Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package libqb Dear Release Team, The 1.0.4 upstream security release of libqb introduced regressions, which were fixed in 1.0.4-2 by the addition of some quilt patches. These patches were upstreamed and released as 1.0.5. So the 1.0.5-1 version currently in unstable has no actual code changes, the patched tree is identical to that of 1.0.4-2, except for the man page timestamps (these files are rebuilt anyway), the version number and a punctuation fix in the documentation (which also went upstream after 1.0.5). The following debdiff is therefore not very insightful: diff -Nru libqb-1.0.4/ChangeLog libqb-1.0.5/ChangeLog --- libqb-1.0.4/ChangeLog 2019-04-12 10:30:53.000000000 +0200 +++ libqb-1.0.5/ChangeLog 2019-04-25 10:30:00.000000000 +0200 @@ -1,3 +1,35 @@ +2019-04-25 Christine Caulfield <ccaul...@redhat.com> + + version: bump soname for 1.0.5 release + +2019-04-23 Ferenc Wágner <wf...@debian.org> + + Let remote_tempdir() assume a NUL-terminated name + This is the case already. We also fix a buffer overflow opportunity in + the memcpy() call by this change. + + Make it impossible to truncate or overflow the connection description + It's hard to predict the length of formatted output, so we'd better + notice (and abort) if the description is truncated. Incidentally, + mkdtemp() does this for us in the shared memory branch, but do an + explicit check there as well for consistency, and get rid of the wrongly + parametrized strncat() risking a buffer overflow (CONNECTION_DESCRIPTION + is not the length of the source "/qb"). + Similar truncation checks should be added to qb_ipcs_{shm,us}_connect() + where they build the request/response names, and possibly to other + places using snprintf(). + + Allow group access to the IPC directory + And don't abort if we aren't permitted to chown() it. The client might + still have the privileges to enter it. + + Errors are represented as negative values + + Fix garbled Doxygen markup + Part of d0ec0a6 on the master branch: fix the unreadable docstring. + + Fix spelling: plaform -> platform + 2019-04-12 Christine Caulfield <ccaul...@redhat.com> version: update version-info for 1.0.4 release diff -Nru libqb-1.0.4/configure libqb-1.0.5/configure --- libqb-1.0.4/configure 2019-04-12 10:30:39.000000000 +0200 +++ libqb-1.0.5/configure 2019-04-25 10:29:47.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libqb 1.0.4. +# Generated by GNU Autoconf 2.69 for libqb 1.0.5. # # Report bugs to <develop...@clusterlabs.org>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='libqb' PACKAGE_TARNAME='libqb' -PACKAGE_VERSION='1.0.4' -PACKAGE_STRING='libqb 1.0.4' +PACKAGE_VERSION='1.0.5' +PACKAGE_STRING='libqb 1.0.5' PACKAGE_BUGREPORT='develop...@clusterlabs.org' PACKAGE_URL='' @@ -1407,7 +1407,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libqb 1.0.4 to adapt to many kinds of systems. +\`configure' configures libqb 1.0.5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1477,7 +1477,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libqb 1.0.4:";; + short | recursive ) echo "Configuration of libqb 1.0.5:";; esac cat <<\_ACEOF @@ -1611,7 +1611,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libqb configure 1.0.4 +libqb configure 1.0.5 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2388,7 +2388,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libqb $as_me 1.0.4, which was +It was created by libqb $as_me 1.0.5, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4569,7 +4569,7 @@ # Define the identity of the package. PACKAGE='libqb' - VERSION='1.0.4' + VERSION='1.0.5' cat >>confdefs.h <<_ACEOF @@ -21860,7 +21860,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libqb $as_me 1.0.4, which was +This file was extended by libqb $as_me 1.0.5, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -21930,7 +21930,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libqb config.status 1.0.4 +libqb config.status 1.0.5 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -Nru libqb-1.0.4/debian/changelog libqb-1.0.5/debian/changelog --- libqb-1.0.4/debian/changelog 2019-04-18 18:38:20.000000000 +0200 +++ libqb-1.0.5/debian/changelog 2019-04-26 15:46:51.000000000 +0200 @@ -1,3 +1,14 @@ +libqb (1.0.5-1) unstable; urgency=medium + + * [b862a98] New upstream release (1.0.5) + The 1.0.4-2 Debian release already carried quilt patches for all the + changes released with 1.0.5. We're just synchronizing the version numbers + with this upload. + * [ff39181] Remove upstreamed patches, refresh the Hurd support patch + * [e36150c] New patch: doc: qbarray.h: remove stray asterisk + + -- Ferenc Wágner <wf...@debian.org> Fri, 26 Apr 2019 15:46:51 +0200 + libqb (1.0.4-2) unstable; urgency=medium * [55468ba] tests: let ipcserver clean up /dev/shm after ipcclient finishes diff -Nru libqb-1.0.4/debian/patches/Allow-group-access-to-the-IPC-directory.patch libqb-1.0.5/debian/patches/Allow-group-access-to-the-IPC-directory.patch --- libqb-1.0.4/debian/patches/Allow-group-access-to-the-IPC-directory.patch 2019-04-18 18:38:07.000000000 +0200 +++ libqb-1.0.5/debian/patches/Allow-group-access-to-the-IPC-directory.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,29 +0,0 @@ -From: =?utf-8?q?Ferenc_W=C3=A1gner?= <wf...@debian.org> -Date: Thu, 18 Apr 2019 13:20:38 +0200 -Subject: Allow group access to the IPC directory - -And don't abort if we aren't permitted to chown() it. The client might -still have the privileges to enter it. ---- - lib/ipc_setup.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/lib/ipc_setup.c b/lib/ipc_setup.c -index 14c5e98..5e04974 100644 ---- a/lib/ipc_setup.c -+++ b/lib/ipc_setup.c -@@ -650,11 +650,12 @@ handle_new_connection(struct qb_ipcs_service *s, - res = -errno; - goto send_response; - } -- res = chown(c->description, c->auth.uid, c->auth.gid); -- if (res != 0) { -+ if (chmod(c->description, 0770)) { - res = -errno; - goto send_response; - } -+ /* chown can fail because we might not be root */ -+ (void)chown(c->description, c->auth.uid, c->auth.gid); - - /* We can't pass just a directory spec to the clients */ - strncat(c->description,"/qb", CONNECTION_DESCRIPTION); diff -Nru libqb-1.0.4/debian/patches/doc-qbarray.h-remove-stray-asterisk.patch libqb-1.0.5/debian/patches/doc-qbarray.h-remove-stray-asterisk.patch --- libqb-1.0.4/debian/patches/doc-qbarray.h-remove-stray-asterisk.patch 1970-01-01 01:00:00.000000000 +0100 +++ libqb-1.0.5/debian/patches/doc-qbarray.h-remove-stray-asterisk.patch 2019-04-26 15:46:18.000000000 +0200 @@ -0,0 +1,21 @@ +From: =?utf-8?q?Ferenc_W=C3=A1gner?= <wf...@debian.org> +Date: Fri, 26 Apr 2019 15:45:32 +0200 +Subject: doc: qbarray.h: remove stray asterisk + +--- + include/qb/qbarray.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/qb/qbarray.h b/include/qb/qbarray.h +index 270b1c2..6c796fe 100644 +--- a/include/qb/qbarray.h ++++ b/include/qb/qbarray.h +@@ -48,7 +48,7 @@ extern "C" { + * @endcode + * + * Currently, this dynamic array abstract data type can accommodate only +- * 2^(@c * QB_ARRAY_MAX_INDEX_BITS) elements, and with standard zero-based ++ * 2^@c QB_ARRAY_MAX_INDEX_BITS elements, and with standard zero-based + * indexing, this gives a valid index range [0, @c QB_ARRAY_MAX_ELEMENTS), + * where the notation denotes the beginning of the interval is included and + * the end is excluded. In other words, client space shall avoid a pitfall diff -Nru libqb-1.0.4/debian/patches/Errors-are-represented-as-negative-values.patch libqb-1.0.5/debian/patches/Errors-are-represented-as-negative-values.patch --- libqb-1.0.4/debian/patches/Errors-are-represented-as-negative-values.patch 2019-04-18 18:38:07.000000000 +0200 +++ libqb-1.0.5/debian/patches/Errors-are-represented-as-negative-values.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,27 +0,0 @@ -From: =?utf-8?q?Ferenc_W=C3=A1gner?= <wf...@debian.org> -Date: Wed, 17 Apr 2019 15:09:42 +0200 -Subject: Errors are represented as negative values - ---- - lib/ipc_setup.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/ipc_setup.c b/lib/ipc_setup.c -index f4944cd..14c5e98 100644 ---- a/lib/ipc_setup.c -+++ b/lib/ipc_setup.c -@@ -647,12 +647,12 @@ handle_new_connection(struct qb_ipcs_service *s, - snprintf(c->description, CONNECTION_DESCRIPTION, - "/dev/shm/qb-%d-%d-%d-XXXXXX", s->pid, ugp->pid, c->setup.u.us.sock); - if (mkdtemp(c->description) == NULL) { -- res = errno; -+ res = -errno; - goto send_response; - } - res = chown(c->description, c->auth.uid, c->auth.gid); - if (res != 0) { -- res = errno; -+ res = -errno; - goto send_response; - } - diff -Nru libqb-1.0.4/debian/patches/Fix-garbled-Doxygen-markup.patch libqb-1.0.5/debian/patches/Fix-garbled-Doxygen-markup.patch --- libqb-1.0.4/debian/patches/Fix-garbled-Doxygen-markup.patch 2019-04-18 18:38:07.000000000 +0200 +++ libqb-1.0.5/debian/patches/Fix-garbled-Doxygen-markup.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,24 +0,0 @@ -From: =?utf-8?q?Ferenc_W=C3=A1gner?= <wf...@debian.org> -Date: Tue, 16 Apr 2019 11:16:51 +0200 -Subject: Fix garbled Doxygen markup - -Part of d0ec0a6 on the upstream master branch. ---- - include/qb/qbarray.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/include/qb/qbarray.h b/include/qb/qbarray.h -index 776db04..270b1c2 100644 ---- a/include/qb/qbarray.h -+++ b/include/qb/qbarray.h -@@ -52,8 +52,8 @@ extern "C" { - * indexing, this gives a valid index range [0, @c QB_ARRAY_MAX_ELEMENTS), - * where the notation denotes the beginning of the interval is included and - * the end is excluded. In other words, client space shall avoid a pitfall -- * of relying solely on the type of @max_elements parameter to -- * @ref qb_array_create and/or of @idx parameter to @ref qb_array_index -+ * of relying solely on the type of @c max_elements parameter to -+ * @ref qb_array_create and/or of @c idx parameter to @ref qb_array_index - * (these types conflict, anyway). - */ - diff -Nru libqb-1.0.4/debian/patches/Fix-spelling-plaform-platform.patch libqb-1.0.5/debian/patches/Fix-spelling-plaform-platform.patch --- libqb-1.0.4/debian/patches/Fix-spelling-plaform-platform.patch 2019-04-18 18:38:07.000000000 +0200 +++ libqb-1.0.5/debian/patches/Fix-spelling-plaform-platform.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,21 +0,0 @@ -From: =?utf-8?q?Ferenc_W=C3=A1gner?= <wf...@debian.org> -Date: Wed, 14 Mar 2018 10:24:20 +0100 -Subject: Fix spelling: plaform -> platform - ---- - docs/man8/qb-blackbox.8 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/docs/man8/qb-blackbox.8 b/docs/man8/qb-blackbox.8 -index 3df924d..fe07c0d 100644 ---- a/docs/man8/qb-blackbox.8 -+++ b/docs/man8/qb-blackbox.8 -@@ -30,7 +30,7 @@ recorded using libqb's blackbox mechanism. - Due to variations amongst platforms, some of which directly impact - the libqb's blackbox format handling (e.g. page size), there's currently - only the commitment that \fBqb-blackbox\fR shall decode the blackbox files --recorded at the same plaform (plus the same page size) while using libqb -+recorded at the same platform (plus the same page size) while using libqb - compiled with the same relevant compile-time options - (e.g. \fBUSE_CACHE_LINE_ALIGNMENT\fR) as linked to this decoder. - Otherwise, your mileage may vary. diff -Nru libqb-1.0.4/debian/patches/hurd-dev-shm-is-a-tmpfs-here-as-well.patch libqb-1.0.5/debian/patches/hurd-dev-shm-is-a-tmpfs-here-as-well.patch --- libqb-1.0.4/debian/patches/hurd-dev-shm-is-a-tmpfs-here-as-well.patch 2019-04-18 18:38:07.000000000 +0200 +++ libqb-1.0.5/debian/patches/hurd-dev-shm-is-a-tmpfs-here-as-well.patch 2019-04-26 15:46:18.000000000 +0200 @@ -12,27 +12,27 @@ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/ipc_setup.c b/lib/ipc_setup.c -index e1de3fc..f4944cd 100644 +index 3f53c4b..062f5da 100644 --- a/lib/ipc_setup.c +++ b/lib/ipc_setup.c -@@ -643,7 +643,7 @@ handle_new_connection(struct qb_ipcs_service *s, +@@ -645,7 +645,7 @@ handle_new_connection(struct qb_ipcs_service *s, c->auth.mode = 0600; c->stats.client_pid = ugp->pid; -#if defined(QB_LINUX) || defined(QB_CYGWIN) +#if defined(QB_LINUX) || defined(QB_CYGWIN) || defined(QB_GNU) - snprintf(c->description, CONNECTION_DESCRIPTION, - "/dev/shm/qb-%d-%d-%d-XXXXXX", s->pid, ugp->pid, c->setup.u.us.sock); - if (mkdtemp(c->description) == NULL) { -@@ -887,7 +887,7 @@ retry_accept: + desc_len = snprintf(c->description, CONNECTION_DESCRIPTION - sizeof suffix, + "/dev/shm/qb-%d-%d-%d-XXXXXX", s->pid, ugp->pid, c->setup.u.us.sock); + if (desc_len < 0) { +@@ -906,7 +906,7 @@ retry_accept: - void remove_tempdir(const char *name, size_t namelen) + void remove_tempdir(const char *name) { -#if defined(QB_LINUX) || defined(QB_CYGWIN) +#if defined(QB_LINUX) || defined(QB_CYGWIN) || defined(QB_GNU) char dirname[PATH_MAX]; - char *slash; - memcpy(dirname, name, namelen); + char *slash = strrchr(name, '/'); + diff --git a/lib/unix.c b/lib/unix.c index 49701a3..643f361 100644 --- a/lib/unix.c diff -Nru libqb-1.0.4/debian/patches/Let-remote_tempdir-assume-a-NUL-terminated-name.patch libqb-1.0.5/debian/patches/Let-remote_tempdir-assume-a-NUL-terminated-name.patch --- libqb-1.0.4/debian/patches/Let-remote_tempdir-assume-a-NUL-terminated-name.patch 2019-04-18 18:38:07.000000000 +0200 +++ libqb-1.0.5/debian/patches/Let-remote_tempdir-assume-a-NUL-terminated-name.