[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#932009: marked as done (buster-pu: package gcab/1.2-3)

Your message dated Sat, 07 Sep 2019 14:34:49 +0100
with message-id <[🔎] f49e2985d8466065c49c03185c24465a32228fb5.camel@adam-barratt.org.uk>
and subject line Closing bugs for fixes including in 10.1 point release
has caused the Debian Bug report #932009,
regarding buster-pu: package gcab/1.2-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
932009: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932009
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

Would it be possible to consider a stable update to gcab 1.2-3 (or its
equivalent as a stable upload)? It fixes a data corruption bug,
#913487; that’s the only change between 1.2-2, which is in Buster, and
1.2-3, which is in Bullseye. The debdiff is as follows:

diff -Nru gcab-1.2/debian/changelog gcab-1.2/debian/changelog
--- gcab-1.2/debian/changelog	2018-12-22 12:37:31.000000000 +0100
+++ gcab-1.2/debian/changelog	2019-07-06 10:18:07.000000000 +0200
@@ -1,3 +1,10 @@
+gcab (1.2-3) unstable; urgency=medium
+
+  * Apply upstream patch to fix corruption when extracting.
+    Closes: #931487. LP: #1835589.
+
+ -- Stephen Kitt <skitt@debian.org>  Sat, 06 Jul 2019 10:18:07 +0200
+
 gcab (1.2-2) unstable; urgency=medium
 
   * Avoid needing PATH_MAX, so we can build on Hurd. Closes: #888640;
diff -Nru gcab-1.2/debian/patches/overflow.patch gcab-1.2/debian/patches/overflow.patch
--- gcab-1.2/debian/patches/overflow.patch	1970-01-01 01:00:00.000000000 +0100
+++ gcab-1.2/debian/patches/overflow.patch	2019-07-06 10:16:47.000000000 +0200
@@ -0,0 +1,44 @@
+commit 5619f4cd2ca3108c8dea17ba656b5ce44a60ca29
+Author: Marc-André Lureau <marcandre.lureau@redhat.com>
+Date:   Fri Jan 11 19:42:40 2019 +0400
+
+    Revert "decomp: fix gcc warning strict-overflow"
+    
+    The warning doesn't happen with current build-sys.
+    
+    The overlapping behaviour is undefined with memcpy. memmove doesn't
+    have the same semantic either than the loop. Let's revert!
+    
+    Fixes:
+    https://gitlab.gnome.org/GNOME/gcab/issues/12
+    
+    This reverts commit e48074952743f53d8ac529d4debc421e7e0f6937.
+    
+    Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+
+diff --git a/libgcab/decomp.c b/libgcab/decomp.c
+index 64d97f8..0c2b184 100644
+--- a/libgcab/decomp.c
++++ b/libgcab/decomp.c
+@@ -1015,9 +1015,7 @@ int LZXfdi_decomp(int inlen, int outlen, fdi_decomp_state *decomp_state) {
+             window_posn += match_length;
+ 
+             /* copy match data - no worries about destination wraps */
+-            memcpy(rundest, runsrc, match_length);
+-            rundest += match_length;
+-            runsrc += match_length;
++            while (match_length-- > 0) *rundest++ = *runsrc++;
+           }
+         }
+         break;
+@@ -1106,9 +1104,7 @@ int LZXfdi_decomp(int inlen, int outlen, fdi_decomp_state *decomp_state) {
+             window_posn += match_length;
+ 
+             /* copy match data - no worries about destination wraps */
+-            memcpy(rundest, runsrc, match_length);
+-            rundest += match_length;
+-            runsrc += match_length;
++            while (match_length-- > 0) *rundest++ = *runsrc++;
+           }
+         }
+         break;
diff -Nru gcab-1.2/debian/patches/series gcab-1.2/debian/patches/series
--- gcab-1.2/debian/patches/series	2018-12-22 12:34:22.000000000 +0100
+++ gcab-1.2/debian/patches/series	2019-07-06 10:17:15.000000000 +0200
@@ -2,3 +2,4 @@
 zalloc_integer_overflow.patch
 no-git-version.patch
 do-not-use-path-max.patch
+overflow.patch


Regards,

Stephen

-- System Information:
Debian Release: 10.0
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable'), (100, 'unstable-debug'), (100, 'testing-debug'), (100, 'unstable'), (100, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

--- End Message ---
--- Begin Message --- 
Version: 10.1

Hi,

The fixes referenced by each of these bugs were included in today's
buster point release.

Regards,

Adam

--- End Message ---
Reply to: