Your message dated Sat, 08 Feb 2020 14:21:36 +0000
with message-id
<cf1cb2f35981916a86b98b83609df15c95aa378b.ca...@adam-barratt.org.uk>
and subject line Closing requests included in 10.3 point release
has caused the Debian Bug report #946901,
regarding buster-pu: package unhide/20130526-3+deb10u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
946901: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946901
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: important
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu
Dear Release Team,
I would like to upload the debdiff available below to fix a segmentation fault
in unhide.
The reason for this behaviour is that the application is exhausting its stack
by allocation an integer array with maxpid elements.
This issue is already fixed in Sid. For details, please see #945864.
Best regards,
Thiago Andrade
-- System Information:
Debian Release: 10.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to
C.UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
diff -Nru unhide-20130526/debian/changelog unhide-20130526/debian/changelog
--- unhide-20130526/debian/changelog 2018-12-15 14:01:03.000000000 -0200
+++ unhide-20130526/debian/changelog 2019-12-17 09:08:39.000000000 -0300
@@ -1,3 +1,12 @@
+unhide (20130526-3+deb10u1) buster; urgency=medium
+
+ * Team Upload.
+ * debian/patch/allocate-pid-arrays-from-heap.patch: Added to fix a stack
+ exhausting. Thanks to Bernhard Übelacker <bernha...@mailbox.org>.
+ (Closes: #945864)
+
+ -- Thiago Andrade Marques <thmarq...@gmail.com> Tue, 17 Dec 2019 09:08:39
-0300
+
unhide (20130526-3) unstable; urgency=medium
* Team upload.
diff -Nru unhide-20130526/debian/patches/allocate-pid-arrays-from-heap.patch
unhide-20130526/debian/patches/allocate-pid-arrays-from-heap.patch
--- unhide-20130526/debian/patches/allocate-pid-arrays-from-heap.patch
1969-12-31 21:00:00.000000000 -0300
+++ unhide-20130526/debian/patches/allocate-pid-arrays-from-heap.patch
2019-12-17 09:08:39.000000000 -0300
@@ -0,0 +1,40 @@
+Description: Allocate pid arrays from the stack
+
+Author: Bernhard Übelacker <bernha...@mailbox.org>
+Bug-Debian: https://bugs.debian.org/945864
+Forwarded: no
+Last-Update: 2019-12-03
+
+--- unhide-20130526.orig/unhide-linux-bruteforce.c
++++ unhide-20130526/unhide-linux-bruteforce.c
+@@ -64,14 +64,20 @@ void *funcionThread (void *parametro)
+ void brute(void)
+ {
+ int i=0;
+- int allpids[maxpid] ;
+- int allpids2[maxpid] ;
++ int* allpids;
++ int* allpids2;
+ int x;
+ int y;
+ int z;
+
+ msgln(unlog, 0, "[*]Starting scanning using brute force against PIDS with
fork()\n") ;
+
++ allpids = malloc(sizeof(int)*maxpid) ;
++ allpids2 = malloc(sizeof(int)*maxpid) ;
++ if (!allpids || !allpids2) {
++ die(unlog, "Error: Cannot allocate pid arrays ! Exiting.");
++ }
++
+ // PID under 301 are reserved for kernel
+ for(x=0; x < 301; x++)
+ {
+@@ -214,4 +220,7 @@ void brute(void)
+ }
+ }
+ }
++
++ free(allpids);
++ free(allpids2);
+ }
diff -Nru unhide-20130526/debian/patches/series
unhide-20130526/debian/patches/series
--- unhide-20130526/debian/patches/series 2018-12-15 13:57:25.000000000
-0200
+++ unhide-20130526/debian/patches/series 2019-12-17 09:08:39.000000000
-0300
@@ -1 +1,2 @@
fix-man
+allocate-pid-arrays-from-heap.patch
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 10.3
Hi,
Each of the uploads referred to by these bugs was included in today's
stable point release.
Regards,
Adam
--- End Message ---
