Run of fresh-snapshots for rtmpdump

Try this locally (using silver-platter):

debian-svp new-upstream --snapshot rtmpdump 

Merge these changes:

git pull https://janitor.debian.net/git/rtmpdump fresh-snapshots/main
git pull https://janitor.debian.net/git/rtmpdump fresh-snapshots/pristine-tar
git pull https://janitor.debian.net/git/rtmpdump fresh-snapshots/upstream

Summary

Merged new upstream version: 2.4+20151223.gitfa8646d.1+git20210219.1.f1b83c1 (was: 2.4+20151223.gitfa8646d.1).

Diff

Branch: main

diff --git a/debian/changelog b/debian/changelog
index 0ba3b5c..bf78b00 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,12 @@
-rtmpdump (2.4+20151223.gitfa8646d.1-3) UNRELEASED; urgency=medium
+rtmpdump (2.4+20151223.gitfa8646d.1+git20210219.1.f1b83c1-1) UNRELEASED; urgency=medium
 
   * Use secure URI in debian/watch.
   * Use secure URI in Homepage field.
   * Bump debhelper from old 11 to 12.
   * Set upstream metadata fields: Repository.
+  * New upstream snapshot.
 
- -- Debian Janitor <janitor@jelmer.uk>  Sat, 09 Nov 2019 19:43:44 +0000
+ -- Debian Janitor <janitor@jelmer.uk>  Thu, 08 Apr 2021 15:20:20 -0000
 
 rtmpdump (2.4+20151223.gitfa8646d.1-2) unstable; urgency=medium
 
diff --git a/librtmp/Makefile b/librtmp/Makefile
index 2c1c790..568fc71 100644
--- a/librtmp/Makefile
+++ b/librtmp/Makefile
@@ -108,13 +108,14 @@ librtmp.pc: librtmp.pc.in Makefile
 install:	install_base $(SO_INST)
 
 install_base:	librtmp.a librtmp.pc
-	-mkdir -p $(INCDIR) $(LIBDIR)/pkgconfig $(MANDIR)/man3 $(SODIR)
+	-mkdir -p $(INCDIR) $(LIBDIR)/pkgconfig $(MANDIR)/man3
 	cp amf.h http.h log.h rtmp.h $(INCDIR)
 	cp librtmp.a $(LIBDIR)
 	cp librtmp.pc $(LIBDIR)/pkgconfig
 	cp librtmp.3 $(MANDIR)/man3
 
 install_so:	librtmp$(SO_EXT)
+	-mkdir -p $(SODIR)
 	cp librtmp$(SO_EXT) $(SODIR)
 	$(INSTALL_IMPLIB)
 	cd $(SODIR); ln -sf librtmp$(SO_EXT) librtmp.$(SOX)
diff --git a/librtmp/hashswf.c b/librtmp/hashswf.c
index 9f4e2c0..32b2eed 100644
--- a/librtmp/hashswf.c
+++ b/librtmp/hashswf.c
@@ -70,6 +70,8 @@ extern TLS_CTX RTMP_TLS_ctx;
 
 #endif /* CRYPTO */
 
+#define DATELEN	64
+
 #define	AGENT	"Mozilla/5.0"
 
 HTTPResult
@@ -82,7 +84,8 @@ HTTP_get(struct HTTP_ctx *http, const char *url, HTTP_read_callback *cb)
 #ifdef CRYPTO
   int ssl = 0;
 #endif
-  int hlen, flen = 0;
+  int hlen;
+  long flen = 0;
   int rc, i;
   int len_known;
   HTTPResult ret = HTTPRES_OK;
@@ -241,14 +244,20 @@ HTTP_get(struct HTTP_ctx *http, const char *url, HTTP_read_callback *cb)
 	if (!strncasecmp
 	    (sb.sb_start, "Content-Length: ", sizeof("Content-Length: ") - 1))
 	{
-	  flen = atoi(sb.sb_start + sizeof("Content-Length: ") - 1);
+	  flen = strtol(sb.sb_start + sizeof("Content-Length: ") - 1, NULL, 10);
+	  if (flen < 1 || flen > INT_MAX)
+	  {
+	    ret = HTTPRES_BAD_REQUEST;
+	    goto leave;
+	  }
 	}
       else
 	if (!strncasecmp
 	    (sb.sb_start, "Last-Modified: ", sizeof("Last-Modified: ") - 1))
 	{
 	  *p2 = '\0';
-	  strcpy(http->date, sb.sb_start + sizeof("Last-Modified: ") - 1);
+	  strncpy(http->date, sb.sb_start + sizeof("Last-Modified: ") - 1, DATELEN-1);
+	  http->date[DATELEN-1] = '\0';
 	}
       p2 += 2;
       sb.sb_size -= p2 - sb.sb_start;
@@ -453,7 +462,7 @@ RTMP_HashSWF(const char *url, unsigned int *size, unsigned char *hash,
 	     int age)
 {
   FILE *f = NULL;
-  char *path, date[64], cctim[64];
+  char *path, date[DATELEN], cctim[DATELEN];
   long pos = 0;
   time_t ctim = -1, cnow;
   int i, got = 0, ret = 0;
@@ -554,7 +563,8 @@ RTMP_HashSWF(const char *url, unsigned int *size, unsigned char *hash,
 	      else if (!strncmp(buf, "date: ", 6))
 		{
 		  buf[strlen(buf) - 1] = '\0';
-		  strncpy(date, buf + 6, sizeof(date));
+		  strncpy(date, buf + 6, sizeof(date)-1);
+		  date[DATELEN-1] = '\0';
 		  got++;
 		}
 	      else if (!strncmp(buf, "ctim: ", 6))
diff --git a/librtmp/rtmp.c b/librtmp/rtmp.c
index a2863b0..0865689 100644
--- a/librtmp/rtmp.c
+++ b/librtmp/rtmp.c
@@ -4429,7 +4429,7 @@ static int
 HTTP_read(RTMP *r, int fill)
 {
   char *ptr;
-  int hlen;
+  long hlen;
 
 restart:
   if (fill)
@@ -4455,7 +4455,9 @@ restart:
   }
   if (!ptr)
     return -1;
-  hlen = atoi(ptr+16);
+  hlen = strtol(ptr+16, NULL, 10);
+  if (hlen < 1 || hlen > INT_MAX)
+    return -1;
   ptr = strstr(ptr+16, "\r\n\r\n");
   if (!ptr)
     return -1;

Branch: pristine-tar

diff --git a/rtmpdump_2.4+20151223.gitfa8646d.1+git20210219.1.f1b83c1.orig.tar.gz.delta b/rtmpdump_2.4+20151223.gitfa8646d.1+git20210219.1.f1b83c1.orig.tar.gz.delta
new file mode 100644
index 0000000..9b2306d
Binary files /dev/null and b/rtmpdump_2.4+20151223.gitfa8646d.1+git20210219.1.f1b83c1.orig.tar.gz.delta differ
diff --git a/rtmpdump_2.4+20151223.gitfa8646d.1+git20210219.1.f1b83c1.orig.tar.gz.id b/rtmpdump_2.4+20151223.gitfa8646d.1+git20210219.1.f1b83c1.orig.tar.gz.id
new file mode 100644
index 0000000..a149f48
--- /dev/null
+++ b/rtmpdump_2.4+20151223.gitfa8646d.1+git20210219.1.f1b83c1.orig.tar.gz.id
@@ -0,0 +1 @@
+016dd9f9354dbdd535229b428d71067eb05d5136

Branch: upstream

Tag: upstream/2.4+20151223.gitfa8646d.1+git20210219.1.f1b83c1
Unable to retrieve diff; error 500

Debdiff

[The following lists of changes regard files as different if they have different names, permissions or owners.]

Files in second set of .debs but not in first

-rw-r--r--  root/root   /usr/lib/debug/.build-id/15/891f4c18c8119e177ef12dba2f0a4c8b3c7bce.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/47/bb86137296f4442aca19be77fdafa322f8e5a8.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/55/03f918f573abd9e149a7f8d54e09cc4add58dc.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/68/bd37d24b1dcf22cc6a6e3f5e384df2f7d4d4ea.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/df/77d09bd2d7db69d765f98844c439e164d068ea.debug

Files in first set of .debs but not in second

-rw-r--r--  root/root   /usr/lib/debug/.build-id/3f/3e23332f272c02e02b8344cb98c4a8565131da.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/68/594ba28e28015fc406ee2cfb4be389d80f5bb1.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/9e/87982775243e6c0dbd9e9411cff9efd2731372.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/c0/508cef9f9cc0526856e64324a17229adf3e5f3.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/ee/75f684cab57f0c626de53dda9ec1ba89a2644a.debug

No differences were encountered between the control files of package librtmp-dev

Control files of package librtmp1: lines which differ (wdiff format)

  • Depends: libc6 (>= 2.14), libgmp10, libgnutls30 (>= 3.6.14), 3.7.0), libhogweed6, libnettle8, zlib1g (>= 1:1.1.4)

Control files of package librtmp1-dbgsym: lines which differ (wdiff format)

  • Build-Ids: ee75f684cab57f0c626de53dda9ec1ba89a2644a 15891f4c18c8119e177ef12dba2f0a4c8b3c7bce

No differences were encountered between the control files of package rtmpdump

Control files of package rtmpdump-dbgsym: lines which differ (wdiff format)

  • Build-Ids: 3f3e23332f272c02e02b8344cb98c4a8565131da 68594ba28e28015fc406ee2cfb4be389d80f5bb1 9e87982775243e6c0dbd9e9411cff9efd2731372 c0508cef9f9cc0526856e64324a17229adf3e5f3 47bb86137296f4442aca19be77fdafa322f8e5a8 5503f918f573abd9e149a7f8d54e09cc4add58dc 68bd37d24b1dcf22cc6a6e3f5e384df2f7d4d4ea df77d09bd2d7db69d765f98844c439e164d068ea

Resulting package

The resulting binary packages can be installed (if you have the apt repository enabled) by running one of:

apt install -t fresh-snapshots librtmp-dev
apt install -t fresh-snapshots librtmp1-dbgsym
apt install -t fresh-snapshots librtmp1
apt install -t fresh-snapshots rtmpdump-dbgsym
apt install -t fresh-snapshots rtmpdump

Lintian Result

Full worker log Full build log Full dist log