[ubuntu/kinetic-proposed] netcat-openbsd 1.218-5ubuntu1 (Accepted)

Benjamin Drung bdrung at ubuntu.com
Tue May 17 16:32:16 UTC 2022 

netcat-openbsd (1.218-5ubuntu1) kinetic; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - Don't build-depend on strace on i386 where it's unavailable.
  * Drop netcat transitional package, because netcat 1.10-47 dropped it

netcat-openbsd (1.218-5) unstable; urgency=low

  [ Dirk Jagdmann ]
  * Add support for abstract namespace sockets in the AF_UNIX family.

  [ Guilhem Moulin ]
  * d/t/client-server: Add a simple test for sockets in the AF_UNIX family,
    including those in the abstract namespace on Linux.  We were only checking
    sockets in the AF_INET family before.
  * d/p/abstract-unix-domain-socket.patch: Some fixes and improvements upon
    Dirk's patch.
  * d/checks: Ensure sockets in the AF_UNIX family are usable up to the
    sizeof(sun_path) limit, and rejected with ENAMETOOLONG when they exceed it.
  * d/checks: Add tests for abstract namespace sockets in the AF_UNIX family,
    incl. for source datagram UNIX domain sockets.
  * d/p/abstract-unix-domain-socket.patch: Always reject the empty pathname
    sockets, which on Linux was read as the NUL abstract socket before.  The
    empty abstract socket is still allowed however, and is specified as "@".
  * d/p/misc-failures-and-features.patch: Remove double warning in
    unix_connect().
  * d/p/misc-failures-and-features.patch: Remove leftover union{}, obsolete
    since 1.190-1.
  * d/p/misc-failures-and-features.patch: Factor out Makefile changes to
    d/p/port-to-linux-with-libbsd.patch.
  * d/p/misc-failures-and-features.patch: Remove redundant errx() call in
    unix_connect().
  * d/p/misc-failures-and-features.patch: Improve error message for UNIX-domain
    datagram sockets.
  * d/checks: Use '--' marker to avoid breakage on socket pathnames starting
    with '-'.
  * d/checks/netcat: Set LC_ALL=C.
  * Add d/NEWS entry mentioning abstract sockets support and its implications.
  * d/p/*: Consolidate usage of '#if defined(FOO)' vs. '#ifdef FOO'.
  * d/p/build-without-TLS-support.patch: Rename '-DTLS' to the less generic
    '-DHAVE_TLS'.
  * d/p/port-to-linux-with-libbsd.patch: Use automatic Makefile variables.
  * d/checks/02-connect: Check default temporary socket name for datagram
    sockets.
  * d/tests/client-server: Check that the socket path is left behind.
  * Rather than using mkstemp(3) to create unique names for default source
    datagram UNIX domain sockets, use mkdtemp(3) to create a new empty
    directory (with mode 0700) and use it to store a fixed socket name.  This
    fixes a file descriptor leak and a race condition where a new file would be
    created by an attacker between the unlink(2) and bind(2) calls.  We don't
    use an abstract socket here since it would open a race condition with the
    possibility for a local attacker to inject fake server responses.
  * d/p/*: Minor formatting fixes.
  * d/p/*: Improve Subject: lines.
  * d/copyright: Update copyright years.

Date: Tue, 17 May 2022 18:27:43 +0200
Changed-By: Benjamin Drung <bdrung at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/netcat-openbsd/1.218-5ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 17 May 2022 18:27:43 +0200
Source: netcat-openbsd
Built-For-Profiles: noudeb
Architecture: source
Version: 1.218-5ubuntu1
Distribution: kinetic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Benjamin Drung <bdrung at ubuntu.com>
Changes:
 netcat-openbsd (1.218-5ubuntu1) kinetic; urgency=medium
 .
   * Merge from Debian unstable. Remaining changes:
     - Don't build-depend on strace on i386 where it's unavailable.
   * Drop netcat transitional package, because netcat 1.10-47 dropped it
 .
 netcat-openbsd (1.218-5) unstable; urgency=low
 .
   [ Dirk Jagdmann ]
   * Add support for abstract namespace sockets in the AF_UNIX family.
 .
   [ Guilhem Moulin ]
   * d/t/client-server: Add a simple test for sockets in the AF_UNIX family,
     including those in the abstract namespace on Linux.  We were only checking
     sockets in the AF_INET family before.
   * d/p/abstract-unix-domain-socket.patch: Some fixes and improvements upon
     Dirk's patch.
   * d/checks: Ensure sockets in the AF_UNIX family are usable up to the
     sizeof(sun_path) limit, and rejected with ENAMETOOLONG when they exceed it.
   * d/checks: Add tests for abstract namespace sockets in the AF_UNIX family,
     incl. for source datagram UNIX domain sockets.
   * d/p/abstract-unix-domain-socket.patch: Always reject the empty pathname
     sockets, which on Linux was read as the NUL abstract socket before.  The
     empty abstract socket is still allowed however, and is specified as "@".
   * d/p/misc-failures-and-features.patch: Remove double warning in
     unix_connect().
   * d/p/misc-failures-and-features.patch: Remove leftover union{}, obsolete
     since 1.190-1.
   * d/p/misc-failures-and-features.patch: Factor out Makefile changes to
     d/p/port-to-linux-with-libbsd.patch.
   * d/p/misc-failures-and-features.patch: Remove redundant errx() call in
     unix_connect().
   * d/p/misc-failures-and-features.patch: Improve error message for UNIX-domain
     datagram sockets.
   * d/checks: Use '--' marker to avoid breakage on socket pathnames starting
     with '-'.
   * d/checks/netcat: Set LC_ALL=C.
   * Add d/NEWS entry mentioning abstract sockets support and its implications.
   * d/p/*: Consolidate usage of '#if defined(FOO)' vs. '#ifdef FOO'.
   * d/p/build-without-TLS-support.patch: Rename '-DTLS' to the less generic
     '-DHAVE_TLS'.
   * d/p/port-to-linux-with-libbsd.patch: Use automatic Makefile variables.
   * d/checks/02-connect: Check default temporary socket name for datagram
     sockets.
   * d/tests/client-server: Check that the socket path is left behind.
   * Rather than using mkstemp(3) to create unique names for default source
     datagram UNIX domain sockets, use mkdtemp(3) to create a new empty
     directory (with mode 0700) and use it to store a fixed socket name.  This
     fixes a file descriptor leak and a race condition where a new file would be
     created by an attacker between the unlink(2) and bind(2) calls.  We don't
     use an abstract socket here since it would open a race condition with the
     possibility for a local attacker to inject fake server responses.
   * d/p/*: Minor formatting fixes.
   * d/p/*: Improve Subject: lines.
   * d/copyright: Update copyright years.
Checksums-Sha1:
 6e66fd341575eb59fc363b397130010d1bbec8c1 2106 netcat-openbsd_1.218-5ubuntu1.dsc
 81d30b451eb7a73bcc6837f6a665cebd0399539d 52644 netcat-openbsd_1.218-5ubuntu1.debian.tar.xz
 8c8a7666d8655eebb584c595a1ca93c3c05b9dea 7141 netcat-openbsd_1.218-5ubuntu1_source.buildinfo
Checksums-Sha256:
 b5102369448c85777ffdf9d281cffedb6efbffd0ae171deea370b5b65dfb5427 2106 netcat-openbsd_1.218-5ubuntu1.dsc
 e2b0c300a9c72ceb91cd46019f995ebb32055daf859f46851f1bac895667a5b8 52644 netcat-openbsd_1.218-5ubuntu1.debian.tar.xz
 5fbef0868f9a731b1cad001a73d11ac7fc835c1d2fe80d71a4dbbee07441eec5 7141 netcat-openbsd_1.218-5ubuntu1_source.buildinfo
Files:
 5c9051e45c720fd8a0fe29f17e9aa435 2106 net important netcat-openbsd_1.218-5ubuntu1.dsc
 0704338062de148f835c9b6b784ab17f 52644 net important netcat-openbsd_1.218-5ubuntu1.debian.tar.xz
 04fe79793b69ac3291b12cbc2cdd0885 7141 net important netcat-openbsd_1.218-5ubuntu1_source.buildinfo
Original-Maintainer: Guilhem Moulin <guilhem at debian.org>

More information about the kinetic-changes mailing list