Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: libbfio

libbfio (20170123-5ubuntu1) focal; urgency=medium * Disable HAVE_BFIO_TEST_MEMORY on riscv64 to fix test failure, as already done on several other architectures. -- William Grant <wgrant@ubuntu.com> Sun, 19 Apr 2020 16:58:51 +1000

Modifications :
  1. Download patch debian/control

    --- 20170123-5/debian/control 2019-11-28 17:28:31.000000000 +0000 +++ 20170123-5ubuntu1/debian/control 2020-04-19 06:58:51.000000000 +0000 @@ -1,6 +1,7 @@ Source: libbfio Priority: optional -Maintainer: Debian Security Tools <team+pkg-security@tracker.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Debian Security Tools <team+pkg-security@tracker.debian.org> Uploaders: Pierre Chifflier <pollux@debian.org>, Hilko Bengen <bengen@debian.org> Build-Depends: debhelper (>= 10),pkg-config
  2. Download patch debian/patches/riscv64-no-HAVE_BFIO_TEST_MEMORY.patch

    --- 20170123-5/debian/patches/riscv64-no-HAVE_BFIO_TEST_MEMORY.patch 1970-01-01 00:00:00.000000000 +0000 +++ 20170123-5ubuntu1/debian/patches/riscv64-no-HAVE_BFIO_TEST_MEMORY.patch 2020-04-19 06:58:50.000000000 +0000 @@ -0,0 +1,13 @@ +Index: libbfio-20170123/tests/bfio_test_memory.h +=================================================================== +--- libbfio-20170123.orig/tests/bfio_test_memory.h ++++ libbfio-20170123/tests/bfio_test_memory.h +@@ -30,7 +30,7 @@ extern "C" { + + #if defined( HAVE_GNU_DL_DLSYM ) && defined( __GNUC__ ) && !defined( __clang__ ) + +-#if !defined( __arm__ ) && !defined( __mips__ ) && !defined( __hppa__ ) && !defined( __sparc__ ) ++#if !defined( __arm__ ) && !defined( __mips__ ) && !defined( __hppa__ ) && !defined(__riscv) && !defined( __sparc__ ) + + #define HAVE_BFIO_TEST_MEMORY 1 +
  3. Download patch debian/patches/series

    --- 20170123-5/debian/patches/series 2019-11-28 17:28:31.000000000 +0000 +++ 20170123-5ubuntu1/debian/patches/series 2020-04-19 06:58:23.000000000 +0000 @@ -1,2 +1,3 @@ 0001-Fix-test-script.patch 0002-Don-t-define-HAVE_BFIO_TEST_MEMORY-on-some-architect.patch +riscv64-no-HAVE_BFIO_TEST_MEMORY.patch

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: sbsigntool

sbsigntool (0.9.2-2ubuntu2) groovy; urgency=medium * No change rebuild against new CET ABI. -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 10 Jul 2020 18:29:28 +0100 sbsigntool (0.9.2-2ubuntu1) eoan; urgency=low * Merge from Debian unstable. Remaining changes: - d/p/ubuntu-kernel-module-signing.patch and d/p/ubuntu-kernel-module-signing-fixes.patch: add the kernel module signing tool to the package. - d/p/ubuntu-clear-image-before-use.patch: avoid use of uninitialised data causing a startup crash. * Dropped changes, included upstream: - d/p/ubuntu-handle-odd-buffer-lengths-in-checksum.patch: correctly handle odd byte length buffers. * Dropped changes, obsoleted upstream: - d/p/ubuntu-tests-disable-pie.patch: disable PIE -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 03 May 2019 16:12:28 -0700

Modifications :
  1. Download patch debian/patches/ubuntu-kernel-module-signing-fixes.patch

