On 05/25/2015 07:47 PM, Adam D. Barratt wrote: > Please attach the full source debdiff for a package prepared and > tested on jessie.
Debdiff is attached. > The meta-data for that bug claims that the bug still affects unstable. > Given that it appears to be fixed in the package you uploaded yesterday I just uploaded afterwards, yes. > (and indeed had previously uploaded to experimental), I'm unclear as to > why that is. Looking at the changelog, I'm also confused as to why > neither of the changelogs for the 0.9.10 uploads even mentions that you > had applied the patch. > Sorry I messed up with the changelog and forgot some changes (including this patch). I fixed it in the git repo. http://anonscm.debian.org/cgit/collab-maint/libvncserver.git/commit/?id=b33c231b67ef69cd3e65c8c10f5cf214e8f54fa1
diff -Nru libvncserver-0.9.9+dfsg/debian/changelog libvncserver-0.9.9+dfsg/debian/changelog --- libvncserver-0.9.9+dfsg/debian/changelog 2015-05-26 01:08:32.000000000 +0200 +++ libvncserver-0.9.9+dfsg/debian/changelog 2015-05-26 01:20:43.000000000 +0200 @@ -1,3 +1,9 @@ +libvncserver (0.9.9+dfsg-6.2) stable; urgency=medium + + * added patch for libgcrypt init before use (Closes: #782570) + + -- Peter Spiess-Knafl <d...@spiessknafl.at> Tue, 26 May 2015 01:19:44 +0200 + libvncserver (0.9.9+dfsg-6.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch --- libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch 1970-01-01 01:00:00.000000000 +0100 +++ libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch 2015-05-26 01:17:08.000000000 +0200 @@ -0,0 +1,29 @@ +From: Peter Spiess-Knafl <p...@autistici.org> +Date: Wed, 4 Feb 2015 13:20:39 +0100 +Subject: init libgcrypt before use + +--- + libvncclient/rfbproto.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/libvncclient/rfbproto.c b/libvncclient/rfbproto.c +index f653850..aa74c23 100644 +--- a/libvncclient/rfbproto.c ++++ b/libvncclient/rfbproto.c +@@ -857,6 +857,16 @@ HandleARDAuth(rfbClient *client) + rfbCredential *cred = NULL; + rfbBool result = FALSE; + ++ if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P)) ++ { ++ /* Application did not initialize gcrypt, so we should */ ++ if (!gcry_check_version(GCRYPT_VERSION)) ++ { ++ /* Older version of libgcrypt is installed on system than compiled against */ ++ rfbClientLog("libgcrypt version mismatch.\n"); ++ } ++ } ++ + while (1) + { + if (!ReadFromRFBServer(client, (char *)gen, 2)) diff -Nru libvncserver-0.9.9+dfsg/debian/patches/series libvncserver-0.9.9+dfsg/debian/patches/series --- libvncserver-0.9.9+dfsg/debian/patches/series 2015-05-26 01:08:32.000000000 +0200 +++ libvncserver-0.9.9+dfsg/debian/patches/series 2015-05-26 01:17:42.000000000 +0200 @@ -10,3 +10,4 @@ CVE-2015-6053.patch CVE-2014-6054.patch CVE-2014-6055.patch +0004-init-libgcrypt-before-use.patch