Bug#975000: marked as done (libpqxx-6.2: handling of eof() in streambuffer underflow: large object truncated)

Thu, 07 Sep 2023 23:03:20 -0700 

Your message dated Fri, 08 Sep 2023 06:01:05 +0000
with message-id <e1qeuyd-00aov3...@fasolo.debian.org>
and subject line Bug#975000: fixed in libpqxx 7.8.1-1
has caused the Debian Bug report #975000,
regarding libpqxx-6.2: handling of eof() in streambuffer underflow: large 
object truncated
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
975000: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975000
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libpqxx-6.2
Version: 6.2.5-1
Severity: important
Tags: patch upstream

Due to the bug, large object may be truncated while reading it from DB if LOB
contains 0xff byte and it hits the buffer boundary.



-- System Information:
Debian Release: 10.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-9-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libpqxx-6.2 depends on:
ii  libc6       2.28-10
ii  libgcc1     1:8.3.0-6
ii  libpq5      11.9-0+deb10u1
ii  libstdc++6  8.3.0-6

libpqxx-6.2 recommends no packages.

libpqxx-6.2 suggests no packages.

-- no debconf information

Index: libpqxx-6.2.5/include/pqxx/largeobject.hxx
===================================================================
--- libpqxx-6.2.5.orig/include/pqxx/largeobject.hxx
+++ libpqxx-6.2.5/include/pqxx/largeobject.hxx
@@ -434,11 +434,12 @@ protected:
   virtual int_type underflow() override
   {
     if (!this->gptr()) return EoF();
-    char *const eb = this->eback();
-    const int_type res(static_cast<int_type>(
-       AdjustEOF(m_obj.cread(this->eback(), m_bufsize))));
-    this->setg(eb, eb, eb + ((res==EoF()) ? 0 : res));
-    return (!res || (res == EoF())) ? EoF() : *eb;
+    auto *const eb{this->eback()};
+    auto const res = AdjustEOF(
+        m_obj.cread(this->eback(), static_cast<std::size_t>(m_bufsize)));
+    this->setg(
+        eb, eb, eb + (res == EoF() ? 0 : static_cast<std::size_t>(res)));
+    return (res == EoF() || res == 0) ? EoF() : traits_type::to_int_type(*eb);
   }
 
 private:

--- End Message ---
--- Begin Message --- 
Source: libpqxx
Source-Version: 7.8.1-1
Done: Teus Benschop <teusbensc...@debian.org>