    --- 0.9.2-2/debian/patches/ubuntu-kernel-module-signing-fixes.patch 1970-01-01 00:00:00.000000000 +0000 +++ 0.9.2-2ubuntu2/debian/patches/ubuntu-kernel-module-signing-fixes.patch 2017-04-28 07:31:37.000000000 +0000 @@ -0,0 +1,110 @@ +Description: Ubunty kernel module signing fixes + Separate out any local fixes we need to kmodsign.c to allow us to update + it more easily from mainline when necessary. +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1526959 +Forwarded: not-needed +Author: Andy Whitcroft <apw@ubuntu.com> +Last-Update: 2016-05-17 + +Index: sbsigntool-0.6/src/kmodsign.c +=================================================================== +--- sbsigntool-0.6.orig/src/kmodsign.c ++++ sbsigntool-0.6/src/kmodsign.c +@@ -62,11 +62,26 @@ struct module_signature { + + static char magic_number[] = "~Module signature appended~\n"; + ++static void usage(void) ++{ ++ printf("Usage: kmodsign [-dpkD] <hash algo> <key> <x509> <module> [<dest>]\n" ++ "Sign a kernel module image for use with an enforcing kernel.\n\n" ++ "Options:\n" ++ "\t-p save a copy of the p7s signature (.p7s)\n" ++ "\t-d produce a detached signature file (.p7s) only\n" ++ "\t-D produce a full detached signature block\n" ++ "\t (may be cat'd onto the end of a module)\n" ++ "\t-k switch to using keyid for identification\n"); ++} ++static void version(void) ++{ ++ printf("kmodsign 4.4\n"); ++} ++ + static __attribute__((noreturn)) + void format(void) + { +- fprintf(stderr, +- "Usage: scripts/sign-file [-dp] <hash algo> <key> <x509> <module> [<dest>]\n"); ++ usage(); + exit(2); + } + +@@ -126,6 +141,12 @@ static int pem_pw_cb(char *buf, int len, + return pwlen; + } + ++static struct option options[] = { ++ { "version", no_argument, NULL, 'V' }, ++ { "help", no_argument, NULL, 'h' }, ++ { NULL, 0, NULL, 0 }, ++}; ++ + int main(int argc, char **argv) + { + struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 }; +@@ -133,6 +154,7 @@ int main(int argc, char **argv) + char *private_key_name, *x509_name, *module_name, *dest_name; + bool save_sig = false, replace_orig; + bool sign_only = false; ++ bool detached = false; + unsigned char buf[4096]; + unsigned long module_size, sig_size; + unsigned int use_signed_attrs; +@@ -160,13 +182,17 @@ int main(int argc, char **argv) + #endif + + do { +- opt = getopt(argc, argv, "dpk"); ++ int idx; ++ opt = getopt_long(argc, argv, "dpkDhV", options, &idx); + switch (opt) { + case 'p': save_sig = true; break; + case 'd': sign_only = true; save_sig = true; break; ++ case 'D': detached = true; break; + #ifndef USE_PKCS7 + case 'k': use_keyid = CMS_USE_KEYID; break; + #endif ++ case 'V': version(); exit(0); break; ++ case 'h': usage(); exit(0); break; + case -1: break; + default: format(); + } +@@ -192,7 +218,7 @@ int main(int argc, char **argv) + + #ifdef USE_PKCS7 + if (strcmp(hash_algo, "sha1") != 0) { +- fprintf(stderr, "sign-file: %s only supports SHA1 signing\n", ++ fprintf(stderr, "kmodsign %s only supports SHA1 signing\n", + OPENSSL_VERSION_TEXT); + exit(3); + } +@@ -295,12 +321,14 @@ int main(int argc, char **argv) + return 0; + + /* Append the marker and the PKCS#7 message to the destination file */ +- ERR(BIO_reset(bm) < 0, "%s", module_name); +- while ((n = BIO_read(bm, buf, sizeof(buf))), +- n > 0) { +- ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); ++ if (!detached) { ++ ERR(BIO_reset(bm) < 0, "%s", module_name); ++ while ((n = BIO_read(bm, buf, sizeof(buf))), ++ n > 0) { ++ ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); ++ } ++ ERR(n < 0, "%s", module_name); + } +- ERR(n < 0, "%s", module_name); + module_size = BIO_number_written(bd); + + #ifndef USE_PKCS7
  2. Download patch debian/control

