[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Pan-users] Re: Startup questions.

From: Duncan
Subject: [Pan-users] Re: Startup questions.
Date: Fri, 11 Jul 2008 01:10:14 +0000 (UTC)
User-agent: Pan/0.132 (Waxed in Black)

walt <address@hidden> posted
address@hidden, excerpted below, on  Thu, 10 Jul 2008 23:29:33

> On Thu, 10 Jul 2008 15:06:13 -0600, Tim Hogan wrote:
>> I am currently running Pan v0.132 on Ubuntu v8.04 installed from the
>> synaptic package manager and I have started to notice that if I have
>> anything still in the queue when I exit Pan I cannot restart Pan.  If I
>> try I get the following;
>> pan: void pan::Parts::set_parts(const pan::PartBatch&):
>> Assertion `pch == part_mid_buf + part_mid_buf_len' failed. Aborted
>> If I delete task.nzb file then I can restart Pan.  Is there a fix to
>> this?  I would like to be able to keep any tasks left over from a
>> previous run.  Would trying to compile the version from svc fix this?
> This has been mentioned before, but I can't reproduce it here.  I'm
> running the latest svn as of today, so it couldn't hurt to try it. There
> have been some patches committed by Charles just this week, but I don't
> know if they would fix the problem you describe.
> Pan2 is really easy to build *if* your machine is all set up to do
> software development, but the default ubuntu install includes none of
> the needed tools -- you'll need to install them yourself.

You can't reproduce it on the SVN version as it was fixed.  That was in 
fact a security fix with a patch available on the bug, so it went in 
pretty quickly once Charles got back to working on pan.

Resuming should normally work regardless, but there was an exploitable 
buffer overflow under certain conditions.  Even then it would have 
normally just caused the aborted initialization posted, but under certain 
very specific conditions it could have been exploited to run arbitrary 
code under the permissions of the user executing pan.

So if you are seeing the problem and are sufficiently technically adept 
to manage a live-SVN pull and compile, I'd absolutely recommend it.  
Given that there are a number of other important patches, including 
current gcc and glib compatibility patches, also applied in svn, it's 
quite likely Charles will release a 0.133 pretty quickly, within a week 
or so, and given the security situation, I'd expect distributions to 
either get it out quickly or at least get a patched 0.132 out.  OTOH, I'm 
wondering why the latter hasn't occurred yet in Ubuntu or whatever else 
you may be running.  I know Gentoo has a patched 0.132-r3 in ~arch at 
least, with the various glib/gcc compatibility patches as well.

Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

reply via email to

[Prev in Thread] Current Thread [Next in Thread]