![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
| author | Sebastian Harl <sh@tokkee.org> | |
| Fri, 25 Apr 2014 19:46:02 +0000 (21:46 +0200) | ||
| committer | Sebastian Harl <sh@tokkee.org> | |
| Fri, 25 Apr 2014 19:46:02 +0000 (21:46 +0200) |
| debian/changelog | patch | blob | history | |
| debian/control | patch | blob | history | |
| debian/patches/CVE-2013-2131 | [new file with mode: 0644] | patch | blob |
| debian/patches/series | patch | blob | history | |
| debian/rules | patch | blob | history |
diff --git a/debian/changelog b/debian/changelog
index 26d4473fb2bb27248027393faeedcc80812fdea6..fcb5b1e41f3769d1c4033fe253cc12f739a3e2c7 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
-rrdtool (1.4.8-0.1) UNRELEASED; urgency=low
-
- * Non-maintainer upload.
- * Imported upstream version 1.4.8.
-
- -- Alin Dobre <alin.dobre@elastichosts.com> Fri, 11 Oct 2013 10:41:35 +0100
-
-rrdtool (1.4.7-3) UNRELEASED; urgency=low
+rrdtool (1.4.8-1) UNRELEASED; urgency=medium
+ * New upstream release:
+ - Fixed the xport JSON output format; thanks to Thomas Mainka for
+ reporting this (Closes: #686825).
* Fixed changelog of 1.4.7-2 regarding the versioned build-dep on tcl-dev.
+ * Merged 1.4.7-2.1 NMU; thanks to Christian Hofstaedtler (Closes: 736333).
+ * debian/patches:
+ - Added CVE-2013-2131; upstream patch fixing a format string vulnerability
+ in rrdgraph; thanks to Henri Salo for reporting this (Closes: #708866).
+ Raised urgency to medium for this.
+ * debian/control:
+ - Optionally recommend fonts-dejavu-core as (the preferred) alternative to
+ ttf-dejavu-core; thanks to Martin-Éric Racine for reporting this
+ (Closes: #743947).
-- Sebastian Harl <tokkee@debian.org> Sat, 18 Aug 2012 15:53:54 +0200
+rrdtool (1.4.7-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Switch Ruby bindings packaging to match the Debian Ruby packaging
+ policy. Based on a patch by Jonas Genannt.
+ Introduce ruby-rrd package, turn librrd-ruby* into transitional
+ packages to ruby-rrd; use gem2deb to build the bindings, and build
+ them for currently supported versions of Ruby, without hardcoding
+ a list of versions. (Closes: #687809, #722377)
+
+ -- Christian Hofstaedtler <zeha@debian.org> Wed, 22 Jan 2014 11:27:16 +0100
+
rrdtool (1.4.7-2) unstable; urgency=low
[ Sebastian Harl ]
diff --git a/debian/control b/debian/control
index 3519a544eb590b9bce280bc586fafd36f3c15790..e2edafad673f1ddd160a1b4500879b79e6f97687 100644 (file)
--- a/debian/control
+++ b/debian/control
tcl-dev (>= 8), tcl-dev (<= 9),
perl (>= 5.8.0),
python-all-dev (>= 2.6.6-3~), python-all-dbg (>= 2.6.6-3~),
- ruby1.8, ruby1.8-dev, ruby1.9.1, ruby1.9.1-dev,
+ gem2deb,
liblua5.1-0-dev, lua5.1
Build-Conflicts: lua50
Homepage: http://oss.oetiker.ch/rrdtool/
Vcs-Browser: http://git.snow-crash.org/?p=pkg-rrdtool.git;a=summary
Vcs-Git: git://git.snow-crash.org/pkg-rrdtool.git/
X-Python-Version: >= 2.3
+XS-Ruby-Versions: all
Package: rrdtool
Architecture: any
${shlibs:Depends}, ${python:Depends}, ${misc:Depends}
Recommends: librrds-perl (= ${binary:Version}),
rrdtool-tcl (= ${binary:Version}), python-rrdtool (= ${binary:Version}),
- librrd-ruby1.8 (= ${binary:Version}), librrd-ruby1.9.1 (= ${binary:Version}),
+ ruby-rrd (= ${binary:Version}),
python-all-dbg, liblua5.1-rrd0 (= ${binary:Version})
Description: time-series data storage and display system (debugging symbols)
The Round Robin Database Tool (RRDtool) is a system to store and display
Architecture: any
Section: libs
Depends: ${shlibs:Depends}, ${misc:Depends}
-Recommends: ttf-dejavu | ttf-bitstream-vera
+Recommends: fonts-dejavu-core | ttf-dejavu | ttf-bitstream-vera
Description: time-series data storage and display system (runtime library)
The Round Robin Database Tool (RRDtool) is a system to store and display
time-series data (e.g. network bandwidth, machine-room temperature,
.
