[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#861800: marked as done (unblock: hydra/8.3-3)

Your message dated Sun, 07 May 2017 16:30:00 +0000
with message-id <fdb3f457-907c-0544-1702-1d6b83fa328d@thykier.net>
and subject line Re: Bug#861800: unblock: hydra/8.3-3
has caused the Debian Bug report #861800,
regarding unblock: hydra/8.3-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
861800: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861800
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi,

Please unblock package hydra.  The updated package fixes a problem
observed on amd64: Restoring a session using `hydra -R` will sometimes
cause all forked processes to die with a "double free or corruption"
error.

The newly included patch (also merged by upstream) allocates the
required size to store pointers (which is not generally sizeof(int))
correctly, fixing the bug described above.  The patch is quite small
(only changes three lines) and fixes Debian bug #861058 which has
severity important.  The upload also includes a minor update to the man
page.

The changelog entry is:

hydra (8.3-3) unstable; urgency=medium

  * Team upload.

  [ Gianfranco Costamagna ]
  * Fix newline in manpage (Closes: #853807)

  [ Lukas Schwaighofer ]
  * Allocate required pointer size correctly.  This fixes an issue with
    session restore (`hydra -R`) causing the forked hydra processes to die
    with a "double free or corruption" error. (Closes: #861058)

 -- Lukas Schwaighofer <lukas@schwaighofer.name>  Wed, 03 May 2017 19:06:30 +0200

The source debdiff between the versions 8.3-2 and 8.3-3 is attached.

Thank you
Lukas Schwaighofer


unblock hydra/8.3-3

diff -Nru hydra-8.3/debian/changelog hydra-8.3/debian/changelog
--- hydra-8.3/debian/changelog	2016-11-27 17:17:26.000000000 +0100
+++ hydra-8.3/debian/changelog	2017-05-03 20:47:26.000000000 +0200
@@ -1,3 +1,17 @@
+hydra (8.3-3) unstable; urgency=medium
+
+  * Team upload.
+
+  [ Gianfranco Costamagna ]
+  * Fix newline in manpage (Closes: #853807)
+
+  [ Lukas Schwaighofer ]
+  * Allocate required pointer size correctly.  This fixes an issue with
+    session restore (`hydra -R`) causing the forked hydra processes to die
+    with a "double free or corruption" error. (Closes: #861058)
+
+ -- Lukas Schwaighofer <lukas@schwaighofer.name>  Wed, 03 May 2017 19:06:30 +0200
+
 hydra (8.3-2) unstable; urgency=medium
 
