Bug#775913: vala-0.26: diff for NMU version 0.26.1-1.1

gregor herrmann Fri, 06 Mar 2015 08:15:08 -0800

Control: tags 775913 + pending

Dear maintainer,


I've prepared an NMU for vala-0.26 (versioned as 0.26.1-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards.

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer -  https://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Element Of Crime: No god anymore

diff -Nru vala-0.26-0.26.1/debian/changelog vala-0.26-0.26.1/debian/changelog
--- vala-0.26-0.26.1/debian/changelog	2014-10-15 21:56:24.000000000 +0200
+++ vala-0.26-0.26.1/debian/changelog	2015-03-06 16:58:16.000000000 +0100
@@ -1,3 +1,14 @@
+vala-0.26 (0.26.1-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix "CVE-2014-8154: Heap-buffer overflow in vala-gstreamer bindings
+    at Gst.MapInfo()": add patch mapinfo.date-array-length.patch,
+    taken from upstream git:
+    https://git.gnome.org/browse/vala/commit/?id=22126ebad3b2133db39bcf301c29c8b78b440f1a
+    (Closes: #775913)
+
+ -- gregor herrmann <gre...@debian.org>  Fri, 06 Mar 2015 16:58:06 +0100
+
 vala-0.26 (0.26.1-1) unstable; urgency=medium
 
   * Team upload.
diff -Nru vala-0.26-0.26.1/debian/patches/mapinfo.date-array-length.patch vala-0.26-0.26.1/debian/patches/mapinfo.date-array-length.patch
--- vala-0.26-0.26.1/debian/patches/mapinfo.date-array-length.patch	1970-01-01 01:00:00.000000000 +0100
+++ vala-0.26-0.26.1/debian/patches/mapinfo.date-array-length.patch	2015-03-06 16:43:01.000000000 +0100
@@ -0,0 +1,20 @@
+From 22126ebad3b2133db39bcf301c29c8b78b440f1a Mon Sep 17 00:00:00 2001
+From: Evan Nemerson <e...@nemerson.com>
+Date: Mon, 10 Nov 2014 11:09:09 -0800
+Subject: gstreamer-1.0: fix MapInfo.data array length
+
+(cherry picked from commit 3092537db65887e24a3d3e87a27caf9c5295e4f7)
+
+diff --git a/vapi/gstreamer-1.0.vapi b/vapi/gstreamer-1.0.vapi
+index 92909bd..2f3dfeb 100644
+--- a/vapi/gstreamer-1.0.vapi
++++ b/vapi/gstreamer-1.0.vapi
+@@ -2202,7 +2202,7 @@ namespace Gst {
+ 	public struct MapInfo {
+ 		public weak Gst.Memory memory;
+ 		public Gst.MapFlags flags;
+-		[CCode (array_length = false, array_null_terminated = true)]
++		[CCode (array_length_cname = "size", array_length_type = "gsize")]
+ 		public weak uint8[] data;
+ 		public size_t size;
+ 		public size_t maxsize;
diff -Nru vala-0.26-0.26.1/debian/patches/series vala-0.26-0.26.1/debian/patches/series
--- vala-0.26-0.26.1/debian/patches/series	2014-10-15 21:56:24.000000000 +0200
+++ vala-0.26-0.26.1/debian/patches/series	2015-03-06 16:42:37.000000000 +0100
@@ -0,0 +1 @@
+mapinfo.date-array-length.patch

signature.asc
Description: Digital Signature

Bug#775913: vala-0.26: diff for NMU version 0.26.1-1.1

Reply via email to