    --- 0.9.2-2/debian/control 2019-04-19 14:54:34.000000000 +0000 +++ 0.9.2-2ubuntu2/debian/control 2019-05-03 23:12:28.000000000 +0000 @@ -1,7 +1,8 @@ Source: sbsigntool Section: utils Priority: optional -Maintainer: Debian EFI Team <debian-efi@lists.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Debian EFI Team <debian-efi@lists.debian.org> Uploaders: Pierre Chifflier <pollux@debian.org>, Steve McIntyre <93sam@debian.org> Build-Depends: debhelper (>= 9.0.0),
  3. Download patch debian/patches/ubuntu-clear-image-before-use.patch

    --- 0.9.2-2/debian/patches/ubuntu-clear-image-before-use.patch 1970-01-01 00:00:00.000000000 +0000 +++ 0.9.2-2ubuntu2/debian/patches/ubuntu-clear-image-before-use.patch 2017-04-28 07:38:40.000000000 +0000 @@ -0,0 +1,17 @@ +Description: clear image before use + We rely on the image being clear as we will attempt to free + cirtain elements before reuse. Switch to a zeroing allocate. +Author: Andy Whitcroft <apw@ubuntu.com> +Last-Update: 2016-05-09 + +--- sbsigntool-0.6.orig/src/image.c ++++ sbsigntool-0.6/src/image.c +@@ -459,7 +459,7 @@ struct image *image_load(const char *fil + struct image *image; + int rc; + +- image = talloc(NULL, struct image); ++ image = talloc_zero(NULL, struct image); + if (!image) { + perror("talloc(image)"); + return NULL;
  4. Download patch debian/patches/series

    --- 0.9.2-2/debian/patches/series 2019-04-19 21:34:17.000000000 +0000 +++ 0.9.2-2ubuntu2/debian/patches/series 2019-05-03 23:12:28.000000000 +0000 @@ -1,3 +1,6 @@ sbsign_check_write_return.patch fix-efi-arch-detection.patch +ubuntu-kernel-module-signing.patch +ubuntu-kernel-module-signing-fixes.patch +ubuntu-clear-image-before-use.patch fix_checksum_calc.patch
  5. Download patch debian/patches/ubuntu-kernel-module-signing.patch

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: sslsniff

sslsniff (0.8-8ubuntu1) groovy; urgency=medium * Fix ftbfs, patch taken from the Debian BTS. * Fix FTBFS with Boost 1.71. * Apply patch for Debian #914162: unusual HTTP header capitalization breaks sslsniff. -- Matthias Klose <doko@ubuntu.com> Wed, 20 May 2020 17:48:40 +0200 sslsniff (0.8-8build2) focal; urgency=medium * No-change rebuild for libgcc-s1 package name change. -- Matthias Klose <doko@ubuntu.com> Mon, 23 Mar 2020 08:58:31 +0100 sslsniff (0.8-8build1) focal; urgency=medium * No change rebuild against new boost1.71 ABI -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 03 Feb 2020 21:44:19 +0000

Modifications :
  1. Download patch debian/control

    --- 0.8-8/debian/control 2018-08-31 07:54:26.000000000 +0000 +++ 0.8-8ubuntu1/debian/control 2020-02-03 21:44:19.000000000 +0000 @@ -1,7 +1,8 @@ Source: sslsniff Section: admin Priority: optional -Maintainer: Debian Security Tools <team+pkg-security@tracker.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Debian Security Tools <team+pkg-security@tracker.debian.org> Uploaders: Pierre Chifflier <pollux@debian.org>, Raphaƫl Hertzog <hertzog@debian.org> Build-Depends: debhelper (>= 11), libssl-dev,
  2. Download patch debian/patches/f8c4274d1bfc3c2eca241d65f96de746bb0065e0.diff

