Bug#777553: pu: package libfcgi/2.4.0-8
Hi Joe,
Not member of the release team here, so not authoritative ;-). So just
giving some comments. Btw, thanks for preparing the package!
> diff -Nru libfcgi-2.4.0/debian/changelog libfcgi-2.4.0/debian/changelog
> --- libfcgi-2.4.0/debian/changelog 2011-08-20 14:44:38.000000000 -0700
> +++ libfcgi-2.4.0/debian/changelog 2015-02-05 22:19:52.000000000 -0800
> @@ -1,3 +1,11 @@
> +libfcgi (2.4.0-8.2) wheezy-security; urgency=high
The version should be 2.4.0-8.1+deb7u1. 2.4.0-8.2 cannot be used as
2.4.0-8.2 was already in the archive. For the s-t-u wheezy-security as
distribution needs to be changed to wheezy.
> + * Non-maintainer upload.
> + * Apply path from Anton Kortunov to swap select with poll to avoid
> + stack smashing (See: #681591 and LP: #933417).
could you please reference as well the CVE in the changelog, and close
the bug: you can use "Closes: #681591" to reach this.
> diff -Nru libfcgi-2.4.0/debian/patches/poll libfcgi-2.4.0/debian/patches/poll
> --- libfcgi-2.4.0/debian/patches/poll 1969-12-31 16:00:00.000000000 -0800
> +++ libfcgi-2.4.0/debian/patches/poll 2015-02-05 22:18:28.000000000 -0800
> @@ -0,0 +1,81 @@
> +diff --git a/libfcgi/os_unix.c b/libfcgi/os_unix.c
> +index 73e6a7f..af35aee 100755
> +--- a/libfcgi/os_unix.c
> ++++ b/libfcgi/os_unix.c
> +@@ -42,6 +42,7 @@ static const char rcsid[] = "$Id: os_unix.c,v 1.37 2002/03/05 19:14:49 robs Exp
Not a strict requirement but would be nice to add some patch headers
to the atual patch, see http://dep.debian.net/deps/dep3/ for the patch
tagging guidelines.
Joe, if you get an ack from the release team on your upload for
libfcgi I can happily sponsor the upload itself.
Regards,
Salvatore
Reply to: