Package: mairix Version: 0.23+git20131125-0.3 Followup-For: Bug #795937 Just in case it's useful, I made a patch to create a -0.4 with the patch mentioned in this bug ticket applied.
-- System Information: Debian Release: 8.1 APT prefers stable APT policy: (990, 'stable'), (200, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages mairix depends on: ii libbz2-1.0 1.0.6-7+b3 ii libc6 2.19-18 ii zlib1g 1:1.2.8.dfsg-2+b1 mairix recommends no packages. mairix suggests no packages. -- debconf-show failed
diff -Nur mairix-0.23+git20131125.orig/debian/changelog mairix-0.23+git20131125/debian/changelog --- mairix-0.23+git20131125.orig/debian/changelog 2014-08-03 01:41:40.000000000 -0700 +++ mairix-0.23+git20131125/debian/changelog 2015-09-09 13:36:26.519682377 -0700 @@ -1,3 +1,12 @@ +mairix (0.23+git20131125-0.4) unstable; urgency=medium + + * Non-maintainer upload. + * Add fix-256-char-limit-on-filenames.patch to handle some of the + stack-smashing bugs that have been mentioned in upstream's + bugtracker. Closes: #795937 + + -- Bradley M. Kuhn <bk...@ebb.org> Wed, 09 Sep 2015 13:34:04 -0700 + mairix (0.23+git20131125-0.3) unstable; urgency=medium * Non-maintainer upload. diff -Nur mairix-0.23+git20131125.orig/debian/patches/fix-256-char-limit-on-filenames.patch mairix-0.23+git20131125/debian/patches/fix-256-char-limit-on-filenames.patch --- mairix-0.23+git20131125.orig/debian/patches/fix-256-char-limit-on-filenames.patch 1969-12-31 16:00:00.000000000 -0800 +++ mairix-0.23+git20131125/debian/patches/fix-256-char-limit-on-filenames.patch 2015-09-09 13:46:47.495485662 -0700 @@ -0,0 +1,28 @@ +Description: Partial fix for stack smashing bug. + As the author of the patch mentions, this may not be the only + place in mairix where a stack smash may occur, but this change does + correct a few static-sized buffers to be dynamically sized based on + inputs. +Bug: https://github.com/rc0/mairix/issues/10 +Bug-Debian: http://bugs.debian.org/795937 +Author: Daniel Silverstone <dsilv...@digital-scurf.org> +Last-Update: 2015-08-18 + +Index: mairix-0.23+git20131125/nvp.c +=================================================================== +--- mairix-0.23+git20131125.orig/nvp.c ++++ mairix-0.23+git20131125/nvp.c +@@ -146,9 +146,9 @@ struct nvp *make_nvp(struct msg_src *src + unsigned int tok; + char *q; + unsigned char qq; +- char name[256]; +- char minor[256]; +- char value[256]; ++ char name[strlen(s)+1]; ++ char minor[strlen(s)+1]; ++ char value[strlen(s)+1]; + enum nvp_action last_action, current_action; + struct nvp *result; + size_t pfxlen; diff -Nur mairix-0.23+git20131125.orig/debian/patches/series mairix-0.23+git20131125/debian/patches/series --- mairix-0.23+git20131125.orig/debian/patches/series 2014-08-03 01:24:52.000000000 -0700 +++ mairix-0.23+git20131125/debian/patches/series 2015-09-09 14:08:32.590081071 -0700 @@ -1,2 +1,3 @@ #fix-test-suite.patch fix-search-with-equal-in-msgid.patch +fix-256-char-limit-on-filenames.patch
