[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Monotone-commits-diffs] org.debian.monotone: fbfd33230edd751a48e33774db
From: |
code |
Subject: |
[Monotone-commits-diffs] org.debian.monotone: fbfd33230edd751a48e33774dbfb4af434eb0910 |
Date: |
Mon, 11 Mar 2013 21:54:57 +0100 (CET) |
revision: fbfd33230edd751a48e33774dbfb4af434eb0910
tag: debian-monotone-0.48-3
date: 2010-10-30T13:01:44
author: Francis Russell <address@hidden>
branch: org.debian.monotone
changelog:
Add patch to fix empty command-string related issues that can be exploited to
cause a server crash.
manifest:
format_version "1"
new_manifest [639e39f16ca9eb0a980f5adaeaf04df0c2304eb8]
old_revision [099f6964b66ded8018ca38fe94a4ec329bdf755d]
add_file "patches/20-empty-command.diff"
content [57f26a70ddcacfd5ce05c7a5dc5954ce5d75838e]
patch "changelog"
from [64a80024bab09b4af798468c19f7ce94c30da9fb]
to [31468979b9efb1f5b8941a6a116cd03fb46b4c03]
patch "patches/series"
from [010e54b02a946755c6c68e9a6e9fe9d1c0605648]
to [faa1e22ee9c7d7b87ac41adf27f45caed6701634]
============================================================
--- changelog 64a80024bab09b4af798468c19f7ce94c30da9fb
+++ changelog 31468979b9efb1f5b8941a6a116cd03fb46b4c03
@@ -1,11 +1,11 @@ monotone (0.48-3) unstable; urgency=high
monotone (0.48-3) unstable; urgency=high
* Add debian/source/format file as it may become mandatory.
- * debian/patches/10-sqlite_3.7.3_empty_blob.diff: new. Backport
- upstream fix for change in SQLite empty blob behaviour. Closes: #601700.
- * debian/patches/????????.diff: new. Backport upstream security fix
- to prevent crashing of servers with remote command execution enabled.
- Closes: #??????.
+ * debian/patches/10-sqlite_3.7.3_empty_blob.diff: new. Backport
+ upstream fix for change in SQLite empty blob behaviour (closes: #601700).
+ * debian/patches/20-empty-command.diff: new. Backport upstream security fix
+ to prevent crashing of servers with remote command execution enabled
+ (closes: #601850).
-- Francis Russell <address@hidden> Thu, 28 Oct 2010 22:59:20 +0200
============================================================
--- /dev/null
+++ patches/20-empty-command.diff 57f26a70ddcacfd5ce05c7a5dc5954ce5d75838e
@@ -0,0 +1,45 @@
+Description: Prevent remote crashing of certain montone server configurations
+ Monotone versions 0.46, 0.47 and 0.48 are affected by a bug whereby a client
+ sending an empty command string to the server can cause it to terminate if
+ remote command execution is enabled. This was fixed in 0.48.1.
+Bug-Debian: http://bugs.debian.org/601850
+Origin: upstream, commit: 2cc01e1baf1032ccf40053bd9910b12d7b87cce6,
+ commit: c6d7e5ab7f497d2cbef5f91e6880028a67d1f8e2
+Index: monotone-0.48/commands.cc
+===================================================================
+--- monotone-0.48.orig/commands.cc 2010-10-30 12:00:32.906613057 +0100
++++ monotone-0.48/commands.cc 2010-10-30 12:00:33.168601416 +0100
+@@ -302,8 +302,6 @@
+ {
+ map< command_id, command * > matches;
+
+- I(!prefix().empty());
+-
+ for (children_set::const_iterator iter = children().begin();
+ iter != children().end(); iter++)
+ {
+@@ -426,8 +424,10 @@
+ complete_command(args_vector const & args)
+ {
+ // Handle categories early; no completion allowed.
+- if (CMD_REF(__root__)->find_command(make_command_id(args[0]())) != NULL)
+- return make_command_id(args[0]());
++ command_id first_cmd_part = make_command_id(args[0]());
++ if (!first_cmd_part.empty() &&
++ CMD_REF(__root__)->find_command(first_cmd_part) != NULL)
++ return first_cmd_part;
+
+ command_id id;
+ for (args_vector::const_iterator iter = args.begin();
+Index: monotone-0.48/tests/empty_command_name/__driver__.lua
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ monotone-0.48/tests/empty_command_name/__driver__.lua 2010-10-30 12:00:33.169601371 +0100
+@@ -0,0 +1,7 @@
++mtn_setup()
++
++check(mtn(''), 1, false, true)
++check(qgrep("is ambiguous", "stderr"))
++
++check(mtn('ls', ''), 1, false, true)
++check(qgrep("is ambiguous", "stderr"))
============================================================
--- patches/series 010e54b02a946755c6c68e9a6e9fe9d1c0605648
+++ patches/series faa1e22ee9c7d7b87ac41adf27f45caed6701634
@@ -1,3 +1,4 @@ 10-sqlite_3.7.3_empty_blob.diff
00-fail_cleanly_on_unreadable_db.diff
10-sqlite_3.7.3_empty_blob.diff
+20-empty-command.diff
90-stacktrace-on-crash.diff
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Monotone-commits-diffs] org.debian.monotone: fbfd33230edd751a48e33774dbfb4af434eb0910,
code <=