[Pkg-inetutils-maint] Bug#287560: marked as done (forgotten patch? write out of bounds in ftpd)

Debian Bug Tracking System owner at bugs.debian.org
Mon Jan 9 06:33:09 UTC 2006 

Your message dated Sun, 08 Jan 2006 22:17:27 -0800
with message-id <E1EvqLP-0008GT-2b at spohr.debian.org>
and subject line Bug#287560: fixed in inetutils 2:1.4.3+20051212-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 28 Dec 2004 19:51:46 +0000
>From jas at extundo.com Tue Dec 28 11:51:46 2004
Return-path: <jas at extundo.com>
Received: from 178.230.13.217.in-addr.dgcsystems.net (yxa.extundo.com) [217.13.230.178] (root)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CjNNi-0002se-00; Tue, 28 Dec 2004 11:51:46 -0800
Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65])
	(authenticated bits=0)
	by yxa.extundo.com (8.13.2/8.13.2/Debian-1) with ESMTP id iBSJpeqq010193
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=OK)
	for <submit at bugs.debian.org>; Tue, 28 Dec 2004 20:51:41 +0100
From: Simon Josefsson <jas at extundo.com>
To: submit at bugs.debian.org
Subject: forgotten patch?  write out of bounds in ftpd
OpenPGP: id=0xB565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:23:041228:submit at bugs.debian.org::FWHqY3j8wOgARRli:0000000000000000000000000000000000000000szx
Date: Tue, 28 Dec 2004 20:51:39 +0100
Message-ID: <ilu8y7itd4k.fsf at latte.josefsson.org>
User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: ClamAV 0.80/618/Mon Dec  6 00:09:24 2004
	clamav-milter version 0.80j
	on yxa.extundo.com
X-Virus-Status: Clean
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: inetutils
Severity: wishlist

As part of the release process (see #287552) I'm going through all old
bug reports.  The following report appear to be still valid, and the
proposed patch do seem correct.  Here'is a ChangeLog entry, following
the FSF style for small contributions:

2004-12-28  "au" <uchiyama at s-lab.com>  (tiny patch)

	* ftpd.c (off_to_str): Don't write out of bounds.

From: "au" <uchiyama at s-lab.com>
Subject: [BUG] ftpd
Newsgroups: gmane.comp.gnu.inetutils.bugs
Date: Fri, 29 Aug 2003 21:28:31 +0900

Hello

I found a bug.
if  "nm ftpd | sort -n" show:
  1001cba8 b bufs.135
  1001ce78 b ctrl_addr 
  1001ce88 b data_source
then ctrl_addr will be destroyed, and ftp client 
will get message like this:
    425 Can't create data socket (56.0.0.135,0): Cannot assign requested address.

    


diff  -u ftpd.c_org ftpd.c
--- ftpd.c_org  Wed Jun 26 12:15:05 2002
+++ ftpd.c      Fri Aug 29 21:15:41 2003
@@ -192,7 +192,7 @@
   static char bufs[NUM_SIMUL_OFF_TO_STRS][80];
   static char (*next_buf)[80] = bufs;

-  if (next_buf > (bufs+NUM_SIMUL_OFF_TO_STRS))
+  if (next_buf >= (bufs+NUM_SIMUL_OFF_TO_STRS))
     next_buf = bufs;

   if (sizeof (off) > sizeof (long))

---------------------------------------
Received: (at 287560-close) by bugs.debian.org; 9 Jan 2006 06:21:08 +0000
>From katie at ftp-master.debian.org Sun Jan 08 22:21:08 2006
Return-path: <katie at ftp-master.debian.org>
Received: from katie by spohr.debian.org with local (Exim 4.50)
	id 1EvqLP-0008GT-2b; Sun, 08 Jan 2006 22:17:27 -0800
From: Guillem Jover <guillem at debian.org>
To: 287560-close at bugs.debian.org
X-Katie: $Revision: 1.65 $
Subject: Bug#287560: fixed in inetutils 2:1.4.3+20051212-1
Message-Id: <E1EvqLP-0008GT-2b at spohr.debian.org>
Sender: Archive Administrator <katie at ftp-master.debian.org>
Date: Sun, 08 Jan 2006 22:17:27 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2

Source: inetutils
Source-Version: 2:1.4.3+20051212-1

We believe that the bug you reported is fixed in the latest version of
inetutils, which is due to be installed in the Debian FTP archive:

inetutils-ftp_1.4.3+20051212-1_i386.deb
  to pool/main/i/inetutils/inetutils-ftp_1.4.3+20051212-1_i386.deb
inetutils-ftpd_1.4.3+20051212-1_i386.deb
  to pool/main/i/inetutils/inetutils-ftpd_1.4.3+20051212-1_i386.deb
inetutils-inetd_1.4.3+20051212-1_i386.deb
  to pool/main/i/inetutils/inetutils-inetd_1.4.3+20051212-1_i386.deb
inetutils-ping_1.4.3+20051212-1_i386.deb
  to pool/main/i/inetutils/inetutils-ping_1.4.3+20051212-1_i386.deb
inetutils-syslogd_1.4.3+20051212-1_i386.deb
  to pool/main/i/inetutils/inetutils-syslogd_1.4.3+20051212-1_i386.deb
inetutils-talk_1.4.3+20051212-1_i386.deb
  to pool/main/i/inetutils/inetutils-talk_1.4.3+20051212-1_i386.deb
inetutils-talkd_1.4.3+20051212-1_i386.deb
  to pool/main/i/inetutils/inetutils-talkd_1.4.3+20051212-1_i386.deb
inetutils-telnet_1.4.3+20051212-1_i386.deb
  to pool/main/i/inetutils/inetutils-telnet_1.4.3+20051212-1_i386.deb
inetutils-telnetd_1.4.3+20051212-1_i386.deb
  to pool/main/i/inetutils/inetutils-telnetd_1.4.3+20051212-1_i386.deb
inetutils-tools_1.4.3+20051212-1_i386.deb
  to pool/main/i/inetutils/inetutils-tools_1.4.3+20051212-1_i386.deb
inetutils_1.4.3+20051212-1.diff.gz
  to pool/main/i/inetutils/inetutils_1.4.3+20051212-1.diff.gz
inetutils_1.4.3+20051212-1.dsc
  to pool/main/i/inetutils/inetutils_1.4.3+20051212-1.dsc
inetutils_1.4.3+20051212.orig.tar.gz
  to pool/main/i/inetutils/inetutils_1.4.3+20051212.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 287560 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guillem Jover <guillem at debian.org> (supplier of updated inetutils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon,  9 Jan 2006 07:53:50 +0200
Source: inetutils
Binary: inetutils-ftp inetutils-talk inetutils-talkd inetutils-ftpd inetutils-inetd inetutils-telnet inetutils-syslogd inetutils-telnetd inetutils-tools inetutils-ping
Architecture: source i386
Version: 2:1.4.3+20051212-1
Distribution: unstable
Urgency: low
Maintainer: Debian inetutils Maintainers <pkg-inetutils-maint at lists.alioth.debian.org>
Changed-By: Guillem Jover <guillem at debian.org>
Description: 
 inetutils-ftp - File Transfer Protocol client
 inetutils-ftpd - File Transfer Protocol server
 inetutils-inetd - Internet super server
 inetutils-ping - ICMP ECHO tool
 inetutils-syslogd - System logging daemon
 inetutils-talk - Talk to another user
 inetutils-talkd - Remote user communication server
 inetutils-telnet - Telnet client
 inetutils-telnetd - Telnet server
 inetutils-tools - Base networking utilities (experimental package)
Closes: 212168 212169 269813 287560 287567 336194
Changes: 
 inetutils (2:1.4.3+20051212-1) unstable; urgency=low
 .
   * New upstream snapshot.
     - debian/tarball.sh: New file.
