Bug#706101: Bug #706101: DFSG-violation reappeared in 0.22-1

2013-11-22 Thread Michael Banck 
tags 706101 +pending
thanks

On Sun, Jul 21, 2013 at 12:48:40PM +0200, Jonas Smedegaard wrote:
> reopen 706101
> found 706101 0.22-1
> thanks
> 
> [ cc'ing Michael regarding the P.S. on 0.10 spec ]
> 
> Quoting Debian Bug Tracking System (2013-04-27 20:51:08)
> > Source: qpid-python
> > Source-Version: 0.16+repack-1
> > 
> > We believe that the bug you reported is fixed in the latest version of 
> > qpid-python, which is due to be installed in the Debian FTP archive.
> 
> Correct - but unfortunately the later upstream fix was incomplete: 
> Debian now since 0.22-1 ships the AMQP-licensed amqp.0-10.dtd file.

I've uploaded a fixed package to DELAYED/1-day, see attached (rather not
very useful, granted) debdiff.


Michael
diff -Nru qpid-python-0.22/debian/changelog 
qpid-python-0.22+dfsg/debian/changelog
--- qpid-python-0.22/debian/changelog   2013-07-01 16:36:42.0 +0200
+++ qpid-python-0.22+dfsg/debian/changelog  2013-11-22 23:32:47.0 
+0100
@@ -1,3 +1,10 @@
+qpid-python (0.22+dfsg-1) unstable; urgency=low
+
+  * QA upload.
+  * Strip specs/amqp.0-10.dtd from upstream tarball. (Closes: #706101).
+
+ -- Michael Banck   Fri, 22 Nov 2013 23:31:53 +0100
+
 qpid-python (0.22-1) unstable; urgency=low
 
   * QA upload.
diff -Nru qpid-python-0.22/specs/amqp.0-10.dtd 
qpid-python-0.22+dfsg/specs/amqp.0-10.dtd
--- qpid-python-0.22/specs/amqp.0-10.dtd2008-02-19 20:23:34.0 
+0100
+++ qpid-python-0.22+dfsg/specs/amqp.0-10.dtd   1970-01-01 01:00:00.0 
+0100
@@ -1,246 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-

Bug#158637: [dendler@idefense.com: iDEFENSE Security Advisory: Linuxconf locally exploitable buffer overflow]

2002-09-21 Thread Michael Banck 
tags 158637 + patch
thanks

As I stated, debian's linuxconf package should not be vulnerable, as it
is not installed setuid root.

Nevertheless, I've backported the patch from the latest upstream
version, which makes the exploit[1] fail even if you happen to set
linuxconf setuid root.

cheers,

Michael

-- 
http://www.securiteam.com/exploits/5CP0F0K8BW.html
diff -Naur linuxconf-1.28r3/translate/translat.cc 
linuxconf-1.28r4.orig/translate/translat.cc
--- linuxconf-1.28r3/translate/translat.cc  1999-12-13 04:18:48.0 
+0100
+++ linuxconf-1.28r4.orig/translate/translat.cc 2002-08-19 20:45:48.0 
+0200
@@ -85,6 +85,7 @@
}
 }
 static char *pterr = NULL;
+#define MAXERR_SIZE 2000
 /*
Print an error message and increment the err counter
 */
@@ -92,7 +93,7 @@
 {
va_list list;
va_start (list,msg);
-   pterr += vsprintf (pterr,msg,list);
+   pterr += vsnprintf (pterr,MAXERR_SIZE,msg,list);
va_end (list);
 }
 
@@ -196,13 +197,13 @@
Load the message dictionnary.
Terminate the application if any error.
 */
-int translat_load (
+static int translat_loaderr (
const char *basepath,   // Directory holding dictionnaries
const char *basename,   // base name of the dictionnary
// the language 
selection will supply
// the extension.
const char *lang,   // Suffix for the language
-   char *errmsg)   // Will contain the error message
+   char errmsg[MAXERR_SIZE])   // Will contain the 
error message
 {
int ret = -1;
errmsg[0] = '\0';
@@ -250,8 +251,8 @@
// the extension.
const char *lang)
 {
-   char errmsg[2000];
-   if (translat_load (basepath,basename,lang,errmsg)==-1){
+   char errmsg[MAXERR_SIZE];
+   if (translat_loaderr (basepath,basename,lang,errmsg)==-1){
fprintf (stderr,"%s",errmsg);
exit (-1);
}
@@ -298,10 +299,10 @@
}
const char *lang = deflang;
const char *lang_env = getenv(envlangvar);
-   if (lang_env != NULL) lang = lang_env;
+   if (lang_env != NULL && strlen(lang_env)<=5) lang = lang_env;
 
-   char errmsg[2000];
-   if (translat_load (basepath,basename,lang,errmsg)==-1){
+   char errmsg[MAXERR_SIZE];
+   if (translat_loaderr (basepath,basename,lang,errmsg)==-1){
if (strcmp(lang,"eng")!=0){
bool showerr = getenv ("SHOWDICERR")!=NULL;
if (showerr){