Debian Bug report logs - #609096
Buffer overflow in xdigger with long argv[0]

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Silvio Cesare <silvio.cesare@gmail.com>

To: submit@bugs.debian.org

Subject: Buffer overflow in xdigger with long argv[0]

Date: Thu, 6 Jan 2011 16:47:16 +1100

[Message part 1 (text/plain, inline)]

Package: xdigger
Version: 1.0.10-13
Severity: important
Tags: security

There is a buffer overflow in xdigger.

xdigger_1.0.10/xdigger.c
  strcpy(progname, argv[0]);

I confirmed execv* with a long argv[0] crashes xdigger.

Some other cases in the sound module with copying and strcating pargv/argv
might be worth looking at also. I have not investigated further. Nor have I
investigated exploitability.

xdigger is SGID games.

[Message part 2 (text/html, inline)]

Message #10 received at 609096@bugs.debian.org (full text, mbox, reply):

From: Peter Pentchev <roam@ringlet.net>

To: Silvio Cesare <silvio.cesare@gmail.com>

Cc: 609096@bugs.debian.org, debian-release@lists.debian.org

Subject: Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

Date: Sun, 9 Jan 2011 01:16:14 +0200

[Message part 1 (text/plain, inline)]

package xdigger
tag 609096 + pending
thanks

On Thu, Jan 06, 2011 at 04:47:16PM +1100, Silvio Cesare wrote:
> Package: xdigger
> Version: 1.0.10-13
> Severity: important
> Tags: security
> 
> There is a buffer overflow in xdigger.
> 
> xdigger_1.0.10/xdigger.c
>   strcpy(progname, argv[0]);
> 
> I confirmed execv* with a long argv[0] crashes xdigger.
> 
> Some other cases in the sound module with copying and strcating pargv/argv
> might be worth looking at also. I have not investigated further. Nor have I
> investigated exploitability.
> 
> xdigger is SGID games.

Hi,

Thanks for reporting this!  I've fixed this overflow, along with a whole
lot of other unchecked string accesses, in the Debian Games Team's
Subversion repository; the fix will be present in the 1.0.10-13+lenny1
version when it is uploaded.

And here's the question for the Release Team - may I prepare an upload to
stable-proposed-updates with the attached debdiff?  According to Moritz
Muehlenhoff's message to debian-games-devel at
http://lists.debian.org/debian-devel-games/2011/01/msg00006.html there will
be no Debian Security Advisory for this particular change; still, it might
be good to fix it, even if it is not too severe.  Of course, with Squeeze's
deep freeze, there's no rush right now, IMHO :)

Again, thanks for Silvio Cesare for reporting this, to the Debian Release
Team for everything they're doing, and to Ansgar Burchardt for the helpful
hints and advice in the past couple of days!  Keep up the great work, all
of you!

G'luck,
Peter

-- 
Peter Pentchev	roam@space.bg    roam@ringlet.net    roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This would easier understand fewer had omitted.

[xdigger_1.0.10-13+lenny1.debdiff (text/plain, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #17 received at 609096@bugs.debian.org (full text, mbox, reply):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

To: Peter Pentchev <roam@ringlet.net>

Cc: Silvio Cesare <silvio.cesare@gmail.com>, 609096@bugs.debian.org, debian-release@lists.debian.org

Subject: Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

Date: Wed, 12 Jan 2011 21:10:53 +0000

Hi,

On Sun, 2011-01-09 at 01:16 +0200, Peter Pentchev wrote:
> On Thu, Jan 06, 2011 at 04:47:16PM +1100, Silvio Cesare wrote:
> > Some other cases in the sound module with copying and strcating pargv/argv
> > might be worth looking at also. I have not investigated further. Nor have I
> > investigated exploitability.
> > 
> > xdigger is SGID games.
[...]
> Thanks for reporting this!  I've fixed this overflow, along with a whole
> lot of other unchecked string accesses, in the Debian Games Team's
> Subversion repository; the fix will be present in the 1.0.10-13+lenny1
> version when it is uploaded.

Thanks for preparing a stable upload for this.  Most of the code changes
look okay, if possible a little overly cautious in places. :-)

This change looked a little odd:

+ 	case TON_DIAMANT:
+-	  strcat(name, "/diamond.au");
++	  snprintf(name, sizeof(name), "%s/diamond.au", XDIGGER_LIB_DIR);
+ 	  break;
+ 	case TON_SCHRITT:
+-	  strcat(name, "/step.au");
++	  snprintf(name, sizeof(name), "%s/step.au", XDIGGER_LIB_DIR);
++	  strncat(name, "/step.au");
+ 	  break;
+ 	case TON_STEINE:
+-	  strcat(name, "/stone.au");
++	  snprintf(name, sizeof(name), "%s/stone.au", XDIGGER_LIB_DIR);
+ 	  break;

Why have the filenames changed from foo.au to XDIGGER_LIB_DIR/foo.au?

In general, we try to avoid introducing changes in stable updates which
aren't directly related to fixing the main issue; this has the dual
advantages of reducing the risk of inadvertently introducing new issues
and making the diff easier to review.

Have you verified whether the addition of ${misc:Depends} makes any
practical difference to the generated binary packages, rather than
simply quietening lintian?

Were the update to xdigger.desktop and the addition of
debian/source/format intentional?  If so, why aren't they mentioned in
the changelog?  fwiw, given that the default source format is not going
to change in lenny, the source/format change is at best a no-op.

Regards,

Adam

Message #22 received at 609096@bugs.debian.org (full text, mbox, reply):

From: Peter Pentchev <roam@ringlet.net>

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Cc: Silvio Cesare <silvio.cesare@gmail.com>, 609096@bugs.debian.org, debian-release@lists.debian.org

Subject: Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

Date: Thu, 13 Jan 2011 12:18:50 +0200

[Message part 1 (text/plain, inline)]

On Wed, Jan 12, 2011 at 09:10:53PM +0000, Adam D. Barratt wrote:
> Hi,
> 
> On Sun, 2011-01-09 at 01:16 +0200, Peter Pentchev wrote:
> > On Thu, Jan 06, 2011 at 04:47:16PM +1100, Silvio Cesare wrote:
> > > Some other cases in the sound module with copying and strcating pargv/argv
> > > might be worth looking at also. I have not investigated further. Nor have I
> > > investigated exploitability.
> > > 
> > > xdigger is SGID games.
> [...]
> > Thanks for reporting this!  I've fixed this overflow, along with a whole
> > lot of other unchecked string accesses, in the Debian Games Team's
> > Subversion repository; the fix will be present in the 1.0.10-13+lenny1
> > version when it is uploaded.
> 
> Thanks for preparing a stable upload for this.  Most of the code changes
> look okay, if possible a little overly cautious in places. :-)

Well, what can I say - I do get a little paranoid sometimes :)

> This change looked a little odd:
> 
> + 	case TON_DIAMANT:
> +-	  strcat(name, "/diamond.au");
> ++	  snprintf(name, sizeof(name), "%s/diamond.au", XDIGGER_LIB_DIR);
> + 	  break;

That part is okay, see below.

> + 	case TON_SCHRITT:
> +-	  strcat(name, "/step.au");
> ++	  snprintf(name, sizeof(name), "%s/step.au", XDIGGER_LIB_DIR);
> ++	  strncat(name, "/step.au");
> + 	  break;

Oops!  The strncat() should not be there, I'll prepare a new upload.

> + 	case TON_STEINE:
> +-	  strcat(name, "/stone.au");
> ++	  snprintf(name, sizeof(name), "%s/stone.au", XDIGGER_LIB_DIR);
> + 	  break;
> 
> Why have the filenames changed from foo.au to XDIGGER_LIB_DIR/foo.au?