     - debian/patches/00_link_gnulib.patch: Likewise.
     - debian/patches/20_inetd_pidfile.patch: Integrated upstrem. Remove.
     - debian/patches/24_ftp_overflow.patch: Likewise.
     - debian/patches/25_fix_net_fwd.patch: Likewise.
     - debian/patches/30_ipv6.patch: Likewise.
     - debian/patches/40_gcc-4.0.patch: Likewise.
     - debian/patches/22_syslogd_conf.patch: Sync.
     - debian/patches/23_ifconfig_enable.patch: Likewise.
     - debian/patches/41_ptr_to_int_cast.patch: Likewise.
     - Fix ftp segfaulting when doing dir. (Closes: #336194)
     - Fix write out of bounds in ftpd. (Closes: #287560)
     - Update NEWS file. (Closes: #287567)
   * Switch back to plain debhelper.
     - Remove cdbs workaround for not being able to set per package specific
       rc.d priority.
   * Remove workarounds for old packaging bugs.
     - inetutils-inetd.prerm: Remove.
     - inetutils-syslogd.prerm: Likewise.
     - inetutils-syslogd.postinst: Likewise.
   * Make inetutils-syslogd on linux Provide and Conflict on
     linux-kernel-log-daemon. (Closes: #269813)
   * Document the use of /proc/kmsg by inetutils-syslogd on some systems.
     And the absence of System.map address resolving support.
     (Closes: #212168, #212169)
   * Upgrade to debhelper compat version 5.
   * Upgrade Build-Depends from automake1.8 to automake1.9.
   * Add lintian overrides for ping and ping6 being suid root.
   * Wrap lines in debian/control fields (knowingly breaking policy).
Files: 
 2080132d5565f52355ece74788d54c6f 1047 net extra inetutils_1.4.3+20051212-1.dsc
 dc506ab1ae03f8b57f17a021f67024c1 851484 net extra inetutils_1.4.3+20051212.orig.tar.gz
 724451a1b217855a45cffd90758592ec 16090 net extra inetutils_1.4.3+20051212-1.diff.gz
 db626092fd0c5797177528b2ae3331e2 61812 net extra inetutils-ftp_1.4.3+20051212-1_i386.deb
 bba529eb65358c2b2712b082abfdf373 51898 net extra inetutils-ftpd_1.4.3+20051212-1_i386.deb
 8b0ebb6ef331f6f054e556264ba0bcde 40452 net extra inetutils-inetd_1.4.3+20051212-1_i386.deb
 0a96b7464efdaa05a3054286cffef4d7 43520 net extra inetutils-ping_1.4.3+20051212-1_i386.deb
 1e75fd2c626f53310c36b3622333cd19 45738 net extra inetutils-syslogd_1.4.3+20051212-1_i386.deb
 334f154a9ec9950c842acc64dc904fa9 31834 net extra inetutils-talk_1.4.3+20051212-1_i386.deb
 8944afc8bbcb6cb7f8bcd40f86fc394c 66002 net extra inetutils-talkd_1.4.3+20051212-1_i386.deb
 0fedfa6e4534c031b137ac78b0ba014d 63074 net extra inetutils-telnet_1.4.3+20051212-1_i386.deb
 62ff150506035e7499a303186fc90ae7 51182 net extra inetutils-telnetd_1.4.3+20051212-1_i386.deb
 d890e92bc95d33f459b1a56669361804 35278 net extra inetutils-tools_1.4.3+20051212-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDwfvMuW9ciZ2SjJsRApLOAJ485KlnrLUHyFgCFdo4cbZoMW0nOgCg3VY5
/a1fXc3nV4dGXLpXLx32Sbk=
=qAEr
-----END PGP SIGNATURE-----

More information about the Pkg-inetutils-maint mailing list