Ubuntu
netatalk package

Please merge netatalk_2.0.4~beta2-4.1(universe) from debian unstable

Bug #318665 reported by Bhavani Shankar
6
Affects Status Importance Assigned to Milestone
netatalk (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: netatalk

Debian has a new version to be merged.

netatalk (2.0.4~beta2-4.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix incomplete upstream patch for CVE-2008-5718 by
    escaping every problematic character and not only those which
    enables an attacker to execute arbitrary code
    (213_CVE-2008-5718.patch; Closes: #510585).

 -- Nico Golde <email address hidden> Thu, 29 Jan 2009 11:32:54 +0100

netatalk (2.0.4~beta2-4) unstable; urgency=high

  * Rebuild for unstable branch.

 -- Jonas Smedegaard <email address hidden> Wed, 21 Jan 2009 18:20:47 +0100

netatalk (2.0.4~beta2-3) UNRELEASED; urgency=high

  * Update debian/copyrights:
    + Merge entries with same owners and license (only differing years)
    + Consistently list years before owner
    + Sort owners
    + Explicitly include GAP licenses (wording vary slightly)
    + Fix GPL-2+ licensed files wrongly registered as GAP
  * Keep urgency=high as 2.0.4~beta2-2 changes are still pending.

 -- Jonas Smedegaard <email address hidden> Wed, 21 Jan 2009 18:08:44 +0100

netatalk (2.0.4~beta2-2) unstable; urgency=high

  * Always use gcrypt. Simplify optional openssl support.
  * Readd and update OpenSSL section to README.Debian, and improve NEWS
    entry to clarify that Randnum UAM is no longer provided by default.
  * Add patches 001-005 (but avoid applying some of them) to sync with
    upstream development, fixing the following issues:
    + remove bogus default ppd _PATH_PAPDPPDFILE
    + remove signed/unsigned gcc warning
    + better handling of bogus ppd files
    + Remove ucb includes from Netatalk (i.e. drop SunOS 4.x support)
    + Fix off-by-one error in PPD file processing
    + Fix dhx2 logincont packet size
  * Update copyright hints (no new owners or licenses).
  * Explicitly build-depend on libdb4.2-dev (not libdb-dev).
  * Mention MacOS X 10.5.x group ACL workaround in README.Debian.
    Closes: bug#458174, thanks to Tim Miller Dyck.
  * Set urgency=high due to possible security implications in above, and
    due to accidentally linking against BerkeleyDB 4.6 in prior release.

 -- Jonas Smedegaard <email address hidden> Wed, 21 Jan 2009 11:50:30 +0100

netatalk (2.0.4~beta2-1) unstable; urgency=high

  * New upstream prerelease:
    + Quote chars in papd popen variables expansion (and other fixes to
      papd). Fixes remote execution security hole CVE-2008-5718. Closes:
      bug#510585.
  * Mangle upstream tarball beta version.
  * Drop patches 000 and 001 contained upstream now.
  * Unfuzz patches 107, 109, 205 and 212.
  * Unfuzz and enable patches 204a, 207a, 208, 209 and 211.
  * Build new DHX2 UAM:
    + Build-depend on libgcrypt11-dev
    + Configure with --with-libgcrypt
    + Drop SSL note from README.Debian
    + Add NEWS entry regarding new and recommended DHX2 UAM
  * Disable CDBS autotools reconfiguration.
  * Update cdbs snippets:
    + Move dependency cleanup to new local snippet package-relations.mk.
    + Update copyright-check output to more closely match proposed new
      copyright file format.
    + Several minor improvements to upstream-tarball.mk.
    + Compact simple licenses (those without ' or later') in
      copyright-check.mk
    + Fix use underscore (not dash) in internal variable
    + Ignore only debian changelog and copyright-related files by
      default in copyright-check.mk
    + Correct and update copyright hints of the snippets themselves
    + Update README.cdbs-tweaks.
  * Add DEB_MAINTAINER_MODE in debian/rules (thanks to Romain Beauxis).
  * Stop installing README.ids no longer provided upstream.
  * Rewrite debian/copyright using new new format specification, and
    update copyright hints.
  * Semi-auto-update debian/control to update dependencies:
      DEB_MAINTAINER_MODE=1 fakeroot debian/rules clean
  * Set urgency=high due to security fix.

 -- Jonas Smedegaard <email address hidden> Fri, 09 Jan 2009 05:52:18 +0100

See original description

Related branches

lp:ubuntu/karmic/netatalk

CVE References

Revision history for this message
Bhavani Shankar (bhavi) wrote :
Changed in netatalk:
status: New → Confirmed
Revision history for this message
Daniel Holbach (dholbach) wrote :

Patch does not apply here:

daniel@bert:~/netatalk-2.0.4~beta2$ patch -p1 < ../debian.debdiff
patching file debian/control.in
patching file debian/control
Hunk #1 FAILED at 1.
Hunk #2 FAILED at 15.
2 out of 2 hunks FAILED -- saving rejects to file debian/control.rej
patching file debian/changelog
Hunk #1 FAILED at 1.
Hunk #2 succeeded at 100 (offset 50 lines).
1 out of 2 hunks FAILED -- saving rejects to file debian/changelog.rej
daniel@bert:~/netatalk-2.0.4~beta2$

Changed in netatalk:
assignee: nobody → bhavi
status: Confirmed → In Progress
Revision history for this message
Morten Kjeldgaard (mok0) wrote :

Unsubscribing u-u-s, please resubscribe when merge is ready.