They haven't changed :)  A couple of lines above that, the "name" variable
is initialized to XDIGGER_LIB_DIR, so the strcat() that was there just
added foo.au to it.  The snprintf() does both.

I've corrected the patch to remove the strncat() that I'd put there before
deciding to change it to snprintf() :)

> In general, we try to avoid introducing changes in stable updates which
> aren't directly related to fixing the main issue; this has the dual
> advantages of reducing the risk of inadvertently introducing new issues
> and making the diff easier to review.

Yes, I understand that.

> Have you verified whether the addition of ${misc:Depends} makes any
> practical difference to the generated binary packages, rather than
> simply quietening lintian?

Actually, it does not make any difference; I'll remove it.

> Were the update to xdigger.desktop and the addition of
> debian/source/format intentional?

Well, the update to xdigger.desktop was done in a sweeping change by
Paul Wise (pabs) two and a half years ago; I don't know why he didn't
mention it in the changelog.  That was before xdigger was removed from
unstable and testing, and before there were any thoughts of preparing
a Lenny-only upload.

Should I document it in the changelog, or revert it from the Subversion
repository?

> If so, why aren't they mentioned in
> the changelog?  fwiw, given that the default source format is not going
> to change in lenny, the source/format change is at best a no-op.

As to the default source format, I initially tried to convert it to
3.0 (quilt), but then Ansgar Burchardt kindly reminded me that you would
not really allow this as a stable update :)  So I reverted the 3.0 changes
and placed 1.0 as the source format name; I could remove it if you'd like,
no problem, and quite understandable.

Thanks for taking the time to review the changes!

G'luck,
Peter

-- 
Peter Pentchev	roam@space.bg    roam@ringlet.net    roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
If the meanings of 'true' and 'false' were switched, then this sentence wouldn't be false.

[signature.asc (application/pgp-signature, inline)]

Message #27 received at 609096@bugs.debian.org (full text, mbox, reply):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

To: Peter Pentchev <roam@ringlet.net>

Cc: Silvio Cesare <silvio.cesare@gmail.com>, 609096@bugs.debian.org, debian-release@lists.debian.org

Subject: Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

Date: Thu, 13 Jan 2011 22:27:11 +0000

On Thu, 2011-01-13 at 12:18 +0200, Peter Pentchev wrote:
> On Wed, Jan 12, 2011 at 09:10:53PM +0000, Adam D. Barratt wrote:
> > This change looked a little odd:
[...]
> > + 	case TON_SCHRITT:
> > +-	  strcat(name, "/step.au");
> > ++	  snprintf(name, sizeof(name), "%s/step.au", XDIGGER_LIB_DIR);
> > ++	  strncat(name, "/step.au");
> > + 	  break;
> 
> Oops!  The strncat() should not be there, I'll prepare a new upload.
> 
> > + 	case TON_STEINE:
> > +-	  strcat(name, "/stone.au");
> > ++	  snprintf(name, sizeof(name), "%s/stone.au", XDIGGER_LIB_DIR);
> > + 	  break;
> > 
> > Why have the filenames changed from foo.au to XDIGGER_LIB_DIR/foo.au?
> 
> They haven't changed :)  A couple of lines above that, the "name" variable
> is initialized to XDIGGER_LIB_DIR, so the strcat() that was there just
> added foo.au to it.  The snprintf() does both.

Ah, I see.

> I've corrected the patch to remove the strncat() that I'd put there before
> deciding to change it to snprintf() :)
[...]
> > Have you verified whether the addition of ${misc:Depends} makes any
> > practical difference to the generated binary packages, rather than
> > simply quietening lintian?
> 
> Actually, it does not make any difference; I'll remove it.

Thanks.

> > Were the update to xdigger.desktop and the addition of
> > debian/source/format intentional?
> 
> Well, the update to xdigger.desktop was done in a sweeping change by
> Paul Wise (pabs) two and a half years ago; I don't know why he didn't
> mention it in the changelog.  That was before xdigger was removed from
> unstable and testing, and before there were any thoughts of preparing
> a Lenny-only upload.
> 
> Should I document it in the changelog, or revert it from the Subversion
> repository?