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,100 +0,0 @@ -From: =?utf-8?q?Ferenc_W=C3=A1gner?= <wf...@debian.org> -Date: Thu, 18 Apr 2019 16:06:04 +0200 -Subject: Let remote_tempdir() assume a NUL-terminated name - -This is the case already. We also fix a buffer overflow opportunity in -the memcpy() call by this change. ---- - lib/ipc_int.h | 2 +- - lib/ipc_setup.c | 11 +++++------ - lib/ipc_shm.c | 2 +- - lib/ipc_socket.c | 4 ++-- - lib/ipcs.c | 2 +- - 5 files changed, 10 insertions(+), 11 deletions(-) - -diff --git a/lib/ipc_int.h b/lib/ipc_int.h -index 01d1b30..771c477 100644 ---- a/lib/ipc_int.h -+++ b/lib/ipc_int.h -@@ -207,6 +207,6 @@ int32_t qb_ipc_us_sock_error_is_disconnected(int err); - - int use_filesystem_sockets(void); - --void remove_tempdir(const char *name, size_t namelen); -+void remove_tempdir(const char *name); - - #endif /* QB_IPC_INT_H_DEFINED */ -diff --git a/lib/ipc_setup.c b/lib/ipc_setup.c -index 3c41911..062f5da 100644 ---- a/lib/ipc_setup.c -+++ b/lib/ipc_setup.c -@@ -904,16 +904,15 @@ retry_accept: - return 0; - } - --void remove_tempdir(const char *name, size_t namelen) -+void remove_tempdir(const char *name) - { - #if defined(QB_LINUX) || defined(QB_CYGWIN) || defined(QB_GNU) - char dirname[PATH_MAX]; -- char *slash; -- memcpy(dirname, name, namelen); -+ char *slash = strrchr(name, '/'); - -- slash = strrchr(dirname, '/'); -- if (slash) { -- *slash = '\0'; -+ if (slash && slash - name < sizeof dirname) { -+ memcpy(dirname, name, slash - name); -+ dirname[slash - name] = '\0'; - /* This gets called more than it needs to be really, so we don't check - * the return code. It's more of a desperate attempt to clean up after ourself - * in either the server or client. -diff --git a/lib/ipc_shm.c b/lib/ipc_shm.c -index bdd0a0d..41906cb 100644 ---- a/lib/ipc_shm.c -+++ b/lib/ipc_shm.c -@@ -240,7 +240,7 @@ qb_ipcs_shm_disconnect(struct qb_ipcs_connection *c) - } - } - -- remove_tempdir(c->description, CONNECTION_DESCRIPTION); -+ remove_tempdir(c->description); - } - - static int32_t -diff --git a/lib/ipc_socket.c b/lib/ipc_socket.c -index 5949232..9692323 100644 ---- a/lib/ipc_socket.c -+++ b/lib/ipc_socket.c -@@ -376,7 +376,7 @@ qb_ipcc_us_disconnect(struct qb_ipcc_connection *c) - } - - /* Last-ditch attempt to tidy up after ourself */ -- remove_tempdir(c->request.u.us.shared_file_name, PATH_MAX); -+ remove_tempdir(c->request.u.us.shared_file_name); - - qb_ipcc_us_sock_close(c->event.u.us.sock); - qb_ipcc_us_sock_close(c->request.u.us.sock); -@@ -772,7 +772,7 @@ qb_ipcs_us_disconnect(struct qb_ipcs_connection *c) - - - } -- remove_tempdir(c->description, CONNECTION_DESCRIPTION); -+ remove_tempdir(c->description); - } - - static int32_t -diff --git a/lib/ipcs.c b/lib/ipcs.c -index 29f3431..0609e46 100644 ---- a/lib/ipcs.c -+++ b/lib/ipcs.c -@@ -642,7 +642,7 @@ qb_ipcs_disconnect(struct qb_ipcs_connection *c) - scheduled_retry = 1; - } - } -- remove_tempdir(c->description, CONNECTION_DESCRIPTION); -+ remove_tempdir(c->description); - if (scheduled_retry == 0) { - /* This removes the initial alloc ref */ - qb_ipcs_connection_unref(c); diff -Nru libqb-1.0.4/debian/patches/Make-it-impossible-to-truncate-or-overflow-the-connection.patch libqb-1.0.5/debian/patches/Make-it-impossible-to-truncate-or-overflow-the-connection.patch --- libqb-1.0.4/debian/patches/Make-it-impossible-to-truncate-or-overflow-the-connection.patch 2019-04-18 18:38:07.000000000 +0200 +++ libqb-1.0.5/debian/patches/Make-it-impossible-to-truncate-or-overflow-the-connection.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,72 +0,0 @@ -From: =?utf-8?q?Ferenc_W=C3=A1gner?= <wf...@debian.org> -Date: Thu, 18 Apr 2019 14:32:46 +0200 -Subject: Make it impossible to truncate or overflow the connection description - -It's hard to predict the length of formatted output, so we'd better -notice (and abort) if the description is truncated. Incidentally, -mkdtemp() does this for us in the shared memory branch, but do an -explicit check there as well for consistency, and get rid of the wrongly -parametrized strncat() risking a buffer overflow (CONNECTION_DESCRIPTION -is not the length of the source "/qb"). - -Similar truncation checks should be added to qb_ipcs_{shm,us}_connect() -where they build the request/response names, and possibly to other -places using snprintf(). ---- - lib/ipc_setup.c | 28 +++++++++++++++++++++++----- - 1 file changed, 23 insertions(+), 5 deletions(-) - -diff --git a/lib/ipc_setup.c b/lib/ipc_setup.c -index 5e04974..3c41911 100644 ---- a/lib/ipc_setup.c -+++ b/lib/ipc_setup.c -@@ -620,6 +620,8 @@ handle_new_connection(struct qb_ipcs_service *s, - int32_t res2 = 0; - uint32_t max_buffer_size = QB_MAX(req->max_msg_size, s->max_buffer_size); - struct qb_ipc_connection_response response; -+ const char suffix[] = "/qb"; -+ int desc_len; - - c = qb_ipcs_connection_alloc(s); - if (c == NULL) { -@@ -644,8 +646,16 @@ handle_new_connection(struct qb_ipcs_service *s, - c->stats.client_pid = ugp->pid; - - #if defined(QB_LINUX) || defined(QB_CYGWIN) || defined(QB_GNU) -- snprintf(c->description, CONNECTION_DESCRIPTION, -- "/dev/shm/qb-%d-%d-%d-XXXXXX", s->pid, ugp->pid, c->setup.u.us.sock); -+ desc_len = snprintf(c->description, CONNECTION_DESCRIPTION - sizeof suffix, -+ "/dev/shm/qb-%d-%d-%d-XXXXXX", s->pid, ugp->pid, c->setup.u.us.sock); -+ if (desc_len < 0) { -+ res = -errno; -+ goto send_response; -+ } -+ if (desc_len >= CONNECTION_DESCRIPTION - sizeof suffix) { -+ res = -ENAMETOOLONG; -+ goto send_response; -+ } - if (mkdtemp(c->description) == NULL) { - res = -errno; - goto send_response; -@@ -658,10 +668,18 @@ handle_new_connection(struct qb_ipcs_service *s, - (void)chown(c->description, c->auth.uid, c->auth.gid); - - /* We can't pass just a directory spec to the clients */ -- strncat(c->description,"/qb", CONNECTION_DESCRIPTION); -+ memcpy(c->description + desc_len, suffix, sizeof suffix); - #else -- snprintf(c->description, CONNECTION_DESCRIPTION, -- "%d-%d-%d", s->pid, ugp->pid, c->setup.u.us.sock); -+ desc_len = snprintf(c->description, CONNECTION_DESCRIPTION, -+ "%d-%d-%d", s->pid, ugp->pid, c->setup.u.us.sock); -+ if (desc_len < 0) { -+ res = -errno; -+ goto send_response; -+ } -+ if (desc_len >= CONNECTION_DESCRIPTION) { -+ res = -ENAMETOOLONG; -+ goto send_response; -+ } - #endif - - diff -Nru libqb-1.0.4/debian/patches/series libqb-1.0.5/debian/patches/series --- libqb-1.0.4/debian/patches/series 2019-04-18 18:38:07.000000000 +0200 +++ libqb-1.0.5/debian/patches/series 2019-04-26 15:46:18.000000000 +0200 @@ -2,10 +2,5 @@ hurd-definition-of-PATH_MAX-must-be-included-separately.patch tests-always-run-the-SHM-suite-just-expect-failures.patch hurd-the-socket-tests-are-expected-to-fail.patch -Fix-spelling-plaform-platform.patch Reduce-stress-test-lengths-to-help-weak-buildds.patch -Fix-garbled-Doxygen-markup.patch -Errors-are-represented-as-negative-values.patch -Allow-group-access-to-the-IPC-directory.patch -Make-it-impossible-to-truncate-or-overflow-the-connection.patch -Let-remote_tempdir-assume-a-NUL-terminated-name.patch +doc-qbarray.h-remove-stray-asterisk.patch diff -Nru libqb-1.0.4/docs/common.dox libqb-1.0.5/docs/common.dox --- libqb-1.0.4/docs/common.dox 2019-04-12 10:30:51.000000000 +0200 +++ libqb-1.0.5/docs/common.dox 2019-04-25 10:29:59.000000000 +0200 @@ -38,7 +38,7 @@ # could be handy for archiving the generated documentation or if some version # control system is used. -PROJECT_NUMBER = 1.0.4 +PROJECT_NUMBER = 1.0.5 # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a diff -Nru libqb-1.0.4/docs/man3/qbarray.h.3 libqb-1.0.5/docs/man3/qbarray.h.3 --- libqb-1.0.4/docs/man3/qbarray.h.3 2019-04-12 10:30:52.000000000 +0200 +++ libqb-1.0.5/docs/man3/qbarray.h.3 2019-04-25 10:30:00.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "qbarray.h" 3 "Fri Apr 12 2019" "Version 1.0.4" "libqb" \" -*- nroff -*- +.TH "qbarray.h" 3 "Thu Apr 25 2019" "Version 1.0.5" "libqb" \" -*- nroff -*- .ad l .nh .SH NAME @@ -92,7 +92,7 @@ .fi .PP .PP -Currently, this dynamic array abstract data type can accommodate only 2^(\fC*\fP QB_ARRAY_MAX_INDEX_BITS) elements, and with standard zero-based indexing, this gives a valid index range [0, \fCQB_ARRAY_MAX_ELEMENTS\fP), where the notation denotes the beginning of the interval is included and the end is excluded\&. In other words, client space shall avoid a pitfall of relying solely on the type of parameter to \fBqb_array_create\fP and/or of parameter to \fBqb_array_index\fP (these types conflict, anyway)\&. +Currently, this dynamic array abstract data type can accommodate only 2^(\fC*\fP QB_ARRAY_MAX_INDEX_BITS) elements, and with standard zero-based indexing, this gives a valid index range [0, \fCQB_ARRAY_MAX_ELEMENTS\fP), where the notation denotes the beginning of the interval is included and the end is excluded\&. In other words, client space shall avoid a pitfall of relying solely on the type of \fCmax_elements\fP parameter to \fBqb_array_create\fP and/or of \fCidx\fP parameter to \fBqb_array_index\fP (these types conflict, anyway)\&. .SH "Macro Definition Documentation" .PP .SS "#define QB_ARRAY_MAX_ELEMENTS (1 << \fBQB_ARRAY_MAX_INDEX_BITS\fP)" diff -Nru libqb-1.0.4/docs/man3/qbatomic.h.3 libqb-1.0.5/docs/man3/qbatomic.h.3 --- libqb-1.0.4/docs/man3/qbatomic.h.3 2019-04-12 10:30:52.000000000 +0200 +++ libqb-1.0.5/docs/man3/qbatomic.h.3 2019-04-25 10:30:00.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "qbatomic.h" 3 "Fri Apr 12 2019" "Version 1.0.4" "libqb" \" -*- nroff -*- +.TH "qbatomic.h" 3 "Thu Apr 25 2019" "Version 1.0.5" "libqb" \" -*- nroff -*- .ad l .nh .SH NAME diff -Nru libqb-1.0.4/docs/man3/qbdefs.h.3 libqb-1.0.5/docs/man3/qbdefs.h.3 --- libqb-1.0.4/docs/man3/qbdefs.h.3 2019-04-12 10:30:52.000000000 +0200 +++ libqb-1.0.5/docs/man3/qbdefs.h.3 2019-04-25 10:30:00.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "qbdefs.h" 3 "Fri Apr 12 2019" "Version 1.0.4" "libqb" \" -*- nroff -*- +.TH "qbdefs.h" 3 "Thu Apr 25 2019" "Version 1.0.5" "libqb" \" -*- nroff -*- .ad l .nh .SH NAME diff -Nru libqb-1.0.4/docs/man3/qbhdb.h.3 libqb-1.0.5/docs/man3/qbhdb.h.3 --- libqb-1.0.4/docs/man3/qbhdb.h.3 2019-04-12 10:30:52.000000000 +0200 +++ libqb-1.0.5/docs/man3/qbhdb.h.3 2019-04-25 10:30:00.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "qbhdb.h" 3 "Fri Apr 12 2019" "Version 1.0.4" "libqb" \" -*- nroff -*- +.TH "qbhdb.h" 3 "Thu Apr 25 2019" "Version 1.0.5" "libqb" \" -*- nroff -*- .ad l .nh .SH NAME diff -Nru libqb-1.0.4/docs/man3/qbipcc.h.3 libqb-1.0.5/docs/man3/qbipcc.h.3 --- libqb-1.0.4/docs/man3/qbipcc.h.3 2019-04-12 10:30:52.000000000 +0200 +++ libqb-1.0.5/docs/man3/qbipcc.h.3 2019-04-25 10:30:00.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "qbipcc.h" 3 "Fri Apr 12 2019" "Version 1.0.4" "libqb" \" -*- nroff -*- +.TH "qbipcc.h" 3 "Thu Apr 25 2019" "Version 1.0.5" "libqb" \" -*- nroff -*- .ad l .nh .SH NAME diff -Nru libqb-1.0.4/docs/man3/qbipc_common.h.3 libqb-1.0.5/docs/man3/qbipc_common.h.3 --- libqb-1.0.4/docs/man3/qbipc_common.h.3 2019-04-12 10:30:52.000000000 +0200 +++ libqb-1.0.5/docs/man3/qbipc_common.h.3 2019-04-25 10:30:00.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "qbipc_common.h" 3 "Fri Apr 12 2019" "Version 1.0.4" "libqb" \" -*- nroff -*- +.TH "qbipc_common.h" 3 "Thu Apr 25 2019" "Version 1.0.5" "libqb" \" -*- nroff -*- .ad l .nh .SH NAME diff -Nru libqb-1.0.4/docs/man3/qbipcs.h.3 libqb-1.0.5/docs/man3/qbipcs.h.3 --- libqb-1.0.4/docs/man3/qbipcs.h.3 2019-04-12 10:30:52.000000000 +0200 +++ libqb-1.0.5/docs/man3/qbipcs.h.3 2019-04-25 10:30:00.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "qbipcs.h" 3 "Fri Apr 12 2019" "Version 1.0.4" "libqb" \" -*- nroff -*- +.TH "qbipcs.h" 3 "Thu Apr 25 2019" "Version 1.0.5" "libqb" \" -*- nroff -*- .ad l .nh .SH NAME diff -Nru libqb-1.0.4/docs/man3/qblist.h.3 libqb-1.0.5/docs/man3/qblist.h.3 --- libqb-1.0.4/docs/man3/qblist.h.3 2019-04-12 10:30:52.000000000 +0200 +++ libqb-1.0.5/docs/man3/qblist.h.3 2019-04-25 10:30:00.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "qblist.h" 3 "Fri Apr 12 2019" "Version 1.0.4" "libqb" \" -*- nroff -*- +.TH "qblist.h" 3 "Thu Apr 25 2019" "Version 1.0.5" "libqb" \" -*- nroff -*- .ad l .nh .SH NAME diff -Nru libqb-1.0.4/docs/man3/qblog.h.3 libqb-1.0.5/docs/man3/qblog.h.3 --- libqb-1.0.4/docs/man3/qblog.h.3 2019-04-12 10:30:52.000000000 +0200 +++ libqb-1.0.5/docs/man3/qblog.h.3 2019-04-25 10:30:00.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "qblog.h" 3 "Fri Apr 12 2019" "Version 1.0.4" "libqb" \" -*- nroff -*- +.TH "qblog.h" 3 "Thu Apr 25 2019" "Version 1.0.5" "libqb" \" -*- nroff -*- .ad l .nh .SH NAME diff -Nru libqb-1.0.4/docs/man3/qbloop.h.3 libqb-1.0.5/docs/man3/qbloop.h.3 --- libqb-1.0.4/docs/man3/qbloop.h.3 2019-04-12 10:30:52.000000000 +0200 +++ libqb-1.0.5/docs/man3/qbloop.h.3 2019-04-25 10:30:00.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "qbloop.h" 3 "Fri Apr 12 2019" "Version 1.0.4" "libqb" \" -*- nroff -*- +.TH "qbloop.h" 3 "Thu Apr 25 2019" "Version 1.0.5" "libqb" \" -*- nroff -*- .ad l .nh .SH NAME diff -Nru libqb-1.0.4/docs/man3/qbmap.h.3 libqb-1.0.5/docs/man3/qbmap.h.3 --- libqb-1.0.4/docs/man3/qbmap.h.3 2019-04-12 10:30:52.000000000 +0200 +++ libqb-1.0.5/docs/man3/qbmap.h.3 2019-04-25 10:30:00.