This package contains a Python interface to RRDs.
-Package: librrd-ruby
-Architecture: all
+Package: ruby-rrd
+Architecture: any
Section: ruby
-Depends: ${rubydefault:Depends}, ${misc:Depends}
+XB-Ruby-Versions: ${ruby:Versions}
+X-DhRuby-Root: bindings/ruby
+Depends: ${shlibs:Depends}, ${misc:Depends}, ruby | ruby-interpreter
+Replaces: librrd-ruby (<< 1.4.7-2.1~), librrd-ruby1.8 (<< 1.4.7-2.1~), librrd-ruby1.9.1 (<< 1.4.7-2.1~)
+Breaks: librrd-ruby (<< 1.4.7-2.1~), librrd-ruby1.8 (<< 1.4.7-2.1~), librrd-ruby1.9.1 (<< 1.4.7-2.1~)
+Provides: librrd-ruby, librrd-ruby1.8, librrd-ruby1.9.1
Description: time-series data storage and display system (Ruby interface)
The Round Robin Database Tool (RRDtool) is a system to store and display
time-series data (e.g. network bandwidth, machine-room temperature,
extracted data to enforce a certain data density, allowing for useful
graphical representation of data values.
.
- This is a dummy package which depends on the package for Debian's default
- Ruby version.
+ This package contains a Ruby interface to RRDs.
+
+Package: librrd-ruby
+Architecture: all
+Section: oldlibs
+Priority: extra
+Depends: ${misc:Depends}, ruby-rrd
+Description: Transitional package to ruby-rrd
+ This is a transitional package for librrd-ruby to ease upgrades
+ to the ruby-rrd package. It can safely be removed.
Package: librrd-ruby1.8
-Architecture: any
-Section: ruby
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Description: time-series data storage and display system (Ruby 1.8 interface)
- The Round Robin Database Tool (RRDtool) is a system to store and display
- time-series data (e.g. network bandwidth, machine-room temperature,
- server load average). It stores the data in Round Robin Databases (RRDs),
- a very compact way that will not expand over time. RRDtool processes the
- extracted data to enforce a certain data density, allowing for useful
- graphical representation of data values.
- .
- This package contains a Ruby 1.8 interface to RRDs.
+Architecture: all
+Section: oldlibs
+Priority: extra
+Depends: ${misc:Depends}, ruby-rrd
+Description: Transitional package to ruby-rrd
+ This is a transitional package for librrd-ruby1.8 to ease upgrades
+ to the ruby-rrd package. It can safely be removed.
Package: librrd-ruby1.9.1
-Architecture: any
-Section: ruby
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Description: time-series data storage and display system (Ruby 1.9.1 interface)
- The Round Robin Database Tool (RRDtool) is a system to store and display
- time-series data (e.g. network bandwidth, machine-room temperature,
- server load average). It stores the data in Round Robin Databases (RRDs),
- a very compact way that will not expand over time. RRDtool processes the
- extracted data to enforce a certain data density, allowing for useful
- graphical representation of data values.
- .
- This package contains a Ruby 1.9.1 interface to RRDs.
+Architecture: all
+Section: oldlibs
+Priority: extra
+Depends: ${misc:Depends}, ruby-rrd
+Description: Transitional package to ruby-rrd
+ This is a transitional package for librrd-ruby1.9.1 to ease upgrades
+ to the ruby-rrd package. It can safely be removed.