    --- 0.8-8/debian/patches/f8c4274d1bfc3c2eca241d65f96de746bb0065e0.diff 1970-01-01 00:00:00.000000000 +0000 +++ 0.8-8ubuntu1/debian/patches/f8c4274d1bfc3c2eca241d65f96de746bb0065e0.diff 2020-05-20 15:48:40.000000000 +0000 @@ -0,0 +1,76 @@ +diff --git a/HTTPSBridge.cpp b/HTTPSBridge.cpp +index 79e2458..8a2e89d 100644 +--- a/HTTPSBridge.cpp ++++ b/HTTPSBridge.cpp +@@ -29,7 +29,7 @@ void HTTPSBridge::buildRequestFromHeaders(HttpHeaders &headers, std::string &req + << "HTTP/1.0\r\n"; + + std::map<std::string,std::string>::iterator iter; +- std::map<std::string,std::string>& headersMap = headers.getHeaders(); ++ std::map<std::string,std::string,ci_less>& headersMap = headers.getHeaders(); + for( iter = headersMap.begin(); iter != headersMap.end(); ++iter ) { + std::string key = iter->first; + std::string value = iter->second; +diff --git a/http/HttpHeaders.cpp b/http/HttpHeaders.cpp +index 938a4d4..6964e8d 100644 +--- a/http/HttpHeaders.cpp ++++ b/http/HttpHeaders.cpp +@@ -22,7 +22,7 @@ + #include "../Logger.hpp" + + +-std::map<std::string, std::string>& HttpHeaders::getHeaders() { ++std::map<std::string, std::string, ci_less>& HttpHeaders::getHeaders() { + return headers; + } + +diff --git a/http/HttpHeaders.hpp b/http/HttpHeaders.hpp +index ad821ed..0afd93a 100644 +--- a/http/HttpHeaders.hpp ++++ b/http/HttpHeaders.hpp +@@ -37,6 +37,27 @@ class HttpHeaderException : public std::exception { + } + }; + ++/************************************************************************/ ++/* Comparator for case-insensitive comparison in STL assos. containers */ ++/************************************************************************/ ++struct ci_less : std::binary_function<std::string, std::string, bool> ++{ ++ // case-independent (ci) compare_less binary function ++ struct nocase_compare : public std::binary_function<unsigned char,unsigned char,bool> ++ { ++ bool operator() (const unsigned char& c1, const unsigned char& c2) const { ++ return tolower (c1) < tolower (c2); ++ } ++ }; ++ bool operator() (const std::string & s1, const std::string & s2) const { ++ return std::lexicographical_compare ++ (s1.begin (), s1.end (), // source range ++ s2.begin (), s2.end (), // dest range ++ nocase_compare ()); // comparison ++ } ++}; ++ ++ + class HttpHeaders { + + private: +@@ -52,7 +73,7 @@ class HttpHeaders { + std::string postData; + std::string key; + std::string value; +- std::map<std::string, std::string> headers; ++ std::map<std::string, std::string, ci_less> headers; + + int readLine(char *buffer, int *offset, int length); + int readAction(char *buffer, int length); +@@ -71,7 +92,7 @@ class HttpHeaders { + bool process(char * buffer, int length); + bool isPost(); + +- std::map<std::string, std::string>& getHeaders(); ++ std::map<std::string, std::string, ci_less>& getHeaders(); + std::string& getHeader(std::string& header); + std::string& getMethod(); + std::string& getRequest();
  3. Download patch debian/patches/Fix-FTBFS-with-Boost-1.71.patch

    --- 0.8-8/debian/patches/Fix-FTBFS-with-Boost-1.71.patch 1970-01-01 00:00:00.000000000 +0000 +++ 0.8-8ubuntu1/debian/patches/Fix-FTBFS-with-Boost-1.71.patch 2020-05-20 15:48:40.000000000 +0000 @@ -0,0 +1,181 @@ +From: Giovanni Mascellani <gio@debian.org> +Date: Sat, 2 May 2020 11:24:55 +0200 +Subject: Fix FTBFS with Boost 1.71. + +--- + RawBridge.hpp | 21 +++++++++++++++++++++ + SSLConnectionManager.cpp | 6 +++--- + http/HttpBridge.hpp | 25 +++++++++++++++++++++++++ + http/HttpConnectionManager.cpp | 4 ++-- + 4 files changed, 51 insertions(+), 5 deletions(-) + +diff --git a/RawBridge.hpp b/RawBridge.hpp +index 9206faa..7a1255e 100644 +--- a/RawBridge.hpp ++++ b/RawBridge.hpp +@@ -36,6 +36,16 @@ private: + ip::tcp::socket serverSocket; + ip::tcp::endpoint destination; + ++#if BOOST_VERSION >= 107000 ++ const boost::asio::executor &executor; ++ ++ RawBridge(boost::shared_ptr<ip::tcp::socket> clientSocket, ++ ip::tcp::endpoint& destination, ++ const boost::asio::executor & executor) : ++ clientSocket(clientSocket), serverSocket(executor), ++ executor(executor), destination(destination), closed(0) ++ {} ++#else + boost::asio::io_service &io_service; + + RawBridge(boost::shared_ptr<ip::tcp::socket> clientSocket, +@@ -44,6 +54,7 @@ private: + clientSocket(clientSocket), serverSocket(io_service), + io_service(io_service), destination(destination), closed(0) + {} ++#endif + + void handleConnect(Bridge::ptr bridge, const boost::system::error_code &error) { + if (!error) Bridge::shuttle(&(*clientSocket), &serverSocket); +@@ -55,6 +66,15 @@ protected: + + public: + ++#if BOOST_VERSION >= 107000 ++ static ptr create(boost::shared_ptr<ip::tcp::socket> clientSocket, ++ ip::tcp::endpoint& destination, ++ const boost::asio::executor & executor) ++ ++ { ++ return ptr(new RawBridge(clientSocket, destination, executor)); ++ } ++#else + static ptr create(boost::shared_ptr<ip::tcp::socket> clientSocket, + ip::tcp::endpoint& destination, + boost::asio::io_service & io_service) +@@ -62,6 +82,7 @@ public: + { + return ptr(new RawBridge(clientSocket, destination, io_service)); + } ++#endif + + virtual ip::tcp::socket& getClientSocket() { + return *clientSocket; +diff --git a/SSLConnectionManager.cpp b/SSLConnectionManager.cpp +index 9beed10..6087f65 100644 +--- a/SSLConnectionManager.cpp ++++ b/SSLConnectionManager.cpp +@@ -44,7 +44,7 @@ SSLConnectionManager::SSLConnectionManager(io_service &io_service, + } + + void SSLConnectionManager::acceptIncomingConnection() { +- boost::shared_ptr<ip::tcp::socket> socket(new ip::tcp::socket(acceptor.get_io_service())); ++ boost::shared_ptr<ip::tcp::socket> socket(new ip::tcp::socket(acceptor.get_executor())); + + acceptor.async_accept(*socket, boost::bind(&SSLConnectionManager::handleClientConnection, + this, socket, placeholders::error)); +@@ -76,7 +76,7 @@ void SSLConnectionManager::shuttleConnection(boost::shared_ptr<ip::tcp::socket> + ip::tcp::endpoint &destination) + + { +- Bridge::ptr bridge = RawBridge::create(clientSocket, destination, acceptor.get_io_service()); ++ Bridge::ptr bridge = RawBridge::create(clientSocket, destination, acceptor.get_executor()); + bridge->shuttle(); + } + +@@ -134,7 +134,7 @@ void SSLConnectionManager::interceptSSL(boost::shared_ptr<ip::tcp::socket> clien + ip::tcp::endpoint &destination, + bool wildcardOK) + { +- ip::tcp::socket