   * Team upload.
diff -Nru hydra-8.3/debian/patches/10_fix_typos_in_manpage.diff hydra-8.3/debian/patches/10_fix_typos_in_manpage.diff
--- hydra-8.3/debian/patches/10_fix_typos_in_manpage.diff	2016-11-27 17:17:26.000000000 +0100
+++ hydra-8.3/debian/patches/10_fix_typos_in_manpage.diff	2017-04-26 00:38:31.000000000 +0200
@@ -1,5 +1,6 @@
 Description: Fix typos in manpage
-Forwarded: no
+Forwarded: https://github.com/vanhauser-thc/thc-hydra/pull/188
+           https://github.com/vanhauser-thc/thc-hydra/pull/187
 Author: Daniel Echeverry <epsilon77@gmail.com>
 Last-Update: 2016-06-16
 --- a/xhydra.1
diff -Nru hydra-8.3/debian/patches/11_fix_man_typo.patch hydra-8.3/debian/patches/11_fix_man_typo.patch
--- hydra-8.3/debian/patches/11_fix_man_typo.patch	1970-01-01 01:00:00.000000000 +0100
+++ hydra-8.3/debian/patches/11_fix_man_typo.patch	2017-04-26 00:38:31.000000000 +0200
@@ -0,0 +1,16 @@
+Description: Fix typo preventiing -d from being correctly displayed
+Author: Gianfranco Costamagna <locutusofborg@debian.org>
+Bug-Debian: https://bugs.debian.org/853807
+
+Forwarded: https://github.com/vanhauser-thc/thc-hydra/pull/186
+
+--- hydra-8.3.orig/hydra.1
++++ hydra-8.3/hydra.1
+@@ -105,6 +105,7 @@ prefer IPv4 (default) or IPv6 addresses
+ .TP
+ .B \-v / \-V 
+ verbose mode / show login+pass combination for each attempt
++.TP
+ .B \-d
+ debug mode
+ .TP
diff -Nru hydra-8.3/debian/patches/12_allocate-pointer-size-correctly.path hydra-8.3/debian/patches/12_allocate-pointer-size-correctly.path
--- hydra-8.3/debian/patches/12_allocate-pointer-size-correctly.path	1970-01-01 01:00:00.000000000 +0100
+++ hydra-8.3/debian/patches/12_allocate-pointer-size-correctly.path	2017-05-03 20:47:26.000000000 +0200
@@ -0,0 +1,46 @@
+Author: Lukas Schwaighofer <lukas@schwaighofer.name>
+Date: Tue, 25 Apr 2017 23:31:39 +0200
+Description: do not assume that sizeof(int) is the same as the pointer size
+Bug: https://github.com/vanhauser-thc/thc-hydra/issues/27
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861058
+Forwarded: https://github.com/vanhauser-thc/thc-hydra/pull/209
+
+Allocate required pointer size correctly.  This fixes an issue with session
+restore (`hydra -R`) causing the forked hydra processes to die with a "double
+free or corruption" error.
+
+---
+ hydra.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/hydra.c b/hydra.c
+index 0704f49..1a49d30 100644
+--- a/hydra.c
++++ b/hydra.c
+@@ -929,7 +929,7 @@ void hydra_restore_read() {
+   }
+   if (debug)
+     printf("[DEBUG] reading restore file: Step 11 complete\n");
+-  hydra_heads = malloc((hydra_options.max_use + 2) * sizeof(int) + 16);
++  hydra_heads = malloc(sizeof(hydra_head*) * hydra_options.max_use);
+   for (j = 0; j < hydra_options.max_use; j++) {
+     hydra_heads[j] = malloc(sizeof(hydra_head));
+     fck = (int) fread(hydra_heads[j], sizeof(hydra_head), 1, f);
+@@ -3350,7 +3350,7 @@ int main(int argc, char *argv[]) {
+        if (tmpptr != NULL)
+          *tmpptr = 0;
+        countservers = hydra_brains.targets = 1;
+-       hydra_targets = malloc(sizeof(int) * 4);
++       hydra_targets = malloc(sizeof(hydra_target*) * 4);
+        hydra_targets[0] = malloc(sizeof(hydra_target));
+        memset(hydra_targets[0], 0, sizeof(hydra_target));
+        hydra_targets[0]->target = servers_ptr = hydra_options.server;
+@@ -3408,7 +3408,7 @@ int main(int argc, char *argv[]) {
+      }
+     } else {                    // standard: single target on command line
+       countservers = hydra_brains.targets = 1;
+-      hydra_targets = malloc(sizeof(int) * 4);
++      hydra_targets = malloc(sizeof(hydra_target*) * 4);
+       hydra_targets[0] = malloc(sizeof(hydra_target));
+       memset(hydra_targets[0], 0, sizeof(hydra_target));
+       hydra_targets[0]->target = servers_ptr = hydra_options.server;
diff -Nru hydra-8.3/debian/patches/series hydra-8.3/debian/patches/series
--- hydra-8.3/debian/patches/series	2016-11-27 17:17:26.000000000 +0100
+++ hydra-8.3/debian/patches/series	2017-05-03 20:47:26.000000000 +0200
@@ -8,3 +8,5 @@
 07_remove_troubled_files.diff
 08_fix_spelling_mistakes.diff
 10_fix_typos_in_manpage.diff
+11_fix_man_typo.patch
+12_allocate-pointer-size-correctly.path

Attachment: pgpm6MFINlIzJ.pgp
Description: OpenPGP digital signature


--- End Message ---
--- Begin Message --- 
Lukas Schwaighofer:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Hi,
> 
> Please unblock package hydra.  The updated package fixes a problem
> observed on amd64: Restoring a session using `hydra -R` will sometimes
> cause all forked processes to die with a "double free or corruption"
> error.
> 
> [...]
> 
> Thank you
> Lukas Schwaighofer
> 
> 
> unblock hydra/8.3-3
> 

Unblocked, thanks.

~Niels

--- End Message ---
Reply to: