Bug#244289: xball: Package includes non-free source code.
I unarchived this bug as the package still contains the source file act_area.c with the same non-free license. I marked it as found in xball/3.0-12 because it was the earliest version I was able to dig on debsnaps. As such, I couldn't pinpoint the exact version between that and 3.0-5 in which the file was reintroduced. -- ⢀⣴⠾⠻⢶⣦⠀ David da Silva Polverari ⣾⠁⢠⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋⠀ Debian: The universal operating system ⠈⠳⣄
Bug#1021278: (no subject)
fixed 1021278 3.0.2-2 thanks
Bug#1021278: pngcheck: CVE-2020-35511
Sorry, I made a mistake when trying to send the link to the closed bug [1]. You can find the right link below. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976350 Regards, David.
Bug#1021278: pngcheck: CVE-2020-35511
Hi, I adjusted the affected versions in the BTS, but I couldn't find any patch for it. The reference to buffer overflows seem related to CVE-2020-27818, so I wonder whether it is a duplicate or not. If it is, it was already closed in [1]. [1] CVE-2020-27818 Regards, David
Bug#925782: mp3check: diff for NMU version 0.8.7-3.1
Control: tags 925782 + pending Dear maintainer, I've prepared an NMU for mp3check (versioned as 0.8.7-3.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer or cancel the NMU. Regards, David Polverari. diff -Nru mp3check-0.8.7/debian/changelog mp3check-0.8.7/debian/changelog --- mp3check-0.8.7/debian/changelog 2018-12-22 18:33:01.0 -0500 +++ mp3check-0.8.7/debian/changelog 2020-06-11 00:33:53.0 -0500 @@ -1,3 +1,12 @@ +mp3check (0.8.7-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * debian/patches/60_bts925782_ftbfs_with_gcc_9.patch: added to fix FTBFS +with GCC-9. Thanks to Joachim Reichel . (Closes: +#925782) + + -- David da Silva Polverari Thu, 11 Jun 2020 00:33:53 -0500 + mp3check (0.8.7-3) unstable; urgency=medium [ Helmut Grohne ] diff -Nru mp3check-0.8.7/debian/patches/60_bts925782_ftbfs_with_gcc_9.patch mp3check-0.8.7/debian/patches/60_bts925782_ftbfs_with_gcc_9.patch --- mp3check-0.8.7/debian/patches/60_bts925782_ftbfs_with_gcc_9.patch 1969-12-31 19:00:00.0 -0500 +++ mp3check-0.8.7/debian/patches/60_bts925782_ftbfs_with_gcc_9.patch 2020-06-11 00:33:53.0 -0500 @@ -0,0 +1,50 @@ +Description: fix FTBFS with GCC-9 +Author: Joachim Reichel +Bug-Debian: https://bugs.debian.org/925782 +Last-Update: 2019-09-01 + +--- a/texception.h b/texception.h +@@ -38,10 +38,10 @@ + + #define TExceptionN(n) public: virtual const char *name() const { return #n; } + #define TExceptionM(m) public: virtual const char *message() const { return m; } +-#define TExceptionM1(m,a) public: virtual const char *message() const { char *buf; asprintf(&buf, m, a); return buf; } +-#define TExceptionM2(m,a,b) public: virtual const char *message() const { char *buf; asprintf(&buf, m, a,b); return buf; } +-#define TExceptionM3(m,a,b,c) public: virtual const char *message() const { char *buf; asprintf(&buf, m, a,b,c); return buf; } +-#define TExceptionM4(m,a,b,c,d) public: virtual const char *message() const { char *buf; asprintf(&buf, m, a,b,c,d); return buf; } ++#define TExceptionM1(m,a) public: virtual const char *message() const { char *buf; int result = asprintf(&buf, m, a); return result != -1 ? buf : "asprintf failure"; } ++#define TExceptionM2(m,a,b) public: virtual const char *message() const { char *buf; int result = asprintf(&buf, m, a,b); return result != -1 ? buf : "asprintf failure"; } ++#define TExceptionM3(m,a,b,c) public: virtual const char *message() const { char *buf; int result = asprintf(&buf, m, a,b,c); return result != -1 ? buf : "asprintf failure"; } ++#define TExceptionM4(m,a,b,c,d) public: virtual const char *message() const { char *buf; int result = asprintf(&buf, m, a,b,c,d); return result != -1 ? buf : "asprintf failure"; } + + // base class of all exceptions + class TException { +--- a/tstring.cc b/tstring.cc +@@ -111,7 +111,7 @@ + tstring::Rep *tstring::Rep::create(size_t tmem) { +size_t m = sizeof(Rep) << 1; +while((m - 1 - sizeof(Rep)) < tmem) m <<= 1; +- Rep *p = new (m - 1 - sizeof(Rep)) Rep; ++ Rep *p = new (/*tag*/ true, m - 1 - sizeof(Rep)) Rep; +p->mem = m - 1 - sizeof(Rep); p->ref = 1; p->vulnerable = false; +return p; + } +--- a/tstring.h b/tstring.h +@@ -71,9 +71,12 @@ + + // static methods + // operator new for this class +- static void * operator new (size_t size, size_t tmem) { ++ // add a tag parameter to ensure that the signature of the delete operator does not collide with the (void*,size_t) overload ++ static void * operator new (size_t size, bool /*tag*/, size_t tmem) { + return ::operator new (size + tmem + 1);} +- static void operator delete (void *p, size_t) { ++ static void operator delete (void *p, bool /*tag*/, size_t) { ++ ::operator delete (p); } ++ static void operator delete (void *p) { + ::operator delete (p); } + + // create a new representation diff -Nru mp3check-0.8.7/debian/patches/series mp3check-0.8.7/debian/patches/series --- mp3check-0.8.7/debian/patches/series 2018-12-22 18:33:01.0 -0500 +++ mp3check-0.8.7/debian/patches/series 2020-06-11 00:12:11.0 -0500 @@ -4,3 +4,4 @@ 30_hardening.patch 40_bts726068_remove_truncated_last_frame.patch nostrip.patch +60_bts925782_ftbfs_with_gcc_9.patch
Bug#925672: efivar: diff for NMU version 37-2.1
On Wed, Jun 10, 2020 at 07:32:36PM +, mario.limoncie...@dell.com wrote: > I don't have a concern to this, but would you mind also submitting > it to Salsa and linking back so we can get it into VCS? > I have sent a merge request [1] on Salsa with the changes included on the NMU. I branched it from cf16f73, as there was an unreleased debian/changelog entry on a newer commit. [1] https://salsa.debian.org/efi-team/efivar/-/merge_requests/2
Bug#925672: efivar: diff for NMU version 37-2.1
Control: tags 925672 + pending Dear maintainer, I've prepared an NMU for efivar (versioned as 37-2.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer or cancel the NMU. Regards, David Polverari. diff -Nru efivar-37/debian/changelog efivar-37/debian/changelog --- efivar-37/debian/changelog 2019-03-01 12:55:07.0 -0500 +++ efivar-37/debian/changelog 2020-06-09 17:31:58.0 -0500 @@ -1,3 +1,12 @@ +efivar (37-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * debian/patches: added upstream patches fix-gcc9-werror-format-guid.patch +and fix-gcc9-werrors.patch to fix FTBFS with GCC 9. Thanks to Matthias +Klose . (Closes: #925672) + + -- David da Silva Polverari Tue, 09 Jun 2020 17:31:58 -0500 + efivar (37-2) unstable; urgency=medium * Cherry-pick fix from upstream: diff -Nru efivar-37/debian/patches/fix-gcc9-werror-format-guid.patch efivar-37/debian/patches/fix-gcc9-werror-format-guid.patch --- efivar-37/debian/patches/fix-gcc9-werror-format-guid.patch 1969-12-31 19:00:00.0 -0500 +++ efivar-37/debian/patches/fix-gcc9-werror-format-guid.patch 2020-06-09 17:25:29.0 -0500 @@ -0,0 +1,28 @@ +Subject: dp.h: make format_guid() handle misaligned guid pointers safely. +Author: Peter Jones +Bug: https://bugzilla.opensuse.org/show_bug.cgi?id=1120862 +Bug-Debian: https://bugs.debian.org/925672 +Origin: upstream, https://github.com/rhboot/efivar/commit/b98ba8921010d03f46704a476c69861515deb1ca +Last-Update: 2019-01-07 +diff --git a/src/dp.h b/src/dp.h +index aa4e390..20cb608 100644 +--- a/src/dp.h b/src/dp.h +@@ -70,8 +70,15 @@ + #define format_guid(buf, size, off, dp_type, guid) ({ \ + int _rc; \ + char *_guidstr = NULL; \ +- \ +- _rc = efi_guid_to_str(guid, &_guidstr); \ ++ efi_guid_t _guid; \ ++ const efi_guid_t * const _guid_p = \ ++ likely(__alignof__(guid) == sizeof(guid)) \ ++? guid \ ++: &_guid;\ ++\ ++ if (unlikely(__alignof__(guid) == sizeof(guid))) \ ++ memmove(&_guid, guid, sizeof(_guid)); \ ++ _rc = efi_guid_to_str(_guid_p, &_guidstr); \ + if (_rc < 0) { \ + efi_error("could not build %s GUID DP string", \ + dp_type);\ diff -Nru efivar-37/debian/patches/fix-gcc9-werrors.patch efivar-37/debian/patches/fix-gcc9-werrors.patch --- efivar-37/debian/patches/fix-gcc9-werrors.patch 1969-12-31 19:00:00.0 -0500 +++ efivar-37/debian/patches/fix-gcc9-werrors.patch 2020-06-09 17:24:41.0 -0500 @@ -0,0 +1,145 @@ +Subject: Fix all the places -Werror=address-of-packed-member catches. +Author: Peter Jones +Bug: https://github.com/rhboot/efivar/issues/123 +Bug-Debian: https://bugs.debian.org/925672 +Origin: upstream, https://github.com/rhboot/efivar/commit/c3c553db85ff10890209d0fe48fb4856ad68e4e0 +Last-Update: 2019-02-21 +--- a/src/dp-message.c b/src/dp-message.c +@@ -620,11 +620,13 @@ + ) / sizeof(efi_ip_addr_t); + format(buf, size, off, "Dns", "Dns("); + for (int i=0; i < end; i++) { +- const efi_ip_addr_t *addr = &dp->dns.addrs[i]; ++ efi_ip_addr_t addr; ++ ++ memcpy(&addr, &dp->dns.addrs[i], sizeof(addr)); + if (i != 0) + format(buf, size, off, "Dns", ","); + format_ip_addr(buf, size, off, "Dns", +- dp->dns.is_ipv6, addr); ++ dp->dns.is_ipv6, &addr); + } + format(buf, size, off, "Dns", ")"); + break; +--- a/src/dp.h b/src/dp.h +@@ -71,13 +71,9 @@ + int _rc; \ + char *_guidstr = NULL; \ + efi_guid_t _guid; \ +- const efi_guid_t * const _guid_p = \ +- likely(__alignof__(guid) == sizeof(guid)) \ +-? guid \ +-: &_guid;\ +-\ +- if (unlikely(__alignof__(guid) == sizeof(guid))) \ +- memmove(&_guid, guid, sizeof(_guid)); \ ++ const efi_guid_t * const _guid_p = &_guid; \ ++ \ ++ memmove(&_guid, guid, sizeof(_guid)); \ + _rc = efi_guid_to_str(_guid_p, &_guidstr); \ + if (_rc < 0) { \ + efi_error("could not build %s GUID DP string", \ +@@ -86,7 +82,7 @@ + _guidstr = onstack(_guidstr, \ + strlen(_guidstr)+1); \ + _rc = format(buf, size, off, dp_type, "%s", \ +- _guidstr); \ ++ _guidstr);\ + } \ + _rc; \ + }) +--- a/src/guid.c b/src/guid.c +@@ -31,7 +31,7 @@ + extern const efi_guid_t efi_guid_zero; + + int NONNULL(1, 2) PUBLIC +-efi_guid_cmp(const efi_guid_t *a, const efi_guid_t *b) ++efi_guid_cmp(const void * const a, const void * const b) + { + return memcmp(a, b, sizeof (efi_guid_t)); + } +--- a/src/include/efivar/efivar.h b/src/include/efivar/efivar.h +@@ -128,7 +128,7 @@ + + extern int efi_guid_is_zero(const efi_guid_t *guid); + extern int efi_guid_is_empty(const efi_guid_t *guid); +-extern int efi_guid_cmp(const efi_guid_t *a, const ef