Bug#919576: stretch-pu: package ncmpc/0.25-0.1

To: Salvatore Bonaccorso <carnil@debian.org>, 919576@bugs.debian.org
Subject: Bug#919576: stretch-pu: package ncmpc/0.25-0.1
From: kaliko <kaliko@azylum.org>
Date: Mon, 28 Jan 2019 14:35:57 +0100
Message-id: <[🔎] f29fa986-d32c-7fc0-f8d5-7d271105416f@azylum.org>
Reply-to: kaliko <kaliko@azylum.org>, 919576@bugs.debian.org
In-reply-to: <[🔎] 20190127081446.GA19024@eldamar.local>
References: <[🔎] 154772905413.26958.13691302747648090747.reportbug@feynman.univ-lyon1.fr> <[🔎] 20190127081446.GA19024@eldamar.local> <[🔎] 154772905413.26958.13691302747648090747.reportbug@feynman.univ-lyon1.fr>

Hi Salvatore

On 27/01/2019 09:14, Salvatore Bonaccorso wrote:
> On Thu, Jan 17, 2019 at 01:44:14PM +0100, kaliko wrote:
>> Package: release.debian.org
>> Severity: normal
>> Tags: stretch
>> User: release.debian.org@packages.debian.org
>> Usertags: pu
>>
> Hi
> 
> Update fixing CVE-2018-9240 / #894724
> […]> Please use for consistency (although that would be possible if
> 0.25-0.2 was never used) rather 0.25-0.1+deb9u1 for the version.

I updated the patch according to your review (find attached).

I also pushed it in branch stretch-pu:
    https://salsa.debian.org/kaliko-guest/ncmpc-gbp/tree/stretch-pu

Cheers
k

diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog
--- ncmpc-0.25/debian/changelog	2019-01-16 12:51:14.000000000 +0100
+++ ncmpc-0.25/debian/changelog	2016-11-10 08:32:55.000000000 +0100
@@ -1,10 +1,3 @@
-ncmpc (0.25-0.1+deb9u1) stretch; urgency=medium
-
-  * Non-maintainer upload.
-  * Fix CVE-2018-9240 (Closes: #894724)
-
- -- Geoffroy Youri Berret <efrim@azylum.org>  Wed, 16 Jan 2019 12:51:14 +0100
-
 ncmpc (0.25-0.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch
--- ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch	2019-01-16 12:51:14.000000000 +0100
+++ ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch	1970-01-01 01:00:00.000000000 +0100
@@ -1,19 +0,0 @@
-Description: Fix NULL dereference on long messages
-Author: Jonathan NeuschÃ¤fer <j.neuschaefer@gmx.net>
-Origin: https://bugs.debian.org/894724
-Applied-Upstream: v0.30
-Last-Update: 2019-01-16
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- a/src/mpdclient.h
-+++ b/src/mpdclient.h
-@@ -76,6 +76,9 @@
- static inline bool
- mpdclient_finish_command(struct mpdclient *c)
- {
-+	if (!c->connection)
-+		return false;
-+
- 	return mpd_response_finish(c->connection)
- 		? true : mpdclient_handle_error(c);
- }
diff -Nru ncmpc-0.25/debian/patches/series ncmpc-0.25/debian/patches/series
--- ncmpc-0.25/debian/patches/series	2019-01-16 12:51:14.000000000 +0100
+++ ncmpc-0.25/debian/patches/series	2016-11-10 08:32:55.000000000 +0100
@@ -1,2 +1 @@
 lirc.patch
-fix-CVE-2018-9240.patch

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- Bug#919576: stretch-pu: package ncmpc/0.25-0.1
  - From: kaliko <kaliko@azylum.org>
- Bug#919576: stretch-pu: package ncmpc/0.25-0.1
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#916817: marked as done (transition: remove python3.6)
Next by Date: Bug#919395: Heads up to release team about MariadB 10.3
Previous by thread: Bug#919576: stretch-pu: package ncmpc/0.25-0.1
Next by thread: Re: ruby-activeldap is marked for autoremoval from testing
Index(es):
- Date
- Thread