We believe that the bug you reported is fixed in the latest version of
libpqxx, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 975...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Teus Benschop <teusbensc...@debian.org> (supplier of updated libpqxx package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 07 Sep 2023 17:14:04 +0200
Source: libpqxx
Binary: libpqxx-7.8 libpqxx-7.8-dbgsym libpqxx-dev libpqxx-doc
Architecture: source amd64 all
Version: 7.8.1-1
Distribution: experimental
Urgency: medium
Maintainer: Debian PostgreSQL team <team+postgre...@tracker.debian.org>
Changed-By: Teus Benschop <teusbensc...@debian.org>
Description:
 libpqxx-7.8 - C++ library to connect to PostgreSQL
 libpqxx-dev - C++ library to connect to PostgreSQL (development files)
 libpqxx-doc - C++ library to connect to PostgreSQL (documentation)
Closes: 975000 1003724 1046966
Changes:
 libpqxx (7.8.1-1) experimental; urgency=medium
 .
   [ Marcin Kulisz ]
   * New upstream version 7.2.1
   * Removing unused patches
   * Fixing lintian issues
   * d/watch std bump to 4
 .
   [ Teus Benschop ]
   * New upstream version 7.2.1
 .
   [ Christoph Berg ]
   * debian/watch: Look at GitHub tags.
 .
   [ Maarten van Geijn ]
   * New upstream version 7.8.1 (Closes: #1003724, #1046966, #975000)
     - Developers using this version please beware of API changes since
       Last version shipped with Debian.
       See https://github.com/jtv/libpqxx/releases for more information.
   * Solve lintian warnings indicated by Debian Janitor.
Checksums-Sha1:
 e93350c63b83ceaa7e5fb1d643acee6e2acb306d 2304 libpqxx_7.8.1-1.dsc
 989c74f1d8f1e18ff2822f0541ae89a5940b0e3f 776338 libpqxx_7.8.1.orig.tar.gz
 987df3e2668ec761ac66c81f342950a4b5553dce 19320 libpqxx_7.8.1-1.debian.tar.xz
 396db6d884cdcfbf05bc3dd14219092ae7175923 2254052 
libpqxx-7.8-dbgsym_7.8.1-1_amd64.deb
 7cd14cb36b3897ea3aaf7964486c8d434dea81ae 183704 libpqxx-7.8_7.8.1-1_amd64.deb
 02f8bb4b0f3803f31e037cfa29e2f612d9a6da95 340084 libpqxx-dev_7.8.1-1_amd64.deb
 3cfc443d66b1ebe46f70b12c457b8887290ccc01 1628340 libpqxx-doc_7.8.1-1_all.deb
 79429e037a2a54f25054f25742d1404c93ae6201 10461 libpqxx_7.8.1-1_amd64.buildinfo
Checksums-Sha256:
 c0db9533aa34e40865beea2f669662f6ed9fe086e6168e0d8cc84f9f6011d26d 2304 
libpqxx_7.8.1-1.dsc
 0f4c0762de45a415c9fd7357ce508666fa88b9a4a463f5fb76c235bc80dd6a84 776338 
libpqxx_7.8.1.orig.tar.gz
 8cfe1223a32f59c62042a044a50fc3141471fc244eee61c0680216049ebb5653 19320 
libpqxx_7.8.1-1.debian.tar.xz
 c1dc5ab4e233f50dbfc4c7e0bc8c239acb9b9817da7a34b5ee06fa0cc16b5174 2254052 
libpqxx-7.8-dbgsym_7.8.1-1_amd64.deb
 f80aa88cb7e838e6d61ed18915c37f534a718e57f60413a11adc2ec19f66ae13 183704 
libpqxx-7.8_7.8.1-1_amd64.deb
 2f618122ddac45cc9cb53b53c315751e30c90f2be472c0c4d694b0b705dc4693 340084 
libpqxx-dev_7.8.1-1_amd64.deb
 c2cfbcc9be828a34f6a433eb9adbd98ac6148146981ff936179a4a10c541fb19 1628340 
libpqxx-doc_7.8.1-1_all.deb
 02a4142f6e698ec237e1cc48b16504450efcc8f57f38c8621d007f2ee055f687 10461 
libpqxx_7.8.1-1_amd64.buildinfo
Files:
 7161555c0597c149a4e31e7ffa868f12 2304 libs optional libpqxx_7.8.1-1.dsc
 ab70c9e8c00ac970177c592708f7f39c 776338 libs optional libpqxx_7.8.1.orig.tar.gz
 110158a73e5a395df182d31090353465 19320 libs optional 
libpqxx_7.8.1-1.debian.tar.xz
 01ecb7b9f56170c3dacd8559451adc4f 2254052 debug optional 
libpqxx-7.8-dbgsym_7.8.1-1_amd64.deb
 1e32ebb47603f53ed7ec88f4401777ab 183704 libs optional 
libpqxx-7.8_7.8.1-1_amd64.deb
 24f93920cc230d93325f89ec8c8dbcf3 340084 libdevel optional 
libpqxx-dev_7.8.1-1_amd64.deb
 fbf1c89b544b4ae32ce531fe4254cc4e 1628340 doc optional 
libpqxx-doc_7.8.1-1_all.deb
 0078f9889f52388fb8ecf99f67dfff58 10461 libs optional 
libpqxx_7.8.1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJMBAEBCgA2FiEEher+5c8s1QBza9jekwIrrQVjpR0FAmT5+xYYHHRldXNiZW5z
Y2hvcEBkZWJpYW4ub3JnAAoJEJMCK60FY6UdX20P/RjrORqc22rVTKSJQ6PX6iUM
AwkR44kDr6YZObqwvfnMBefbF1mXbpaxnVKT9W7vwxt4XvpyFTtV/DvpoKEr9L1E
B/3xEl/3ThfPEag1J6EzZspUmK+fHmKWVn4ecweyyqY0t+BCnngcKmP8g2cMmp4c
KaR6LeONb0zCgqReeRa8b3xcrE5gf0NOOU8sqU9w7lqAEVmFnFITTxI5liXsRV5w
6BMZ3YPwBpRjibYJiohd+M52iYFws/Jl3GnXuzph6TytjC0vd+nNmCyWQHSKE01X
Cs4NyCpVw/KqCEkRuKyXr1dNoQ2E2ALAQNW7ByfwTkWVXAb97uPuuZei3Dr+IWLI
w3EHcAiM5ji0MWUk0LKY0QEcQEuqM1BMKArFrOKbQo4uw0y4rZrytcF+ANMtNuhM
I/1dNSTJK15mc9wfBN5vHCNhEEaM+9FluVanETLwYT16f3m05T4VSovi+xOpsE2c
eM0GuBlBnY/QM+btx/hteYAdJYsTdeGqO6vkw+VFKsfQ0o+NgR+zP71HleNcvxil
kQ9vK1kvCyyRY7WdUywFf86PxhFBrT7YJ3b9/BHWpoFaHmXAlnvWc688ofthCbgN
2OWkqNaDyn0UTd2SiWMM0ymSZzEUW2QfoxGyUMMTXIZsj4ROaOCq3eEe6NjJDnRM
/M0NGrSVFQyf4TuP7zbr
=XfFY
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to