Bug#952509: zipnote : Segfault during write operation
Package: unzip Version: 3.0-11+b1 Dear Maintainer, I would like to report a security bug to zipnote binary of zip package (zipinfo). A segfault during the write operation with zipnote version 3.0 How to reproduce the bug : 1 - zipnote crash00.zip > note 2 - zipnote -w crash00.zip < note The execution trace show a memcpy with the wrong size : ## free(0x559aff234480) = free(0x559aff2343a0) = fclose(0x559aff234150) = 0 ftello64(0x559aff233280, 1, 0, 0x559aff233010) = 124 malloc(1) = 0x559aff234480 memcpy(0x559aff234480, "", 0) = 0x559aff234480 memcpy(0x559aff234480, "mples/UT\005\0\177\0\0\0\0\0\0\0\0\0\0\301\0\0\0\0\0\0\0\036\003\n"..., 18446744073709551605 --- SIGSEGV (Segmentation fault) --- ## I stay available if you need more informations. Best regards. The version of zipnote : ' $ zipnote -v Copyright (c) 1990-2008 Info-ZIP - Type 'zipnote "-L"' for software license. This is ZipNote 3.0 (July 5th 2008), by Info-ZIP. Currently maintained by E. Gordon. Please send bug reports to the authors using the web page at www.info-zip.org; see README for details. Latest sources and executables are at ftp://ftp.info-zip.org/pub/infozip, as of above date; see http://www.info-zip.org/ for other sites. Compiled with gcc 6.3.0 20170221 for Unix (Linux ELF). ZipNote special compilation options: [none] The version of debian : ' Linux 4.19.0-5-cloud-amd64 #1 SMP Debian 4.19.37-5+deb10u2 (2019-08-08) x86_64 GNU/Linux The file : ' $ hexdump -C crash00.zip 50 4b 03 04 0a 00 00 00 0a 00 3c 69 25 50 00 00 |PK...,...,,...| 0250 2c e3 83 8f 2c e3 83 98 2c 2c 2c e3 83 8a 5d 3d |,...,...,,,...]=| 0260 5b 21 21 e3 82 a6 5d 2b 21 e3 82 a6 2b e3 82 a6 |[!!...]+!...+...| 0270 2e e3 82 a6 29 5b e3 82 a2 2b 3d e3 82 a6 2b e3 |)[...+=...+.| 0280 83 8a 2b e3 83 98 2b e3 83 8d 2b e3 83 9b 2b e3 |..+...+...+...+.| 0290 83 8c 2b e3 82 a2 2b e3 00 00 00 00 00 00 00 00 |..+...+.| 02a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || * 02c0 80 00 00 00 00 00 00 00 00 00 00 00 00 00|..| 02ce
Bug#693468: Please unblock this package.
Please unblock this package. The Cangjie Chinese input method is not usable without this. Koala Yeung
Bug#693457: Please unblock this package
Please unblock this package. The Cangjie Chinese input method is not usable without this. Koala Yeung
Bug#603065: kipina: Segfaults at launching
Package: kipina Version: 0.1.1-4 Severity: important When launching kipina, it segfaults. I use awesome WM, and my shell is zsh. -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (987, 'unstable'), (985, 'stable'), (983, 'stable'), (982, 'testing'), (980, 'testing'), (98, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages kipina depends on: ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra ii libfontconfig1 2.8.0-2.1generic font configuration library ii libglade2-0 1:2.6.4-1library to load .glade files at ru ii libglib2.0-02.24.2-1 The GLib library of C routines ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface ii libpango1.0-0 1.28.3-1 Layout and rendering of internatio ii libx11-62:1.3.3-3X11 client-side library ii libxcursor1 1:1.1.11-1 X cursor management library ii libxext62:1.1.2-1X11 miscellaneous extension librar ii libxfixes3 1:4.0.5-1X11 miscellaneous 'fixes' extensio ii libxi6 2:1.3-4 X11 Input extension library ii libxinerama12:1.1.1-1X11 Xinerama extension library ii libxml2 2.7.8.dfsg-1 GNOME XML library ii libxrandr2 2:1.3.0-3X11 RandR extension library ii libxrender1 1:0.9.6-1X Rendering Extension client libra ii libxslt1.1 1.1.26-6 XSLT 1.0 processing library - runt kipina recommends no packages. kipina suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#565709: oss4-base: fixed the bug
Package: oss4-base Version: 4.2-build2002-3 Severity: normal Hi, I finally had the time to correct the bug I modified the soundon and soundoff scripts from the 4front .deb installer to work with the debian installation of oss4. I had to modify the /etc/oss.conf file (see attachment) in order to include the /var/dkms for my soundon modified script. One problem though, you need the ossvermagic program from the 4front .deb in order for the scripts to work (I don't know if we can find a workaround for this, but I think including this program in the official oss4-base debian package would not be too difficult). -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (987, 'unstable'), (985, 'stable'), (983, 'stable'), (982, 'testing'), (980, 'testing'), (98, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages oss4-base depends on: ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib ii linux-sound-base 1.0.23+dfsg-1 base package for ALSA and OSS soun oss4-base recommends no packages. Versions of packages oss4-base suggests: ii oss4-dkms [oss4-modules] 4.2-build2002-3 Open Sound System - DKMS module so -- Configuration Files: /etc/oss.conf changed: OSSETCDIR=/etc/oss4 OSSVARDIR=/var/lib/oss4 OSSDKMSDIR=/var/lib/dkms/oss4/4.2-build2002 -- no debconf information #!/bin/sh if test -f /etc/oss.conf then . /etc/oss.conf else OSSSETDIR=/etc/oss4 fi if ! test -f /proc/opensound/devfiles then echo OSS not loaded. exit 0 fi if ! test -f $OSSETCDIR/installed_drivers then echo $OSSETCDIR/installed_drivers is missing. exit 1 fi # Save mixer settings automatically if requested if test -f $OSSETCDIR/userdefs && grep -q "autosave_mixer yes" $OSSETCDIR/userdefs then /usr/sbin/savemixer fi # Save legacy devices /usr/sbin/ossdevlinks PROGRAMS="`fuser /dev/mixer* /dev/dsp* /dev/midi* /dev/oss/*/* 2>/dev/null`" if test "$PROGRAMS " != " " then echo echo Some applications are still using OSS - cannot unload echo for n in $PROGRAMS do if test -f /proc/$n/cmdline then echo $n `cat /proc/$n/cmdline | sed 's/\x00/ /g'` else echo $n Unknown fi done echo echo Please stop these applications and run soundoff again exit 2 fi for i in 1 2 3 do for n in `egrep "^osscore" /proc/modules 2>/dev/null | cut -d ' ' -f 4 | sed 's/,/ /g'` `cat $OSSETCDIR/installed_drivers | sed 's/#.*//'` osscore do /sbin/modprobe -r $n > /dev/null 2>&1 done done if ! test -f /proc/opensound/devfiles # OSS gone? then exit 0 fi echo Cannot unload the OSS driver modules exit 3 #!/bin/sh if test -f /etc/oss.conf then . /etc/oss.conf else OSSETCDIR=/etc/oss4 fi if ! test -d /proc then echo soundon script requires procfs to be mounted at /proc! exit 200 fi if test -f /proc/opensound/devfiles then echo OSS is already loaded. exit 0 fi if test -f $OSSETCDIR/starting then echo Previous start of OSS crashed the system echo Please resolve the situation and remove file echo \"$OSSETCDIR/starting\". Then start OSS by echo running soundon again. exit 1 fi NOTIFY=0 LOG=/var/log/soundon.log echo "Open Sound System starting" `date` > $LOG echo "OSS version: " `cat $OSSETCDIR/version.dat` >> $LOG 2>&1 KERNEL_VERSION=`uname -r` echo "Kernel version: " $KERNEL_VERSION >> $LOG KERNEL_VERMAGIC=`/usr/sbin/ossvermagic -z -s` echo "Kernel vermagic: " $KERNEL_VERMAGIC >> $LOG 2>&1 if ! test -f $OSSETCDIR/installed_drivers then echo No $OSSETCDIR/installed_drivers - running ossdetect >> $LOG /usr/sbin/ossdetect -v >> $LOG fi if ! test -f $OSSETCDIR/installed_drivers then echo Still no $OSSETCDIR/installed_drivers - cannot continue >> $LOG echo No $OSSETCDIR/installed_drivers - cannot continue exit 10 fi UBUNTU_OVERRIDE= POS_UBUNTU_OVERRIDE= if test -f /lib/modules/$KERNEL_VERSION/kernel/oss/osscore.ko then # Verify that vermagic of OSS matches the kernel vermagic OSS_VERMAGIC=`/usr/sbin/ossvermagic -z -q /lib/modules/$KERNEL_VERSION/kernel/oss/osscore.ko` if ! test "$OSS_VERMAGIC " = "$KERNEL_VERMAGIC " then OSS_ORIG_VERMAGIC="$OSS_VERMAGIC" OSS_VERMAGIC=`/usr/sbin/ossvermagic -z -u -q /lib/modules/$KERNEL_VERSION/kernel/oss/osscore.ko` POS_UBUNTU_OVERRIDE=1 fi if ! test "$OSS_VERMAGIC " = "$KERNEL_VERMAGIC " then echo "Oldvermagic: " $OSS_VERMAGIC >> $LOG rm -rf /lib/modules/$KERNEL_VERSION/kernel/oss echo Previous OSS modules were for a different kernel version - removed echo Previous OSS modules were for a different kernel version - removed >> $LOG elif test "$POS_UBUNTU_OVERRIDE " = "1 " then echo "Vermagic backup check activated for Ubuntu. Backup vermagic: $OSS_VERMAGIC. OSS stored vermagic $OSS_ORIG_VERMAGIC" >> $LOG UBUNTU_OVERRIDE="-u" fi fi if ! test -f $OSSDKMSDIR/$KERNEL_VERSION/x86_64/module/oss
Bug#565709: oss4-base: fails with suspend
Package: oss4-base Version: 4.2-build2002-3 Severity: normal Hi, This is a major problem for people like me who use a laptop. The missing scripts are : soundon, soundoff, savemixer. These scripts rely on several directories/files that are not provided by the official debian package : OSSLIBDIR (/usr/lib/oss) which I can't find in the official package /etc/installed_drivers or OSSLIBDIR/etc/installed_driver which has been transformed in /etc/oss4/installed_drivers in the official package And maybe others that I haven't seen. So these scripts need to be adapted to debian in order to function (maybe I can do it if one of you guys explained to me what you are changing from the initial package) The question is : do you plan to solve the problem ? If not, I will use the 4front package, which provides all the files needed (but don't fit into debian as perfectly as this one). -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (987, 'unstable'), (985, 'stable'), (983, 'stable'), (982, 'testing'), (980, 'testing'), (98, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages oss4-base depends on: ii libc6 2.11.1-3 Embedded GNU C Library: Shared lib ii linux-sound-base 1.0.23+dfsg-1 base package for ALSA and OSS soun oss4-base recommends no packages. Versions of packages oss4-base suggests: ii oss4-dkms [oss4-modules] 4.2-build2002-3 Open Sound System - DKMS module so -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#569782: epiphany-browser: fails to log in to libre.fm website
Shame on me, i did not check this. I was on "only for the websites i am browsing" (i use a french version so i do not know the exact name of the option in English). Changing to "accept all" did the trick, i can now connect to libre.fm. Thanks ! Le lundi 15 février 2010 à 11:33 -0200, Gustavo Noronha Silva a écrit : > On Sun, 2010-02-14 at 11:08 +0100, koala_avenger wrote: > > Since the update to version 2.29.90.1, when I try to connect to > > libre.fm, epiphany goes back to the homepage (http://alpha.libre.fm/) > > without logging me in. > > > > This is epiphany related (and not webkit related) as there is no such > > issue with midori. > > Can you please check your preferences dialog, in the privacy tab, that > the cookies policy is 'Accept all'? The other option has a small known > issue for which a fix is in the works. > > Thanks, > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1266250776.4497.4.ca...@koala
