"Andreas Tille, the Debian WordNet maintainer, noticed a bug in my
patch. The bug is not security related, but causes incorrect behaviour
in WordNet.
I replaced a strncpy(s1, s2, strlen(s2)) with a strcpy forgetting that
strncpy invoked that way would always omit the trailing \0 (as the \0
would always be at strlen(s2) + 1). This resulted in a truncation of
output from WordNet which relied on the previous behavior which it
used to 'patch' s1. I've now adjusted the strncpy to be a memcpy and
added a comment, to make the intent of the code clear. (Using a str*
function when you don't wish any handling of \0 is unintuitive to me,
hence my mistake). [..] Apologies for the error."
thanks Rob for the exemplary handling of this advisory. Notifications
to package maintainers and follow-ups are almost unheard-of and very
welcome.
WordNet stack and heap overflows. Thanks to Rob Holland
of oCERT for contacting us with the advisory.
- housekeeping: regenerate PLIST, move to Tcl/Tk 8.5,
use SUBST_CMD macro rather than hand-rolled command.
- gcc4 is needed to build this now
* improved force fields and coordinate generation, conformer searching,
enhanced plugins including molecular descriptors, filters, and
command-line transformations
* many formats improved or added, including CIF, mmCIF, Gaussian cube,
PQR, OpenDX cubes, and more
* improved developer API and scripting support
* many, many bugfixes
# cat pkg/DESCR
Dates is a small, lightweight calendar, featuring an innovative,
unified, zooming view and is designed primarily for use on hand-held
devices.
ok ajacoutot@
Contacts is a small, lightweight addressbook that uses libebook, part of
EDS. This is the same library that GNOME Evolution uses, so all contact
data that exists in your Evolution addressbook is accessible via
Contacts. Contacts features advanced vCard field type handling.
tmux is a "terminal multiplexer", it enables a number of terminals (or
windows) to be accessed and controlled from a single terminal. tmux is
intended to be a simple, modern, BSD-licensed alternative to programs
such as GNU screen.
port made by brynet at gmail, and Nicholas Marriott (maintainer)
gtk-update-icon-cache is part of gtk+2: adding gtk+2 to run_depends just
to update the icon cache (which only gtk apps can use) is overkill to
say the least!
As from now, each time icons are installed under %D/share/icons, we try
to execute gtk-update-icon-cache and if it is not there, we just ignore
the error.
What it means is that if you have gtk+2 installed, then it'll run fine
and your apps will be able to use the cache. Otherwise, it will silently
fails which is fine since it means none of your apps would have been
able to take advantage of the cache anyway.
discussed with jasper@