One or the other.  :-)

> > If so, why aren't they mentioned in
> > the changelog?  fwiw, given that the default source format is not going
> > to change in lenny, the source/format change is at best a no-op.
> 
> As to the default source format, I initially tried to convert it to
> 3.0 (quilt), but then Ansgar Burchardt kindly reminded me that you would
> not really allow this as a stable update :)  So I reverted the 3.0 changes
> and placed 1.0 as the source format name; I could remove it if you'd like,
> no problem, and quite understandable.

Ansgar was correct. :-)   It's technically a no-op; I'm not going to
complain (too) loudly if you leave it in.

> Thanks for taking the time to review the changes!

Thanks for taking the time to fix things in lenny.

Regards,

Adam

Message #32 received at 609096@bugs.debian.org (full text, mbox, reply):

From: Peter Pentchev <roam@ringlet.net>

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Cc: Silvio Cesare <silvio.cesare@gmail.com>, 609096@bugs.debian.org, debian-release@lists.debian.org

Subject: Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

Date: Sun, 16 Jan 2011 20:38:43 +0200

[Message part 1 (text/plain, inline)]

On Thu, Jan 13, 2011 at 10:27:11PM +0000, Adam D. Barratt wrote:
> On Thu, 2011-01-13 at 12:18 +0200, Peter Pentchev wrote:
> > On Wed, Jan 12, 2011 at 09:10:53PM +0000, Adam D. Barratt wrote:
> > > This change looked a little odd:
> [...]
> > > + 	case TON_SCHRITT:
> > > +-	  strcat(name, "/step.au");
> > > ++	  snprintf(name, sizeof(name), "%s/step.au", XDIGGER_LIB_DIR);
> > > ++	  strncat(name, "/step.au");
> > > + 	  break;
> > 
> > Oops!  The strncat() should not be there, I'll prepare a new upload.
> > 
> > > + 	case TON_STEINE:
> > > +-	  strcat(name, "/stone.au");
> > > ++	  snprintf(name, sizeof(name), "%s/stone.au", XDIGGER_LIB_DIR);
> > > + 	  break;
> > > 
> > > Why have the filenames changed from foo.au to XDIGGER_LIB_DIR/foo.au?
> > 
> > They haven't changed :)  A couple of lines above that, the "name" variable
> > is initialized to XDIGGER_LIB_DIR, so the strcat() that was there just
> > added foo.au to it.  The snprintf() does both.
> 
> Ah, I see.
> 
> > I've corrected the patch to remove the strncat() that I'd put there before
> > deciding to change it to snprintf() :)
> [...]
> > > Have you verified whether the addition of ${misc:Depends} makes any
> > > practical difference to the generated binary packages, rather than
> > > simply quietening lintian?
> > 
> > Actually, it does not make any difference; I'll remove it.
> 
> Thanks.

Here it is.

> > > Were the update to xdigger.desktop and the addition of
> > > debian/source/format intentional?
> > 
> > Well, the update to xdigger.desktop was done in a sweeping change by
> > Paul Wise (pabs) two and a half years ago; I don't know why he didn't
> > mention it in the changelog.  That was before xdigger was removed from
> > unstable and testing, and before there were any thoughts of preparing
> > a Lenny-only upload.
> > 
> > Should I document it in the changelog, or revert it from the Subversion
> > repository?
> 
> One or the other.  :-)

I documented it, since the change did seem kind of useful.

> > > If so, why aren't they mentioned in
> > > the changelog?  fwiw, given that the default source format is not going
> > > to change in lenny, the source/format change is at best a no-op.
> > 
> > As to the default source format, I initially tried to convert it to
> > 3.0 (quilt), but then Ansgar Burchardt kindly reminded me that you would
> > not really allow this as a stable update :)  So I reverted the 3.0 changes
> > and placed 1.0 as the source format name; I could remove it if you'd like,
> > no problem, and quite understandable.
> 
> Ansgar was correct. :-)   It's technically a no-op; I'm not going to
> complain (too) loudly if you leave it in.

Okay, removed.

Here's the new debdiff; thanks for your time!

G'luck,
Peter

-- 
Peter Pentchev	roam@ringlet.net     roam@FreeBSD.org      roam@cpan.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
If this sentence were in Chinese, it would say something else.

[xdigger_1.0.10-13+lenny1.debdiff (text/plain, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #37 received at 609096@bugs.debian.org (full text, mbox, reply):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

To: Peter Pentchev <roam@ringlet.net>

Cc: Silvio Cesare <silvio.cesare@gmail.com>, 609096@bugs.debian.org, debian-release@lists.debian.org

Subject: Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

Date: Sun, 16 Jan 2011 19:25:01 +0000

On Sun, 2011-01-16 at 20:38 +0200, Peter Pentchev wrote:
> Here's the new debdiff; thanks for your time!

Thanks for that.

Two small things:

+-  strcat(strcpy(croom, " ROOM:  "), slevel_number);
[...]
++  snprintf(croom, sizeof(croom), " ROOM: %s", slevel_number);

The new version has one fewer space than the original; I guessed that
the double space might be so that the string aligns with " LIVES: ".

+-  strcpy(localhost, gethostbyname(localhost)->h_name);
+-  strcpy(xhost, gethostbyname(xhost)->h_name);
++  snprintf(localhost, sizeof(localhost), gethostbyname(localhost)->h_name);
++  snprintf(xhost, sizeof(xhost), gethostbyname(xhost)->h_name);

Those should probably be strncpys, or have an explicit "%s" format string.

+xdigger (1.0.10-13+lenny1) unstable; urgency=low

s/unstable/stable/

Okay, I lied; it was three things. :)

With the above changes, please feel free to upload (bearing in mind that
the deadline for inclusion in the next point release is tomorrow).

Regards,

Adam

Message #42 received at 609096@bugs.debian.org (full text, mbox, reply):

From: Peter Pentchev <roam@ringlet.net>

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Cc: Silvio Cesare <silvio.cesare@gmail.com>, 609096@bugs.debian.org, debian-release@lists.debian.org

Subject: Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

Date: Sun, 16 Jan 2011 23:30:07 +0200

[Message part 1 (text/plain, inline)]

On Sun, Jan 16, 2011 at 07:25:01PM +0000, Adam D. Barratt wrote:
> On Sun, 2011-01-16 at 20:38 +0200, Peter Pentchev wrote:
> > Here's the new debdiff; thanks for your time!
> 
> Thanks for that.
> 
> Two small things:
> 
> +-  strcat(strcpy(croom, " ROOM:  "), slevel_number);
> [...]
> ++  snprintf(croom, sizeof(croom), " ROOM: %s", slevel_number);
> 
> The new version has one fewer space than the original; I guessed that
> the double space might be so that the string aligns with " LIVES: ".

Oops.  True.  Fixed.

> +-  strcpy(localhost, gethostbyname(localhost)->h_name);
> +-  strcpy(xhost, gethostbyname(xhost)->h_name);
> ++  snprintf(localhost, sizeof(localhost), gethostbyname(localhost)->h_name);
> ++  snprintf(xhost, sizeof(xhost), gethostbyname(xhost)->h_name);
> 
> Those should probably be strncpys, or have an explicit "%s" format string.

Argh.  True.  Fixed; don't know what I was thinking.

> +xdigger (1.0.10-13+lenny1) unstable; urgency=low
> 
> s/unstable/stable/

Oops :)

> Okay, I lied; it was three things. :)
> 
> With the above changes, please feel free to upload (bearing in mind that
> the deadline for inclusion in the next point release is tomorrow).

Thanks!