Revision history for this message
Bhavani Shankar (bhavi) wrote :

It was due to version incompatibility between the debdiff I submitted and the debian version

Attached is the modified diff

and it applies

bhavani@tuxlover:~/netatalk-2.0.4~beta2$ patch -p1 < ../debian.debdiff
patching file debian/control.in
patching file debian/control
patching file debian/changelog

Regards

description: updated
Changed in netatalk:
assignee: bhavi → nobody
status: In Progress → Confirmed
Revision history for this message
Daniel Holbach (dholbach) wrote :

Did you merge 2.0.3-11ubuntu1 too?

Revision history for this message
Bhavani Shankar (bhavi) wrote :

2.0.3-11ubuntu1 was a package containing only ubuntu changes and I manually did the merge as one of the debdiff's was empty while doing a merge in DaD

Regards

Revision history for this message
Bhavani Shankar (bhavi) wrote :

OOps changelog entry went missing... Assigning to myself....

Changed in netatalk:
assignee: nobody → bhavi
status: Confirmed → In Progress
Revision history for this message
Bhavani Shankar (bhavi) wrote :
Revision history for this message
Bhavani Shankar (bhavi) wrote :

Attached above is the modified diff

Regards

Changed in netatalk:
assignee: bhavi → nobody
status: In Progress → Confirmed
Revision history for this message
Daniel Holbach (dholbach) wrote :

Thanks.

Some older changelog entries were a bit changed (whitespaces), so dpkg-parsechangelog gave some warnings. I fixed that.

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.1 KiB)

This bug was fixed in the package netatalk - 2.0.4~beta2-4.1ubuntu1

---------------
netatalk (2.0.4~beta2-4.1ubuntu1) jaunty; urgency=low

  * Merge from Debian unstable. Remaining Ubuntu changes: LP: #318665
    - Changed dependency from libdb-dev to libdb4.6-dev to correct
      FTBFS due to an issue caused by mismatches on installed binaries
      and development headers (db4.7 is installed under a different soname
      which breaks a check in netatalk) (LP: #262991)
    - debian/control:
      + Replace libltdl3-dev with libltdl7-dev.
      + Recommend db4.6-util instead of db4.2-util as we build netatalk with
        db4.6.

netatalk (2.0.4~beta2-4.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix incomplete upstream patch for CVE-2008-5718 by
    escaping every problematic character and not only those which
    enables an attacker to execute arbitrary code
    (213_CVE-2008-5718.patch; Closes: #510585).

netatalk (2.0.4~beta2-4) unstable; urgency=high

  * Rebuild for unstable branch.

netatalk (2.0.4~beta2-3) UNRELEASED; urgency=high

  * Update debian/copyrights:
    + Merge entries with same owners and license (only differing years)
    + Consistently list years before owner
    + Sort owners
    + Explicitly include GAP licenses (wording vary slightly)
    + Fix GPL-2+ licensed files wrongly registered as GAP
  * Keep urgency=high as 2.0.4~beta2-2 changes are still pending.

netatalk (2.0.4~beta2-2) unstable; urgency=high

  * Always use gcrypt. Simplify optional openssl support.
  * Readd and update OpenSSL section to README.Debian, and improve NEWS
    entry to clarify that Randnum UAM is no longer provided by default.
  * Add patches 001-005 (but avoid applying some of them) to sync with
    upstream development, fixing the following issues:
    + remove bogus default ppd _PATH_PAPDPPDFILE
    + remove signed/unsigned gcc warning
    + better handling of bogus ppd files
    + Remove ucb includes from Netatalk (i.e. drop SunOS 4.x support)
    + Fix off-by-one error in PPD file processing
    + Fix dhx2 logincont packet size
  * Update copyright hints (no new owners or licenses).
  * Explicitly build-depend on libdb4.2-dev (not libdb-dev).
  * Mention MacOS X 10.5.x group ACL workaround in README.Debian.
    Closes: bug#458174, thanks to Tim Miller Dyck.
  * Set urgency=high due to possible security implications in above, and
    due to accidentally linking against BerkeleyDB 4.6 in prior release.

netatalk (2.0.4~beta2-1) unstable; urgency=high

  * New upstream prerelease:
    + Quote chars in papd popen variables expansion (and other fixes to
      papd). Fixes remote execution security hole CVE-2008-5718. Closes:
      bug#510585.
  * Mangle upstream tarball beta version.
  * Drop patches 000 and 001 contained upstream now.
  * Unfuzz patches 107, 109, 205 and 212.
  * Unfuzz and enable patches 204a, 207a, 208, 209 and 211.
  * Build new DHX2 UAM:
    + Build-depend on libgcrypt11-dev
    + Configure with --with-libgcrypt
    + Drop SSL note from README.Debian
    + Add NEWS entry regarding new and recommended DHX2 UAM
  * Disable CDBS autotools reconfiguration.
  * Update cdbs snippets:
    ...

Read more...

Changed in netatalk:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.