El 06/10/14 a les 09:57, Andreas Tille ha escrit:
there exists a patch for an issue in netcdf and a changelog entry [...] in Git about a new version.
Thanks for pointing out the work that has been started on packaging a new version!
I'd like to add that there has just been a new upstream beta release 4.3.3-rc2. We might want to package that (or the final 4.3.3 release or the current git snapshot which is probably almost the final 4.3.3) instead of a snapshot from several months ago. It's probably more stable.
In any case, both the snapshot that has been used to start the packaging work in the Debian-med repository as well as the recent upstream beta release contain partial fixes of the problem addressed in my patch. They fix 2 of the 3 issues with the URI parsing. I submitted the fix of the 3rd issue to upstream [1] (maybe it will even make it into the 4.3.3 release) and attach the updated patch here in 2 versions, one that applies cleanly to the snapshot in the Debian-Med repository [malformed-uri-crash-snapshot-debian-med.patch] and another one that applies cleanly to upstream's git HEAD and the 4.3.3-rc2 beta release [malformed-uri-crash-4.3.3-rc2.patch].
Cheers, Martin [1] https://github.com/Unidata/netcdf-c/pull/84
Description: Fix checks for malformed URIs to avoid crashes The functions nc_uriparse and ocuriparse caused a segmentation fault when called on malformed URIs like "http:/". This was due to a logical error in the parsing code. Author: Martin Steghöfer <mar...@steghoefer.eu> Bug-Debian: http://bugs.debian.org/757884 Forwarded: https://github.com/Unidata/netcdf-c/pull/84 --- a/libdispatch/ncuri.c +++ b/libdispatch/ncuri.c @@ -188,7 +188,7 @@ ncuriparse(const char* uri0, NCURI** durip) {THROW(6); /* illegal protocol*/} /* skip // */ - if(p[0] != '/' && p[1] != '/') + if(p[0] != '/' || p[1] != '/') {THROW(7);} p += 2; --- a/oc2/ocuri.c +++ b/oc2/ocuri.c @@ -186,7 +186,7 @@ ocuriparse(const char* uri0, OCURI** durip) {THROW(6); goto fail; /* illegal protocol*/} /* skip // */ - if(p[0] != '/' && p[1] != '/') + if(p[0] != '/' || p[1] != '/') {THROW(7); goto fail;} p += 2; -- 1.9.1
Description: Fix checks for malformed URIs to avoid crashes The functions nc_uriparse and ocuriparse caused a segmentation fault when called on malformed URIs like "http:/". This was due to a logical error in the parsing code. Author: Martin Steghöfer <mar...@steghoefer.eu> Bug-Debian: http://bugs.debian.org/757884 Forwarded: https://github.com/Unidata/netcdf-c/pull/84 --- a/libdispatch/ncuri.c +++ b/libdispatch/ncuri.c @@ -169,7 +169,7 @@ ncuriparse(const char* uri0, NCURI** durip) {THROW(6); goto fail; /* illegal protocol*/} /* skip // */ - if(p[0] != '/' && p[1] != '/') + if(p[0] != '/' || p[1] != '/') {THROW(7); goto fail;} p += 2; --- a/oc2/ocuri.c +++ b/oc2/ocuri.c @@ -169,7 +169,7 @@ ocuriparse(const char* uri0, OCURI** durip) {THROW(6); goto fail; /* illegal protocol*/} /* skip // */ - if(p[0] != '/' && p[1] != '/') + if(p[0] != '/' || p[1] != '/') {THROW(7); goto fail;} p += 2;
_______________________________________________ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel
