Bug#244289: xball: Package includes non-free source code.
I unarchived this bug as the package still contains the source file act_area.c with the same non-free license. I marked it as found in xball/3.0-12 because it was the earliest version I was able to dig on debsnaps. As such, I couldn't pinpoint the exact version between that and 3.0-5 in which the file was reintroduced. -- ⢀⣴⠾⠻⢶⣦⠀ David da Silva Polverari ⣾⠁⢠⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋⠀ Debian: The universal operating system ⠈⠳⣄
Bug#1021278: (no subject)
fixed 1021278 3.0.2-2 thanks
Bug#1021278: pngcheck: CVE-2020-35511
Sorry, I made a mistake when trying to send the link to the closed bug [1]. You can find the right link below. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976350 Regards, David.
Bug#1021278: pngcheck: CVE-2020-35511
Hi, I adjusted the affected versions in the BTS, but I couldn't find any patch for it. The reference to buffer overflows seem related to CVE-2020-27818, so I wonder whether it is a duplicate or not. If it is, it was already closed in [1]. [1] CVE-2020-27818 Regards, David
Bug#925782: mp3check: diff for NMU version 0.8.7-3.1
Control: tags 925782 + pending
Dear maintainer,
I've prepared an NMU for mp3check (versioned as 0.8.7-3.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer or cancel the NMU.
Regards,
David Polverari.
diff -Nru mp3check-0.8.7/debian/changelog mp3check-0.8.7/debian/changelog
--- mp3check-0.8.7/debian/changelog 2018-12-22 18:33:01.0 -0500
+++ mp3check-0.8.7/debian/changelog 2020-06-11 00:33:53.0 -0500
@@ -1,3 +1,12 @@
+mp3check (0.8.7-3.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * debian/patches/60_bts925782_ftbfs_with_gcc_9.patch: added to fix FTBFS
+with GCC-9. Thanks to Joachim Reichel . (Closes:
+#925782)
+
+ -- David da Silva Polverari Thu, 11 Jun 2020 00:33:53 -0500
+
mp3check (0.8.7-3) unstable; urgency=medium
[ Helmut Grohne ]
diff -Nru mp3check-0.8.7/debian/patches/60_bts925782_ftbfs_with_gcc_9.patch mp3check-0.8.7/debian/patches/60_bts925782_ftbfs_with_gcc_9.patch
--- mp3check-0.8.7/debian/patches/60_bts925782_ftbfs_with_gcc_9.patch 1969-12-31 19:00:00.0 -0500
+++ mp3check-0.8.7/debian/patches/60_bts925782_ftbfs_with_gcc_9.patch 2020-06-11 00:33:53.0 -0500
@@ -0,0 +1,50 @@
+Description: fix FTBFS with GCC-9
+Author: Joachim Reichel
+Bug-Debian: https://bugs.debian.org/925782
+Last-Update: 2019-09-01
+
+--- a/texception.h
b/texception.h
+@@ -38,10 +38,10 @@
+
+ #define TExceptionN(n) public: virtual const char *name() const { return #n; }
+ #define TExceptionM(m) public: virtual const char *message() const { return m; }
+-#define TExceptionM1(m,a) public: virtual const char *message() const { char *buf; asprintf(, m, a); return buf; }
+-#define TExceptionM2(m,a,b) public: virtual const char *message() const { char *buf; asprintf(, m, a,b); return buf; }
+-#define TExceptionM3(m,a,b,c) public: virtual const char *message() const { char *buf; asprintf(, m, a,b,c); return buf; }
+-#define TExceptionM4(m,a,b,c,d) public: virtual const char *message() const { char *buf; asprintf(, m, a,b,c,d); return buf; }
++#define TExceptionM1(m,a) public: virtual const char *message() const { char *buf; int result = asprintf(, m, a); return result != -1 ? buf : "asprintf failure"; }
++#define TExceptionM2(m,a,b) public: virtual const char *message() const { char *buf; int result = asprintf(, m, a,b); return result != -1 ? buf : "asprintf failure"; }
++#define TExceptionM3(m,a,b,c) public: virtual const char *message() const { char *buf; int result = asprintf(, m, a,b,c); return result != -1 ? buf : "asprintf failure"; }
++#define TExceptionM4(m,a,b,c,d) public: virtual const char *message() const { char *buf; int result = asprintf(, m, a,b,c,d); return result != -1 ? buf : "asprintf failure"; }
+
+ // base class of all exceptions
+ class TException {
+--- a/tstring.cc
b/tstring.cc
+@@ -111,7 +111,7 @@
+ tstring::Rep *tstring::Rep::create(size_t tmem) {
+size_t m = sizeof(Rep) << 1;
+while((m - 1 - sizeof(Rep)) < tmem) m <<= 1;
+- Rep *p = new (m - 1 - sizeof(Rep)) Rep;
++ Rep *p = new (/*tag*/ true, m - 1 - sizeof(Rep)) Rep;
+p->mem = m - 1 - sizeof(Rep); p->ref = 1; p->vulnerable = false;
+return p;
+ }
+--- a/tstring.h
b/tstring.h
+@@ -71,9 +71,12 @@
+
+ // static methods
+ // operator new for this class
+- static void * operator new (size_t size, size_t tmem) {
++ // add a tag parameter to ensure that the signature of the delete operator does not collide with the (void*,size_t) overload
++ static void * operator new (size_t size, bool /*tag*/, size_t tmem) {
+ return ::operator new (size + tmem + 1);}
+- static void operator delete (void *p, size_t) {
++ static void operator delete (void *p, bool /*tag*/, size_t) {
++ ::operator delete (p); }
++ static void operator delete (void *p) {
+ ::operator delete (p); }
+
+ // create a new representation
diff -Nru mp3check-0.8.7/debian/patches/series mp3check-0.8.7/debian/patches/series
--- mp3check-0.8.7/debian/patches/series 2018-12-22 18:33:01.0 -0500
+++ mp3check-0.8.7/debian/patches/series 2020-06-11 00:12:11.0 -0500
@@ -4,3 +4,4 @@
30_hardening.patch
40_bts726068_remove_truncated_last_frame.patch
nostrip.patch
+60_bts925782_ftbfs_with_gcc_9.patch
Bug#925672: efivar: diff for NMU version 37-2.1
On Wed, Jun 10, 2020 at 07:32:36PM +, mario.limoncie...@dell.com wrote: > I don't have a concern to this, but would you mind also submitting > it to Salsa and linking back so we can get it into VCS? > I have sent a merge request [1] on Salsa with the changes included on the NMU. I branched it from cf16f73, as there was an unreleased debian/changelog entry on a newer commit. [1] https://salsa.debian.org/efi-team/efivar/-/merge_requests/2
Bug#925672: efivar: diff for NMU version 37-2.1
Control: tags 925672 + pending
Dear maintainer,
I've prepared an NMU for efivar (versioned as 37-2.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer or cancel the NMU.
Regards,
David Polverari.
diff -Nru efivar-37/debian/changelog efivar-37/debian/changelog
--- efivar-37/debian/changelog 2019-03-01 12:55:07.0 -0500
+++ efivar-37/debian/changelog 2020-06-09 17:31:58.0 -0500
@@ -1,3 +1,12 @@
+efivar (37-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * debian/patches: added upstream patches fix-gcc9-werror-format-guid.patch
+and fix-gcc9-werrors.patch to fix FTBFS with GCC 9. Thanks to Matthias
+Klose . (Closes: #925672)
+
+ -- David da Silva Polverari Tue, 09 Jun 2020 17:31:58 -0500
+
efivar (37-2) unstable; urgency=medium
* Cherry-pick fix from upstream:
diff -Nru efivar-37/debian/patches/fix-gcc9-werror-format-guid.patch efivar-37/debian/patches/fix-gcc9-werror-format-guid.patch
--- efivar-37/debian/patches/fix-gcc9-werror-format-guid.patch 1969-12-31 19:00:00.0 -0500
+++ efivar-37/debian/patches/fix-gcc9-werror-format-guid.patch 2020-06-09 17:25:29.0 -0500
@@ -0,0 +1,28 @@
+Subject: dp.h: make format_guid() handle misaligned guid pointers safely.
+Author: Peter Jones
+Bug: https://bugzilla.opensuse.org/show_bug.cgi?id=1120862
+Bug-Debian: https://bugs.debian.org/925672
+Origin: upstream, https://github.com/rhboot/efivar/commit/b98ba8921010d03f46704a476c69861515deb1ca
+Last-Update: 2019-01-07
+diff --git a/src/dp.h b/src/dp.h
+index aa4e390..20cb608 100644
+--- a/src/dp.h
b/src/dp.h
+@@ -70,8 +70,15 @@
+ #define format_guid(buf, size, off, dp_type, guid) ({ \
+ int _rc; \
+ char *_guidstr = NULL; \
+- \
+- _rc = efi_guid_to_str(guid, &_guidstr); \
++ efi_guid_t _guid; \
++ const efi_guid_t * const _guid_p = \
++ likely(__alignof__(guid) == sizeof(guid)) \
++? guid \
++: &_guid;\
++\
++ if (unlikely(__alignof__(guid) == sizeof(guid))) \
++ memmove(&_guid, guid, sizeof(_guid)); \
++ _rc = efi_guid_to_str(_guid_p, &_guidstr); \
+ if (_rc < 0) { \
+ efi_error("could not build %s GUID DP string", \
+ dp_type);\
diff -Nru efivar-37/debian/patches/fix-gcc9-werrors.patch efivar-37/debian/patches/fix-gcc9-werrors.patch
--- efivar-37/debian/patches/fix-gcc9-werrors.patch 1969-12-31 19:00:00.0 -0500
+++ efivar-37/debian/patches/fix-gcc9-werrors.patch 2020-06-09 17:24:41.0 -0500
@@ -0,0 +1,145 @@
+Subject: Fix all the places -Werror=address-of-packed-member catches.
+Author: Peter Jones
+Bug: https://github.com/rhboot/efivar/issues/123
+Bug-Debian: https://bugs.debian.org/925672
+Origin: upstream, https://github.com/rhboot/efivar/commit/c3c553db85ff10890209d0fe48fb4856ad68e4e0
+Last-Update: 2019-02-21
+--- a/src/dp-message.c
b/src/dp-message.c
+@@ -620,11 +620,13 @@
+ ) / sizeof(efi_ip_addr_t);
+ format(buf, size, off, "Dns", "Dns(");
+ for (int i=0; i < end; i++) {
+- const efi_ip_addr_t *addr = >dns.addrs[i];
++ efi_ip_addr_t addr;
++
++ memcpy(, >dns.addrs[i], sizeof(addr));
+ if (i != 0)
+ format(buf, size, off, "Dns", ",");
+ format_ip_addr(buf, size, off, "Dns",
+- dp->dns.is_ipv6, addr);
++ dp->dns.is_ipv6, );
+ }
+ format(buf, size, off, "Dns", ")");
+ break;
+--- a/src/dp.h
b/src/dp.h
+@@ -71,13 +71,9 @@
+ int _rc; \
+ char *_guidstr = NULL; \
+ efi_guid_t _guid; \
+- const efi_guid_t * const _guid_p = \
+- likely(__alignof__(guid) == sizeof(guid)) \
+-? guid \
+-: &_guid;\
+-\
+- if (unlikely(__alignof__(guid) == sizeof(guid))) \
+- memmove(&_guid, guid, sizeof(_guid)); \
++ const efi_guid_t * const _guid_p = &_guid; \
++ \
++ memmove(&_guid, guid, sizeof(_guid)); \
+ _rc = efi_guid_to_str(_guid_p, &_guidstr); \
+ if (_rc < 0) { \
+ efi_error("could not build %s GUID DP string", \
+@@ -86,7 +82,7 @@
+ _guidstr = onstack(_guidstr, \
+ strlen(_guidstr)+1); \
+ _rc = format(buf, size, off, dp_type, "%s", \
+- _guidstr); \
++ _guidstr);\
+ } \
+ _rc; \
+ })
+--- a/src/guid.c
b/src/guid.c
+@@ -31,7 +31,7 @@
+ extern const efi_guid_t efi_guid_zero;
+
+ int NONNULL(1, 2) PUBLIC
+-efi_guid_cmp(const efi_guid_t *a, const efi_guid_t *b)
++efi_guid_cmp(const void * const a, const void * const b)
+ {
+ return memcmp(a, b, sizeof (efi_guid_t));
+ }
+--- a/src/include/efivar/efivar.h
b/src/include/efivar/efivar.h
+@@ -128,7 +128,7 @@
+
+ extern int efi_guid_is_zero(const efi_guid_t *guid);
+ extern int efi_guid_is_empty(const efi_guid_t *guid);
+-extern int efi_guid_cmp(const efi_guid_t *a, const efi_guid_t *b);
++extern int efi_guid_cmp