Well, since I'm not a full DD yet, and xdigger doesn't fall under my DM
rights, I hereby throw myself at the mercy of the pkg-games DD's - or any
DD who's reading this and has the time to check my work as uploaded to
http://mentors.debian.net/debian/pool/main/x/xdigger/xdigger_1.0.10-13+lenny1.dsc
:)

Once again, many thanks to Adam and Ansgar for helping me through this and
pointing out my mistakes and misassumptions!

G'luck,
Peter

-- 
Peter Pentchev	roam@ringlet.net     roam@FreeBSD.org      roam@cpan.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This sentence was in the past tense.

[signature.asc (application/pgp-signature, inline)]

Message #47 received at 609096@bugs.debian.org (full text, mbox, reply):

From: Ansgar Burchardt <ansgar@debian.org>

To: Peter Pentchev <roam@ringlet.net>

Cc: 609096@bugs.debian.org, debian-release@lists.debian.org

Subject: Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

Date: Mon, 17 Jan 2011 00:48:37 +0100

Peter Pentchev <roam@ringlet.net> writes:
>> With the above changes, please feel free to upload (bearing in mind that
>> the deadline for inclusion in the next point release is tomorrow).
>
> Thanks!
>
> Well, since I'm not a full DD yet, and xdigger doesn't fall under my DM
> rights, I hereby throw myself at the mercy of the pkg-games DD's - or any
> DD who's reading this and has the time to check my work as uploaded to
> http://mentors.debian.net/debian/pool/main/x/xdigger/xdigger_1.0.10-13+lenny1.dsc
> :)

I just uploaded xdigger. Thanks for your work :)

Regards,
Ansgar

Message #52 received at 609096@bugs.debian.org (full text, mbox, reply):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

To: Ansgar Burchardt <ansgar@debian.org>

Cc: Peter Pentchev <roam@ringlet.net>, 609096@bugs.debian.org, debian-release@lists.debian.org

Subject: Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

Date: Mon, 17 Jan 2011 00:13:45 +0000

On Mon, 2011-01-17 at 00:48 +0100, Ansgar Burchardt wrote:
> Peter Pentchev <roam@ringlet.net> writes:
> >> With the above changes, please feel free to upload (bearing in mind that
> >> the deadline for inclusion in the next point release is tomorrow).
> >
> > Thanks!
> >
> > Well, since I'm not a full DD yet, and xdigger doesn't fall under my DM
> > rights, I hereby throw myself at the mercy of the pkg-games DD's - or any
> > DD who's reading this and has the time to check my work as uploaded to
> > http://mentors.debian.net/debian/pool/main/x/xdigger/xdigger_1.0.10-13+lenny1.dsc
> > :)
> 
> I just uploaded xdigger. Thanks for your work :)

Flagged for acceptance at the next dinstall; thanks.

Regards,

Adam

Message #57 received at 609096-close@bugs.debian.org (full text, mbox, reply):

From: Peter Pentchev <roam@ringlet.net>

To: 609096-close@bugs.debian.org

Subject: Bug#609096: fixed in xdigger 1.0.10-13+lenny1

Date: Mon, 17 Jan 2011 01:59:30 +0000

Source: xdigger
Source-Version: 1.0.10-13+lenny1

We believe that the bug you reported is fixed in the latest version of
xdigger, which is due to be installed in the Debian FTP archive:

xdigger_1.0.10-13+lenny1.diff.gz
  to main/x/xdigger/xdigger_1.0.10-13+lenny1.diff.gz
xdigger_1.0.10-13+lenny1.dsc
  to main/x/xdigger/xdigger_1.0.10-13+lenny1.dsc
xdigger_1.0.10-13+lenny1_amd64.deb
  to main/x/xdigger/xdigger_1.0.10-13+lenny1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 609096@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Pentchev <roam@ringlet.net> (supplier of updated xdigger package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 16 Jan 2011 23:18:52 +0200
Source: xdigger
Binary: xdigger
Architecture: amd64 source
Version: 1.0.10-13+lenny1
Distribution: stable
Urgency: low
Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org>
Changed-By: Peter Pentchev <roam@ringlet.net>
Closes: 609096
Description: 
 xdigger    - arcade diamonds digging game for X11
Changes: 
 xdigger (1.0.10-13+lenny1) stable; urgency=low
 .
   * Team upload.
   * Paul Wise made xdigger.desktop a valid file by adding ArcadeGame
     as a category.
   * Add the buffers patch to guard against lots of buffer overflows,
     including the one reported in the BTS.  Closes: #609096
   * Add DEP 3 descriptive headers to the rest of the patches.
   * Use the quilt patch/unpatch targets in a bit more robust way and
     add a README.source file describing the use of quilt.
Checksums-Sha1: 
 95ca25fd6c9d05f26d3f6815379bfeb17bfc2f9a 1998 xdigger_1.0.10-13+lenny1.dsc
 877a60c71ab23d0b1fe204ddbb9c3536c2f1f3a1 9133 xdigger_1.0.10-13+lenny1.diff.gz
 8eb000b3697a656c6f8398a08a2bb2b3907a2ebc 42004 xdigger_1.0.10-13+lenny1_amd64.deb
Checksums-Sha256: 
 9a939073fe2c828a1d6bc54e979012ace68513bc25cb0d37bcca185f1f10636f 1998 xdigger_1.0.10-13+lenny1.dsc
 83406f0e7a5626f980661473c8cacdf4b06983c6121817ed1053bd642909be6d 9133 xdigger_1.0.10-13+lenny1.diff.gz
 540505ad9933ec00486530df701d71e7c458468dce63eecd15e58d18311afd8e 42004 xdigger_1.0.10-13+lenny1_amd64.deb
Files: 
 825e1d7a422f3d44c60abd10557fb3e0 1998 games optional xdigger_1.0.10-13+lenny1.dsc
 0172a6510d3efa84286b6cdd298193b1 9133 games optional xdigger_1.0.10-13+lenny1.diff.gz
 118baeabc4e8ad43b16648e23c8dd04e 42004 games optional xdigger_1.0.10-13+lenny1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCgAGBQJNM4JrAAoJEIATJTTdNH3IBbsP/2X8Tl+u1PMo71ApwsXtbcFR
L+7XBJjvHGIOJ3NgtgCTcaKDO1Q9LG0vGfX5IAFSrr52JogEG1wLxWOjBoEgLnSy
Zbv/rzs2Y8w9F6NKu/oGI5qqRLR0HZwkzSOGLJHkzzyRJpFn8NpeERp9OUE7fZol
SJOFzNxcrtYEM0WO/82j96/gEJcTkbDj9itTaWaASRauDyLYYNqgYOS1/wQAq8KJ
q7B/S+VPHT2XxXOyjPaEtUWOClid79D47oKTNbNmpx+JkM/0P3Qvchldmwn5vJfc
VoyXyH8UjbXzoRGLuMuY6JbBs3Uqi742Lhsu1j9YIdIE9IpLdiBli9bEkZS10cbz
N3LgwQGJ4vzIQCpCJCMdLPZnkKPKxbD3XbloPZXfqhxZXKU+8fDy9EWx7M07wyZA
cBqXiggREUDw+H3cqiGZh/pjUMo0MMmyjg8mZh/KAaSSXexz5DFO1QG1gtcVgQaa
Usya0UVHSZeO6Zruj5hqCZysRjWZ5DtaSNayF0MNUmxpAMgI8QFa5WEiXMFvhww/
TvxgUlb55UCTpetD8TiqvO/TTVbriyy5TW2Uy1Nx3DLze9Z1Hlza9Hyaq8RsqZKF
aPCjzGSm+xAE7XwBPOtInnScAH/z/IgX/QkKNTPlKJeCDIBxMc6UF2OR4CY03oS5
CSP0kKevICh2zeiIohFz
=hjfp
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.