[ubuntu/jaunty] geordi 20080916T2006-2ubuntu1 (Accepted)

Scott Kitterman scott at kitterman.com
Tue Feb 24 05:05:12 GMT 2009 

geordi (20080916T2006-2ubuntu1) jaunty; urgency=low

  * Merge from debian unstable, remaining changes:
    - Change build-dep and depends from libboost-dev to libboost1.35-dev as
      part of the boost -> boost1.35 transition

geordi (0:20080916T2006-2) unstable; urgency=low

  * Ignore (rather than allow) fcntl system call to prevent a DoS. Upstream
    writes:

      By using fcntl with F_SETOWN to make the geordi process the owner of its
      stdout and then using fcntl again to set O_ASYNC on stdout, the C++
      program could have the geordi process receive SIGIO, causing it to shut
      down.

      We only allowed fcntl because g++ appeared to need it. Upon closer
      inspection, it turns out g++ only uses it to check some flags on the
      precompiled header fd, and the system call can just be ignored
      altogether.

    Patch backported from upstream darcs repository.

Date: Mon, 23 Feb 2009 23:55:56 -0500
Changed-By: Scott Kitterman <scott at kitterman.com>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Signed-By: Scott Kitterman <ubuntu at kitterman.com>
https://launchpad.net/ubuntu/jaunty/+source/geordi/20080916T2006-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 23 Feb 2009 23:55:56 -0500
Source: geordi
Binary: geordi
Architecture: source
Version: 20080916T2006-2ubuntu1
Distribution: jaunty
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Scott Kitterman <scott at kitterman.com>
Description: 
 geordi     - IRC bot and interactive shell that evaluates C++ snippets
Changes: 
 geordi (20080916T2006-2ubuntu1) jaunty; urgency=low
 .
   * Merge from debian unstable, remaining changes:
     - Change build-dep and depends from libboost-dev to libboost1.35-dev as
       part of the boost -> boost1.35 transition
 .
 geordi (0:20080916T2006-2) unstable; urgency=low
 .
   * Ignore (rather than allow) fcntl system call to prevent a DoS. Upstream
     writes:
 .
       By using fcntl with F_SETOWN to make the geordi process the owner of its
       stdout and then using fcntl again to set O_ASYNC on stdout, the C++
       program could have the geordi process receive SIGIO, causing it to shut
       down.
 .
       We only allowed fcntl because g++ appeared to need it. Upon closer
       inspection, it turns out g++ only uses it to check some flags on the
       precompiled header fd, and the system call can just be ignored
       altogether.
 .
     Patch backported from upstream darcs repository.
Checksums-Sha1: 
 96430daf24501dd0303fa5cc213012487dae6c9a 1416 geordi_20080916T2006-2ubuntu1.dsc
 964d62446b3159b574f18d3b8fb569da9266632d 10830 geordi_20080916T2006-2ubuntu1.diff.gz
Checksums-Sha256: 
 e5bacca41fb54dcf40ad6f5c75bf42bdce9b8666377dd19b347570bcc5f4ef94 1416 geordi_20080916T2006-2ubuntu1.dsc
 36e4d3bd97ed9ed790ac69113fe3cccf219513fbafe58febed53b71de018231a 10830 geordi_20080916T2006-2ubuntu1.diff.gz
Files: 
 58bbd9e8bb88ac44e5ba5b3ec17fb27b 1416 net optional geordi_20080916T2006-2ubuntu1.dsc
 81ff6038f242c3fb50cd732283e7a1ca 10830 net optional geordi_20080916T2006-2ubuntu1.diff.gz
Original-Maintainer: Chris Lamb <lamby at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkmjfkQACgkQHajaM93NaGr42wCeOxXBwOOE2e7LHenqLNCCsXDI
LdEAn10I2TcyIJ3IBoyzDNgQ1maTnAzB
=CSrN
-----END PGP SIGNATURE-----

More information about the Jaunty-changes mailing list