serverSocket(acceptor.get_io_service()); ++ ip::tcp::socket serverSocket(acceptor.get_executor()); + boost::system::error_code error; + serverSocket.connect(destination, error); + +diff --git a/http/HttpBridge.hpp b/http/HttpBridge.hpp +index 863db21..edcffa1 100644 +--- a/http/HttpBridge.hpp ++++ b/http/HttpBridge.hpp +@@ -40,12 +40,21 @@ class HttpBridge : public Bridge { + + public: + ++#if BOOST_VERSION >= 107000 ++ static ptr create(boost::shared_ptr<ip::tcp::socket> clientSocket, ++ const executor& executor, ++ HttpBridgeListener *listener) ++ { ++ return ptr(new HttpBridge(clientSocket, executor, listener)); ++ } ++#else + static ptr create(boost::shared_ptr<ip::tcp::socket> clientSocket, + io_service& io_service, + HttpBridgeListener *listener) + { + return ptr(new HttpBridge(clientSocket, io_service, listener)); + } ++#endif + + virtual ip::tcp::socket& getClientSocket() { + return *clientSocket; +@@ -63,7 +72,11 @@ protected: + + private: + int closed; ++#if BOOST_VERSION >= 107000 ++ const executor& executor_; ++#else + io_service& io_service_; ++#endif + boost::shared_ptr<ip::tcp::socket> clientSocket; + ip::tcp::socket serverSocket; + +@@ -71,6 +84,17 @@ private: + HttpHeaders headers; + HttpBridgeListener *listener; + ++#if BOOST_VERSION >= 107000 ++ HttpBridge(boost::shared_ptr<ip::tcp::socket> clientSocket, ++ const executor& executor, HttpBridgeListener *listener) ++ : clientSocket(clientSocket), ++ serverSocket(executor), ++ executor_(executor), ++ state(READING_HEADERS) ++ { ++ this->listener = listener; ++ } ++#else + HttpBridge(boost::shared_ptr<ip::tcp::socket> clientSocket, + io_service& io_service, HttpBridgeListener *listener) + : clientSocket(clientSocket), +@@ -80,6 +104,7 @@ private: + { + this->listener = listener; + } ++#endif + + void setFinishedWithHeaders(); + }; +diff --git a/http/HttpConnectionManager.cpp b/http/HttpConnectionManager.cpp +index 9b1066c..8768bc8 100644 +--- a/http/HttpConnectionManager.cpp ++++ b/http/HttpConnectionManager.cpp +@@ -53,7 +53,7 @@ HttpConnectionManager::HttpConnectionManager(io_service& io_service, int port, + } + + void HttpConnectionManager::acceptIncomingConnection() { +- boost::shared_ptr<ip::tcp::socket> socket(new ip::tcp::socket(acceptor_.get_io_service())); ++ boost::shared_ptr<ip::tcp::socket> socket(new ip::tcp::socket(acceptor_.get_executor())); + + acceptor_.async_accept(*socket, boost::bind(&HttpConnectionManager::handleClientConnection, + this, socket, placeholders::error)); +@@ -63,7 +63,7 @@ void HttpConnectionManager::acceptIncomingConnection() { + void HttpConnectionManager::bridgeHttpRequest(boost::shared_ptr<ip::tcp::socket> socket, + ip::tcp::endpoint destination) + { +- Bridge::ptr bridge = HttpBridge::create(socket, acceptor_.get_io_service(), ++ Bridge::ptr bridge = HttpBridge::create(socket, acceptor_.get_executor(), + FingerprintManager::getInstance()); + + bridge->getServerSocket().
  4. Download patch debian/patches/series

    --- 0.8-8/debian/patches/series 2018-08-31 07:54:26.000000000 +0000 +++ 0.8-8ubuntu1/debian/patches/series 2020-05-20 15:48:40.000000000 +0000 @@ -3,3 +3,5 @@ Add-missing-libraries-at-link-time.patch Fix-OpenSSL-1.1-FTBFS.patch boost-1.67.patch +Fix-FTBFS-with-Boost-1.71.patch +f8c4274d1bfc3c2eca241d65f96de746bb0065e0.diff
  1. libbfio
  2. sbsigntool
  3. sslsniff