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "qbmap.h" 3 "Fri Apr 12 2019" "Version 1.0.4" "libqb" \" -*- nroff -*- +.TH "qbmap.h" 3 "Thu Apr 25 2019" "Version 1.0.5" "libqb" \" -*- nroff -*- .ad l .nh .SH NAME diff -Nru libqb-1.0.4/docs/man3/qbrb.h.3 libqb-1.0.5/docs/man3/qbrb.h.3 --- libqb-1.0.4/docs/man3/qbrb.h.3 2019-04-12 10:30:52.000000000 +0200 +++ libqb-1.0.5/docs/man3/qbrb.h.3 2019-04-25 10:30:00.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "qbrb.h" 3 "Fri Apr 12 2019" "Version 1.0.4" "libqb" \" -*- nroff -*- +.TH "qbrb.h" 3 "Thu Apr 25 2019" "Version 1.0.5" "libqb" \" -*- nroff -*- .ad l .nh .SH NAME diff -Nru libqb-1.0.4/docs/man3/qbutil.h.3 libqb-1.0.5/docs/man3/qbutil.h.3 --- libqb-1.0.4/docs/man3/qbutil.h.3 2019-04-12 10:30:52.000000000 +0200 +++ libqb-1.0.5/docs/man3/qbutil.h.3 2019-04-25 10:30:00.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "qbutil.h" 3 "Fri Apr 12 2019" "Version 1.0.4" "libqb" \" -*- nroff -*- +.TH "qbutil.h" 3 "Thu Apr 25 2019" "Version 1.0.5" "libqb" \" -*- nroff -*- .ad l .nh .SH NAME diff -Nru libqb-1.0.4/docs/man8/qb-blackbox.8 libqb-1.0.5/docs/man8/qb-blackbox.8 --- libqb-1.0.4/docs/man8/qb-blackbox.8 2019-04-09 11:29:39.000000000 +0200 +++ libqb-1.0.5/docs/man8/qb-blackbox.8 2019-04-23 16:25:10.000000000 +0200 @@ -30,7 +30,7 @@ Due to variations amongst platforms, some of which directly impact the libqb's blackbox format handling (e.g. page size), there's currently only the commitment that \fBqb-blackbox\fR shall decode the blackbox files -recorded at the same plaform (plus the same page size) while using libqb +recorded at the same platform (plus the same page size) while using libqb compiled with the same relevant compile-time options (e.g. \fBUSE_CACHE_LINE_ALIGNMENT\fR) as linked to this decoder. Otherwise, your mileage may vary. diff -Nru libqb-1.0.4/include/qb/qbarray.h libqb-1.0.5/include/qb/qbarray.h --- libqb-1.0.4/include/qb/qbarray.h 2019-04-09 11:29:39.000000000 +0200 +++ libqb-1.0.5/include/qb/qbarray.h 2019-04-23 16:25:10.000000000 +0200 @@ -52,8 +52,8 @@ * indexing, this gives a valid index range [0, @c QB_ARRAY_MAX_ELEMENTS), * where the notation denotes the beginning of the interval is included and * the end is excluded. In other words, client space shall avoid a pitfall - * of relying solely on the type of @max_elements parameter to - * @ref qb_array_create and/or of @idx parameter to @ref qb_array_index + * of relying solely on the type of @c max_elements parameter to + * @ref qb_array_create and/or of @c idx parameter to @ref qb_array_index * (these types conflict, anyway). */ diff -Nru libqb-1.0.4/include/qb/qbconfig.h libqb-1.0.5/include/qb/qbconfig.h --- libqb-1.0.4/include/qb/qbconfig.h 2019-04-12 10:30:51.000000000 +0200 +++ libqb-1.0.5/include/qb/qbconfig.h 2019-04-25 10:29:59.000000000 +0200 @@ -39,7 +39,7 @@ but that was only introduced after v1.0.2 */ #define QB_VER_MAJOR 1 #define QB_VER_MINOR 0 -#define QB_VER_MICRO 4 +#define QB_VER_MICRO 5 #define QB_VER_REST "" #define QB_VER_STR \ diff -Nru libqb-1.0.4/lib/ipc_int.h libqb-1.0.5/lib/ipc_int.h --- libqb-1.0.4/lib/ipc_int.h 2019-04-09 11:30:00.000000000 +0200 +++ libqb-1.0.5/lib/ipc_int.h 2019-04-23 16:25:10.000000000 +0200 @@ -207,6 +207,6 @@ int use_filesystem_sockets(void); -void remove_tempdir(const char *name, size_t namelen); +void remove_tempdir(const char *name); #endif /* QB_IPC_INT_H_DEFINED */ diff -Nru libqb-1.0.4/lib/ipcs.c libqb-1.0.5/lib/ipcs.c --- libqb-1.0.4/lib/ipcs.c 2019-04-09 11:30:00.000000000 +0200 +++ libqb-1.0.5/lib/ipcs.c 2019-04-23 16:25:10.000000000 +0200 @@ -642,7 +642,7 @@ scheduled_retry = 1; } } - remove_tempdir(c->description, CONNECTION_DESCRIPTION); + remove_tempdir(c->description); if (scheduled_retry == 0) { /* This removes the initial alloc ref */ qb_ipcs_connection_unref(c); diff -Nru libqb-1.0.4/lib/ipc_setup.c libqb-1.0.5/lib/ipc_setup.c --- libqb-1.0.4/lib/ipc_setup.c 2019-04-09 11:30:00.000000000 +0200 +++ libqb-1.0.5/lib/ipc_setup.c 2019-04-23 16:25:10.000000000 +0200 @@ -620,6 +620,8 @@ int32_t res2 = 0; uint32_t max_buffer_size = QB_MAX(req->max_msg_size, s->max_buffer_size); struct qb_ipc_connection_response response; + const char suffix[] = "/qb"; + int desc_len; c = qb_ipcs_connection_alloc(s); if (c == NULL) { @@ -644,23 +646,40 @@ c->stats.client_pid = ugp->pid; #if defined(QB_LINUX) || defined(QB_CYGWIN) - snprintf(c->description, CONNECTION_DESCRIPTION, - "/dev/shm/qb-%d-%d-%d-XXXXXX", s->pid, ugp->pid, c->setup.u.us.sock); + desc_len = snprintf(c->description, CONNECTION_DESCRIPTION - sizeof suffix, + "/dev/shm/qb-%d-%d-%d-XXXXXX", s->pid, ugp->pid, c->setup.u.us.sock); + if (desc_len < 0) { + res = -errno; + goto send_response; + } + if (desc_len >= CONNECTION_DESCRIPTION - sizeof suffix) { + res = -ENAMETOOLONG; + goto send_response; + } if (mkdtemp(c->description) == NULL) { - res = errno; + res = -errno; goto send_response; } - res = chown(c->description, c->auth.uid, c->auth.gid); - if (res != 0) { - res = errno; + if (chmod(c->description, 0770)) { + res = -errno; goto send_response; } + /* chown can fail because we might not be root */ + (void)chown(c->description, c->auth.uid, c->auth.gid); /* We can't pass just a directory spec to the clients */ - strncat(c->description,"/qb", CONNECTION_DESCRIPTION); + memcpy(c->description + desc_len, suffix, sizeof suffix); #else - snprintf(c->description, CONNECTION_DESCRIPTION, - "%d-%d-%d", s->pid, ugp->pid, c->setup.u.us.sock); + desc_len = snprintf(c->description, CONNECTION_DESCRIPTION, + "%d-%d-%d", s->pid, ugp->pid, c->setup.u.us.sock); + if (desc_len < 0) { + res = -errno; + goto send_response; + } + if (desc_len >= CONNECTION_DESCRIPTION) { + res = -ENAMETOOLONG; + goto send_response; + } #endif @@ -885,16 +904,15 @@ return 0; } -void remove_tempdir(const char *name, size_t namelen) +void remove_tempdir(const char *name) { #if defined(QB_LINUX) || defined(QB_CYGWIN) char dirname[PATH_MAX]; - char *slash; - memcpy(dirname, name, namelen); + char *slash = strrchr(name, '/'); - slash = strrchr(dirname, '/'); - if (slash) { - *slash = '\0'; + if (slash && slash - name < sizeof dirname) { + memcpy(dirname, name, slash - name); + dirname[slash - name] = '\0'; /* This gets called more than it needs to be really, so we don't check * the return code. It's more of a desperate attempt to clean up after ourself * in either the server or client. diff -Nru libqb-1.0.4/lib/ipc_shm.c libqb-1.0.5/lib/ipc_shm.c --- libqb-1.0.4/lib/ipc_shm.c 2019-04-09 11:33:06.000000000 +0200 +++ libqb-1.0.5/lib/ipc_shm.c 2019-04-23 16:25:10.000000000 +0200 @@ -240,7 +240,7 @@ } } - remove_tempdir(c->description, CONNECTION_DESCRIPTION); + remove_tempdir(c->description); } static int32_t diff -Nru libqb-1.0.4/lib/ipc_socket.c libqb-1.0.5/lib/ipc_socket.c --- libqb-1.0.4/lib/ipc_socket.c 2019-04-09 11:30:00.000000000 +0200 +++ libqb-1.0.5/lib/ipc_socket.c 2019-04-23 16:25:10.000000000 +0200 @@ -376,7 +376,7 @@ } /* Last-ditch attempt to tidy up after ourself */ - remove_tempdir(c->request.u.us.shared_file_name, PATH_MAX); + remove_tempdir(c->request.u.us.shared_file_name); qb_ipcc_us_sock_close(c->event.u.us.sock); qb_ipcc_us_sock_close(c->request.u.us.sock); @@ -772,7 +772,7 @@ } - remove_tempdir(c->description, CONNECTION_DESCRIPTION); + remove_tempdir(c->description); } static int32_t diff -Nru libqb-1.0.4/lib/Makefile.am libqb-1.0.5/lib/Makefile.am --- libqb-1.0.4/lib/Makefile.am 2019-04-12 10:21:59.000000000 +0200 +++ libqb-1.0.5/lib/Makefile.am 2019-04-25 09:56:22.000000000 +0200 @@ -30,7 +30,7 @@ lib_LTLIBRARIES = libqb.la -libqb_la_LDFLAGS = -version-info 19:1:19 +libqb_la_LDFLAGS = -version-info 19:2:19 source_to_lint = util.c hdb.c ringbuffer.c ringbuffer_helper.c \ array.c loop.c loop_poll.c loop_job.c \ diff -Nru libqb-1.0.4/lib/Makefile.in libqb-1.0.5/lib/Makefile.in --- libqb-1.0.4/lib/Makefile.in 2019-04-12 10:30:40.000000000 +0200 +++ libqb-1.0.5/lib/Makefile.in 2019-04-25 10:29:48.000000000 +0200 @@ -592,7 +592,7 @@ AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include lib_LTLIBRARIES = libqb.la -libqb_la_LDFLAGS = -version-info 19:1:19 +libqb_la_LDFLAGS = -version-info 19:2:19 source_to_lint = util.c hdb.c ringbuffer.c ringbuffer_helper.c \ array.c loop.c loop_poll.c loop_job.c \ loop_timerlist.c ipcc.c ipcs.c ipc_shm.c \ diff -Nru libqb-1.0.4/.tarball-version libqb-1.0.5/.tarball-version --- libqb-1.0.4/.tarball-version 2019-04-12 10:30:53.000000000 +0200 +++ libqb-1.0.5/.tarball-version 2019-04-25 10:30:00.000000000 +0200 @@ -1 +1 @@ -1.0.4 +1.0.5 diff -Nru libqb-1.0.4/.version libqb-1.0.5/.version --- libqb-1.0.4/.version 2019-04-12 10:30:52.000000000 +0200 +++ libqb-1.0.5/.version 2019-04-25 10:29:59.000000000 +0200 @@ -1 +1 @@ -1.0.4 +1.0.5 All in all, the point of this upload is synchronizing our version numbers with upstream. Thanks for your consideration. unblock libqb/1.0.5-1