Package: liblua5.1-rrd0
Architecture: any
diff --git a/debian/patches/CVE-2013-2131 b/debian/patches/CVE-2013-2131
--- /dev/null
@@ -0,0 +1,69 @@
+diff --git a/src/rrd_graph.c b/src/rrd_graph.c
+index 25ae485..e714e4f 100644
+--- a/src/rrd_graph.c
++++ b/src/rrd_graph.c
+@@ -4144,6 +4144,12 @@ rrd_info_t *rrd_graph_v(
+ char *path;
+ char *filename;
+
++ if (bad_format_imginfo(im.imginfo)) {
++ rrd_info_free(im.grinfo);
++ im_free(&im);
++ rrd_set_error("bad format for imginfo");
++ return NULL;
++ }
+ path = strdup(im.graphfile);
+ filename = basename(path);
+ info.u_str =
+@@ -4961,6 +4967,51 @@ int bad_format(
+ }
+
+
++int bad_format_imginfo(
++ char *fmt)
++{
++ char *ptr;
++ int n = 0;
++
++ ptr = fmt;
++ while (*ptr != '\0')
++ if (*ptr++ == '%') {
++
++ /* line cannot end with percent char */
++ if (*ptr == '\0')
++ return 1;
++ /* '%%' is allowed */
++ if (*ptr == '%')
++ ptr++;
++ /* '%s', '%S' are allowed */
++ else if (*ptr == 's' || *ptr == 'S') {
++ n = 1;
++ ptr++;
++ }
++
++ /* or else '% 4lu' and such are allowed */
++ else {
++ /* optional padding character */
++ if (*ptr == ' ')
++ ptr++;
++ /* This should take care of 'm' */
++ while (*ptr >= '0' && *ptr <= '9')
++ ptr++;
++ /* 'lu' must follow here */
++ if (*ptr++ != 'l')
++ return 1;
++ if (*ptr == 'u')
++ ptr++;
++ else
++ return 1;
++ n++;
++ }
++ }
++
++ return (n != 3);
++}
++
++
+ int vdef_parse(
+ struct graph_desc_t
+ *gdes,
diff --git a/debian/patches/series b/debian/patches/series
index e472686769fb37a4d5bcdabd40668061ac5a8c58..32223097c378c816926d5e3e5611cfd7d9a79d43 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
no-rpath-for-perl
implicit-decl-fix
bts530814-hurd
+CVE-2013-2131
diff --git a/debian/rules b/debian/rules
index 040c37240496395af9ec933b699a1e49a991536c..5c0aa75467148c88047694246d951b0a5c9ddd4f 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
-#Ruby versions to build for
-RUBY_VERS := 1.8 1.9.1
-RUBY_DEFAULT_VERS := 1.8
-
PY_VERS := $(shell pyversions -vr)
#tcl version we're building for
install-arch: install-common-stamp $(PY_VERS:%=install-python%)
#build and install ruby
- set -e; \
- cd bindings/ruby ;\
- for rbv in $(RUBY_VERS); do \
- ruby$$rbv extconf.rb ;\
- make ;\
- make install sitelibdir=$(CURDIR)/debian/librrd-ruby$$rbv`ruby$$rbv -r rbconfig -e 'print Config::CONFIG["rubylibdir"]'` \
- sitearchdir=$(CURDIR)/debian/librrd-ruby$$rbv`ruby$$rbv -r rbconfig -e 'print Config::CONFIG["archdir"]'` ;\
- make distclean ;\
- done
+ dh_ruby --install
dh_installexamples -s
chmod 644 debian/rrdcached/usr/share/doc/rrdcached/examples/RRDCached.pm
binary-indep: build-indep install-indep
dh_testdir
dh_testroot
- dh_link -plibrrd-ruby /usr/share/doc/librrd-ruby$(RUBY_DEFAULT_VERS) /usr/share/doc/librrd-ruby
- dh_installchangelogs -i -Nlibrrd-ruby CHANGES
- dh_installdocs -i -Nlibrrd-ruby -A CONTRIBUTORS NEWS
- dh_link -i -Nlibrrd-ruby
- echo 'rubydefault:Depends=librrd-ruby$(RUBY_DEFAULT_VERS)' >> debian/librrd-ruby.substvars
+ dh_installchangelogs -i CHANGES
+ dh_installdocs -i -A CONTRIBUTORS NEWS
+ dh_link -i
dh_perl -i
dh_compress -i
dh_fixperms -i