Your message dated Sat, 06 Feb 2021 10:39:26 +0000 with message-id <6425525e38201ecf9a2d3e0f1e63c0d3b08e0fc0.ca...@adam-barratt.org.uk> and subject line Closing p-u bugs for updates in 10.8 has caused the Debian Bug report #981096, regarding buster-pu: package file/1:5.35-4+deb10u1 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 981096: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981096 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu Hello stable release team, for the upcoming stable point release, I've just uploaded src:file ("Recognize the type of data in a file using "magic" numbers") as version 1:5.35-4+deb10u2. Content: * Change default for name/use to 50. Type: limitation relaxed upstream Debian bug: https://bugs.debian.org/928009 Fixed in in stable and testing: 1:5.38-5 (May 2020) Problem: The old limit turned out to be too strict, and instead of avoiding DoS this broke legitimate use of that feature. Also, Paul Wise (Cc:'ed), asked me repeatedly to backport this to buster, I trust he has good reason to to so. Regards, Christoph -- System Information: Debian Release: 10.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.10 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)diff -Nru file-5.35/debian/changelog file-5.35/debian/changelog --- file-5.35/debian/changelog 2019-10-22 21:57:17.000000000 +0200 +++ file-5.35/debian/changelog 2021-01-25 22:40:17.000000000 +0100 @@ -1,3 +1,9 @@ +file (1:5.35-4+deb10u2) buster; urgency=medium + + * Change default for name/use to 50. Closes: #928009 + + -- Christoph Biedl <debian.a...@manchmal.in-ulm.de> Mon, 25 Jan 2021 22:40:17 +0100 + file (1:5.35-4+deb10u1) buster-security; urgency=high * Cherry-pick commit to restrict the number of CDF_VECTOR elements. diff -Nru file-5.35/debian/patches/increase.number.use.magic.limit.patch file-5.35/debian/patches/increase.number.use.magic.limit.patch --- file-5.35/debian/patches/increase.number.use.magic.limit.patch 1970-01-01 01:00:00.000000000 +0100 +++ file-5.35/debian/patches/increase.number.use.magic.limit.patch 2021-01-25 22:40:17.000000000 +0100 @@ -0,0 +1,17 @@ +Subject: Change default for name/use to 50 +Origin: Part of FILE5_38-65-gdf476c81 <https://github.com/file/file/commit/FILE5_38-65-gdf476c81> +Upstream-Author: Christos Zoulas <chris...@zoulas.com> +Date: Thu Mar 19 20:41:11 2020 +0000 +Bug-Debian: https://bugs.debian.org/928009 + +--- a/src/file.h ++++ b/src/file.h +@@ -437,7 +437,7 @@ + uint16_t regex_max; + size_t bytes_max; /* number of bytes to read from file */ + #define FILE_INDIR_MAX 50 +-#define FILE_NAME_MAX 30 ++#define FILE_NAME_MAX 50 + #define FILE_ELF_SHNUM_MAX 32768 + #define FILE_ELF_PHNUM_MAX 2048 + #define FILE_ELF_NOTES_MAX 256 diff -Nru file-5.35/debian/patches/series file-5.35/debian/patches/series --- file-5.35/debian/patches/series 2019-10-22 20:57:20.000000000 +0200 +++ file-5.35/debian/patches/series 2021-01-25 22:40:17.000000000 +0100 @@ -18,6 +18,8 @@ cherry-pick.FILE5_36-1-gecca6e54.fix-casts-and-bounds-check-found-by-oss-fuzz.patch cherry-pick.FILE5_36-24-g9b2f9d6a.cast-to-unsigned-first-to-appease-ubsan-oss-fuzz.patch cherry-pick.FILE5_37-67-g46a8443f.limit-the-number-of-elements-in-a-vector-found-by-oss-fuzz.patch +# part of FILE5_38-65-gdf476c81 +increase.number.use.magic.limit.patch # patches that should go upstream
--- End Message ---
--- Begin Message ---Package: release.debian.org Version: 10.8 Hi, Each of the updates referenced by these bugs was included in today's 10.8 point release. Regards, Adam
--- End Message ---
