potential out of bound access. #1465
+
+---
+ src/server.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/server.c b/src/server.c
+index 588fb46..e868504 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -1129,8 +1129,7 @@ server_resolve_cb(struct sockaddr *addr, void *data)
+ 
+             // XXX: should handle buffer carefully
+             if (server->buf->len > 0) {
+-                memcpy(remote->buf->data, server->buf->data + server->buf->idx,
+-                       server->buf->len);
++                memcpy(remote->buf->data, server->buf->data, server->buf->len);
+                 remote->buf->len = server->buf->len;
+                 remote->buf->idx = 0;
+                 server->buf->len = 0;
diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch shadowsocks-libev-2.6.3+ds/debian/patches/backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch
--- shadowsocks-libev-2.6.3+ds/debian/patches/backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch	1970-01-01 09:00:00.000000000 +0900
+++ shadowsocks-libev-2.6.3+ds/debian/patches/backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch	2017-04-20 22:02:31.000000000 +0900
@@ -0,0 +1,69 @@
+From: Max Lv <max.c.lv@gmail.com>
+Date: Wed, 19 Apr 2017 12:46:59 +0800
+Subject: Fix another potential out of bound access. #1465
+
+---
+ src/server.c | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/src/server.c b/src/server.c
+index e868504..cf524f7 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -551,7 +551,7 @@ connect_to_remote(EV_P_ struct addrinfo *res,
+         endpoints.sae_dstaddrlen = res->ai_addrlen;
+ 
+         struct iovec iov;
+-        iov.iov_base = server->buf->data + server->buf->idx;
++        iov.iov_base = server->buf->data;
+         iov.iov_len  = server->buf->len;
+         size_t len;
+         int s = connectx(sockfd, &endpoints, SAE_ASSOCID_ANY, CONNECT_DATA_IDEMPOTENT,
+@@ -560,9 +560,8 @@ connect_to_remote(EV_P_ struct addrinfo *res,
+             s = len;
+         }
+ #else
+-        ssize_t s = sendto(sockfd, server->buf->data + server->buf->idx,
+-                           server->buf->len, MSG_FASTOPEN, res->ai_addr,
+-                           res->ai_addrlen);
++        ssize_t s = sendto(sockfd, server->buf->data, server->buf->len,
++                MSG_FASTOPEN, res->ai_addr, res->ai_addrlen);
+ #endif
+         if (s == -1) {
+             if (errno == CONNECT_IN_PROGRESS || errno == EAGAIN
+@@ -577,12 +576,9 @@ connect_to_remote(EV_P_ struct addrinfo *res,
+             } else {
+                 ERROR("sendto");
+             }
+-        } else if (s <= server->buf->len) {
++        } else {
+             server->buf->idx += s;
+             server->buf->len -= s;
+-        } else {
+-            server->buf->idx = 0;
+-            server->buf->len = 0;
+         }
+     }
+ #endif
+@@ -964,7 +960,9 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
+ 
+                 // XXX: should handle buffer carefully
+                 if (server->buf->len > 0) {
+-                    memcpy(remote->buf->data, server->buf->data, server->buf->len);
++                    brealloc(remote->buf, server->buf->len, BUF_SIZE);
++                    memcpy(remote->buf->data, server->buf->data + server->buf->idx,
++                            server->buf->len);
+                     remote->buf->len = server->buf->len;
+                     remote->buf->idx = 0;
+                     server->buf->len = 0;
+@@ -1129,7 +1127,9 @@ server_resolve_cb(struct sockaddr *addr, void *data)
+ 
+             // XXX: should handle buffer carefully
+             if (server->buf->len > 0) {
+-                memcpy(remote->buf->data, server->buf->data, server->buf->len);
++                brealloc(remote->buf, server->buf->len, BUF_SIZE);
++                memcpy(remote->buf->data, server->buf->data + server->buf->idx,
++                        server->buf->len);
+                 remote->buf->len = server->buf->len;
+                 remote->buf->idx = 0;
+                 server->buf->len = 0;
diff -Nru shadowsocks-libev-2.6.3+ds/debian/patches/series shadowsocks-libev-2.6.3+ds/debian/patches/series
--- shadowsocks-libev-2.6.3+ds/debian/patches/series	2017-04-04 21:48:26.000000000 +0900
+++ shadowsocks-libev-2.6.3+ds/debian/patches/series	2017-04-20 22:02:31.000000000 +0900
@@ -8,3 +8,6 @@
 backport/0008-Refine-1133-second-time-1136.patch
 backport/0009-Fix-1148.patch
 backport/0010-Fix-typo-1210.patch
+backport/0011-Update-gfwlist.acl.patch
+backport/0012-Fix-a-potential-out-of-bound-access.-1465.patch
+backport/0013-Fix-another-potential-out-of-bound-access.-1465.patch

--- End Message ---
--- Begin Message ---
Roger Shimizu:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package shadowsocks-libev
> 
> This release includes a few fixes from upstream:
>  - Fix manpage docs.
>  - Update ACL list (remove one line).
>  - Two patches to fix out of bound access issue.
> 
> Enclosed is the debdiff from 2.6.3+ds-2 (in testing) to 2.6.3+ds-3 (in
> sid).
> 
> unblock shadowsocks-libev/2.6.3+ds-3
> 
> Thanks and looking forward to the stretch release ahead!
> 
> Cheers,
> --
> Roger Shimizu, GMT +9 Tokyo
> PGP/GPG: 4096R/6C6ACD6417B3ACB1
> 

Unblocked, thanks.

~Niels

--- End Message ---

Reply to: