Re: Unsolicited GNU bc patch
On Sat, Aug 06, 2022 at 05:12:13AM +, Thomas DiModica wrote: > Yes, I keep spamming this trying to find an appropriate mailing list. I don't > remember how or why I initially stumbled across this bug report > (https://bugs.launchpad.net/ubuntu/+source/bc/+bug/1775776), but, given that > I have some familiarity with GNU bc, I decided to fix some of the issues. > Turns out, this also seems to fix the crashes reported here > (https://www.openwall.com/lists/oss-security/2018/11/28/1). I think it would > be a lot more useful to share this, as there isn't a lot to review. There are > three bug fixes and some self-defensive checks in the runtime for malformed > bytecode. Address Sanitizer tells me that these previously invalid memory > references now just leak memory. I don't appear to have broken anything in the > process, either. I'm not a member of any Debian mailing list, but I will try > to watch for responses. Please send such patches upstream. -- WBR, wRAR signature.asc Description: PGP signature
Re: Unsolicited GNU bc patch
Hi Thomas, Thomas DiModica writes: > Greetings, > > Yes, I keep spamming this trying to find an appropriate mailing list. I don't > remember how or why I initially stumbled across this bug report > (https://bugs.launchpad.net/ubuntu/+source/bc/+bug/1775776), but, given that > I have some familiarity with GNU bc, I decided to fix some of the issues. > Turns out, this also seems to fix the crashes reported here > (https://www.openwall.com/lists/oss-security/2018/11/28/1). I think it would > be a lot more useful to share this, as there isn't a lot to review. There are > three bug fixes and some self-defensive checks in the runtime for malformed > bytecode. Address Sanitizer tells me that these previously invalid memory > references now just leak memory. I don't appear to have broken anything in the > process, either. I'm not a member of any Debian mailing list, but I will try > to watch for responses. > > Just trying to be somewhat helpful, I took your patch, and created a merge request on our gitlab instance: https://salsa.debian.org/debian/bc/-/merge_requests/4 The patch has been slightly modified, to make it cleanly apply -- perhaps you'd be kind enough to check that I've not broken anything: https://salsa.debian.org/philh/bc/-/blob/ricinwich/debian/patches/09_crash-fixes.diff I note that bc doesn't see much activity, so I've no idea how long it might be before this makes its way into a release of the package, but at least this way it will not simply be forgotten on the mailing-list. BTW you are welcome to create an account on salsa.debian.org if you wish to contribute directly there. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Bug#1016726: ITP: libcommuni -- A cross-platform IRC framework written with Qt
Package: wnpp Severity: wishlist Owner: Tobias Frost X-Debbugs-Cc: debian-devel@lists.debian.org * Package name: libcommuni Version : 3.7.0 Upstream Author : The Communi Project * URL : https://communi.github.io/ * License : BSD-3-clause Programming Lang: C++ Description : cross-platform IRC framework written with Qt Communi is a cross-platform IRC framework written with Qt. Communi provides a set of tools for enabling IRC connectivity in Qt-based C++ and QML applications. IRC (Internet Relay Chat protocol) is a simple text-based communication protocol. IRC was created back in 1988 and is still popular particularly amongst open source projects. The Communi project's own IRC channel #communi is located on Libera.Chat. Getting started (I'm packaging communi as step towards be able to package spectrum2)
Bug#1016730: ITP: netbird -- VPN management platform built on top of WireGuard
Package: wnpp Severity: wishlist Owner: Dominik George X-Debbugs-Cc: debian-devel@lists.debian.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 * Package name: netbird Version : 0.8.5 Upstream Author : * URL : https://netbird.io/ * License : BSD-3-clause Programming Lang: Go Description : VPN management platform built on top of WireGuard NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home. It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth. NetBird creates an overlay peer-to-peer network connecting machines automatically regardless of their location (home, office, datacenter, container, cloud or edge environments) unifying virtual private network management experience. I intend to maintain netbird inside the Go packaging team. -BEGIN PGP SIGNATURE- iMAEARYKAGgWIQSk6zxRYJYchegBkTEK5VTlRg4b3QUCYu5UAzEaaHR0cHM6Ly93 d3cuZG9taW5pay1nZW9yZ2UuZGUvZ3BnLXBvbGljeS50eHQuYXNjGBxuYXR1cmVz aGFkb3dAZGViaWFuLm9yZwAKCRAK5VTlRg4b3X/lAP9wV67BD4AD0G9CDKjzkJyx HFObmtNenmFGmk2C8bNy4wD/cxm+p6/Iq/xaKKxiw9J9goMPsO4o7qQCNC431FZr 3wY= =pDtN -END PGP SIGNATURE-
Re: Unsolicited GNU bc patch
Philip, thank you, I'm sorry: I have sent this to upstream, but haven't heard anything from them. At least with a mailing list, I get feedback as to whether or not my mail was eaten by the void of the Internet. Also, if it gets into Debian, then the patches filter through to everything based on Debian. Philip, your change to the patch looks right. Sorry, I based the patch off upstream. You do say it needs a better description, so I'm going to try to give you a sense of what's going on. What I think is happening is that, somewhere in the parser, "that an error occurred" is getting suppressed, and the parser continues to generate bytecode with the previous instruction incomplete, and then it tries to execute that. Sometimes, the bytecode reads an instruction while trying to read a reference. This appears to be most catastrophic in array handling. While what ought to be fixed is the code generation to not generate these erroneous references, it is easier to fix the bytecode interpreter to defend itself from them. To begin, starting in execute.c: for change one, it has read a label number, but then walks off the list looking for it. In change two, sometimes the function number is invalid. And change three protects from the string not being terminated. Looking at this again, if I had just added an 'else' to "if (ch != '\\')" then I could have made a less invasive change. Also: if you want to give any of these error messages better text, or if I've broken the internationalization with them, please change them to suite your preferences. What I gave you is better than the "DANGER, WILL ROBINSON!" that I had before. In storage.c, initializing 'v_next' is one of the things I consider a bug. Sometimes, it has a "valid" pointer in it. The next six changes are defensive error checks to ensure that the array being requested is plausible. The line "params++;" looks like a hold-over from an earlier version of the code, where the parameters were stored in an array. With the linked-list, the proper way to advance to the next parameter is "params = params->next;", which always occurs a few lines later. That leaves util.c. I think they were trying to save memory, at some point. Possibly: variable names are treated differently from array and function names, and I don't see the reason for that. What happens is that the value from lookup() is used to initialize av_name in nextarg(). Then, av_name is directly used to index v_names right above that removed "params++;" line. In this retrospective dive through the code, that may be it. The line in storage.c could be changed, I think, but, in my opinion, it is better to move the code so that it more consistently handles all types. In addition, while the line "if (id->v_name <= MAX_STORE)" is annoying in that it is different, it isn't guarding against an invalid access. Thank you again, Thomas DiModica
Re: Unsolicited GNU bc patch
Thomas DiModica writes: ... > You do say it needs a better description, so I'm going to try to > give you a sense of what's going on. I was really saying that whoever feels competent to decide to accept the Merge Request for the bc package ought to come up with a better description for why they think the patch should be applied to the Debian package, but I'm sure your description will help too. Given that the patch references this thread, I'm sure it'll be found whenever needed. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Bug#1016769: ITP: elpa-snakemake -- support for editing and running snakemake files in emacs
Package: wnpp Owner: Diane Trout Severity: wishlist * Package name: elpa-snakemake Version : 2.0.0 Upstream Author : Kyle Meyer * URL or Web page : https://git.kyleam.com/snakemake-mode/about * License : GPL-3+ Description : support for editing and running snakemake files in emacs The source repository is broken up into providing two emacs packages. One snakemake.el provides support for running snakemake in an emacs transient mode, the other snakemake-model.el adds syntax highlighting for editing snakemake files within emacs.
