debian/0000775000000000000000000000000013327715264007202 5ustar debian/libcapnp-dev.install0000664000000000000000000000035512316520227013127 0ustar usr/lib/*/libcapnp.a usr/lib/*/libcapnp.so usr/lib/*/libcapnp-rpc.a usr/lib/*/libcapnp-rpc.so usr/lib/*/libcapnpc.a usr/lib/*/libcapnpc.so usr/lib/*/libkj.a usr/lib/*/libkj.so usr/lib/*/libkj-async.a usr/lib/*/libkj-async.so usr/include debian/libcapnp-0.4.0.lintian-overrides0000664000000000000000000000056212253377450015010 0ustar libcapnp-0.4.0 binary: no-symbols-control-file usr/lib/libcapnp-0.4.0.so libcapnp-0.4.0 binary: no-symbols-control-file usr/lib/libcapnp-rpc-0.4.0.so libcapnp-0.4.0 binary: no-symbols-control-file usr/lib/libcapnpc-0.4.0.so libcapnp-0.4.0 binary: no-symbols-control-file usr/lib/libkj-0.4.0.so libcapnp-0.4.0 binary: no-symbols-control-file usr/lib/libkj-async-0.4.0.so debian/capnproto.manpages0000664000000000000000000000001712253376206012716 0ustar debian/capnp.1 debian/capnproto.lintian-overrides0000664000000000000000000000007712253376206014567 0ustar capnproto binary: hardening-no-fortify-functions usr/bin/capnp debian/patches/0000775000000000000000000000000013327652573010634 5ustar debian/patches/CVE-2015-2311.patch0000664000000000000000000000332513327632264013241 0ustar From e84ae6e395ba6e6e8616bd3d40f7a7d50ad5b5ed Mon Sep 17 00:00:00 2001 From: Kenton Varda Date: Fri, 27 Feb 2015 19:53:07 -0800 Subject: [PATCH] SECURITY: Integer underflow in pointer validation. Details: https://github.com/sandstorm-io/capnproto/tree/master/security-advisories/2014-03-02-1-c++-integer-underflow.md --- src/capnp/layout.c++ | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/capnp/layout.c++ b/src/capnp/layout.c++ index 7c7f566f0..b0c09b7a5 100644 --- a/src/capnp/layout.c++ +++ b/src/capnp/layout.c++ @@ -1437,6 +1437,7 @@ struct WireHelpers { WirePointer* ref, word* refTarget, SegmentBuilder* segment, const void* defaultValue, ByteCount defaultSize)) { if (ref->isNull()) { + useDefault: if (defaultSize == 0 * BYTES) { return nullptr; } else { @@ -1446,14 +1447,19 @@ struct WireHelpers { } } else { word* ptr = followFars(ref, refTarget, segment); + char* cptr = reinterpret_cast(ptr); KJ_REQUIRE(ref->kind() == WirePointer::LIST, "Called getText{Field,Element}() but existing pointer is not a list."); KJ_REQUIRE(ref->listRef.elementSize() == FieldSize::BYTE, "Called getText{Field,Element}() but existing list pointer is not byte-sized."); - // Subtract 1 from the size for the NUL terminator. - return Text::Builder(reinterpret_cast(ptr), ref->listRef.elementCount() / ELEMENTS - 1); + size_t size = ref->listRef.elementCount() / ELEMENTS; + KJ_REQUIRE(size > 0 && cptr[size-1] == '\0', "Text blob missing NUL terminator.") { + goto useDefault; + } + + return Text::Builder(cptr, size - 1); } } debian/patches/CVE-2015-2313.patch0000664000000000000000000001252713327650477013255 0ustar From ac00109ca0749efd04a4203d002afa00f6b6cd89 Mon Sep 17 00:00:00 2001 From: Kenton Varda Date: Thu, 5 Mar 2015 10:27:29 -0800 Subject: [PATCH] SECURITY: Additional CPU amplification case. Unfortunately, commit 104870608fde3c698483fdef6b97f093fc15685d missed a case of CPU amplification via struct lists with zero-sized elements. See advisory: https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2015-03-05-0-c++-addl-cpu-amplification.md --- src/capnp/encoding-test.c++ | 21 ++++++++++++++------- src/capnp/layout.c++ | 42 +++++++++++++++++++++++------------------ 2 files changed, 38 insertions(+), 25 deletions(-) diff --git a/src/capnp/encoding-test.c++ b/src/capnp/encoding-test.c++ index 1b08004db..31de10dcc 100644 --- a/src/capnp/encoding-test.c++ +++ b/src/capnp/encoding-test.c++ @@ -1501,17 +1501,24 @@ TEST(Encoding, VoidListAmplification) { } TEST(Encoding, EmptyStructListAmplification) { - MallocMessageBuilder builder; - builder.initRoot().getAnyPointerField() - .initAs>(1u << 28); + MallocMessageBuilder builder(1024); + auto listList = builder.initRoot().getAnyPointerField() + .initAs>>(500); + + for (uint i = 0; i < listList.size(); i++) { + listList.init(i, 1u << 28); + } auto segments = builder.getSegmentsForOutput(); - EXPECT_EQ(1, segments.size()); - EXPECT_LT(segments[0].size(), 16); // quite small for such a big list! + ASSERT_EQ(1, segments.size()); SegmentArrayMessageReader reader(builder.getSegmentsForOutput()); - auto root = reader.getRoot().getAnyPointerField(); - EXPECT_NONFATAL_FAILURE(root.getAs>()); + auto root = reader.getRoot(); + auto listListReader = root.getAnyPointerField().getAs>>(); + EXPECT_NONFATAL_FAILURE(listListReader[0]); + EXPECT_NONFATAL_FAILURE(listListReader[10]); + + EXPECT_EQ(segments[0].size() - 1, root.totalSize().wordCount); } TEST(Encoding, Constants) { diff --git a/src/capnp/layout.c++ b/src/capnp/layout.c++ index d66e70b48..7a6993352 100644 --- a/src/capnp/layout.c++ +++ b/src/capnp/layout.c++ @@ -534,14 +534,16 @@ struct WireHelpers { WordCount dataSize = elementTag->structRef.dataSize.get(); WirePointerCount pointerCount = elementTag->structRef.ptrCount.get(); - word* pos = ptr + POINTER_SIZE_IN_WORDS; uint count = elementTag->inlineCompositeListElementCount() / ELEMENTS; - for (uint i = 0; i < count; i++) { - pos += dataSize; - - for (uint j = 0; j < pointerCount / POINTERS; j++) { - zeroObject(segment, reinterpret_cast(pos)); - pos += POINTER_SIZE_IN_WORDS; + if (pointerCount > 0 * POINTERS) { + word* pos = ptr + POINTER_SIZE_IN_WORDS; + for (uint i = 0; i < count; i++) { + pos += dataSize; + + for (uint j = 0; j < pointerCount / POINTERS; j++) { + zeroObject(segment, reinterpret_cast(pos)); + pos += POINTER_SIZE_IN_WORDS; + } } } @@ -657,8 +659,6 @@ struct WireHelpers { return result; } - result.wordCount += wordCount + POINTER_SIZE_IN_WORDS; - const WirePointer* elementTag = reinterpret_cast(ptr); ElementCount count = elementTag->inlineCompositeListElementCount(); @@ -667,23 +667,29 @@ struct WireHelpers { return result; } - KJ_REQUIRE(elementTag->structRef.wordSize() / ELEMENTS * - ElementCount64(count) <= wordCount, + auto actualSize = elementTag->structRef.wordSize() / ELEMENTS * ElementCount64(count); + KJ_REQUIRE(actualSize <= wordCount, "Struct list pointer's elements overran size.") { return result; } + // We count the actual size rather than the claimed word count because that's what + // we'll end up with if we make a copy. + result.wordCount += actualSize + POINTER_SIZE_IN_WORDS; + WordCount dataSize = elementTag->structRef.dataSize.get(); WirePointerCount pointerCount = elementTag->structRef.ptrCount.get(); - const word* pos = ptr + POINTER_SIZE_IN_WORDS; - for (uint i = 0; i < count / ELEMENTS; i++) { - pos += dataSize; + if (pointerCount > 0 * POINTERS) { + const word* pos = ptr + POINTER_SIZE_IN_WORDS; + for (uint i = 0; i < count / ELEMENTS; i++) { + pos += dataSize; - for (uint j = 0; j < pointerCount / POINTERS; j++) { - result += totalSize(segment, reinterpret_cast(pos), - nestingLimit); - pos += POINTER_SIZE_IN_WORDS; + for (uint j = 0; j < pointerCount / POINTERS; j++) { + result += totalSize(segment, reinterpret_cast(pos), + nestingLimit); + pos += POINTER_SIZE_IN_WORDS; + } } } break; debian/patches/series0000664000000000000000000000014413327652435012045 0ustar CVE-2015-2310.patch CVE-2015-2311.patch CVE-2015-2312.patch CVE-2015-2313.patch CVE-2017-7892.patch debian/patches/CVE-2015-2310.patch0000664000000000000000000000352213326673214013236 0ustar From c0441ece9bb018ff05711c0ec0b9f5ceb25ca114 Mon Sep 17 00:00:00 2001 From: Kenton Varda Date: Wed, 25 Feb 2015 13:50:43 -0800 Subject: [PATCH] SECURITY: Integer overflow in pointer validation. Details: https://github.com/sandstorm-io/capnproto/tree/master/security-advisories/2014-03-02-0-c++-integer-overflow.md --- src/capnp/layout.c++ | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/capnp/layout.c++ b/src/capnp/layout.c++ index f25278093..7c7f566f0 100644 --- a/src/capnp/layout.c++ +++ b/src/capnp/layout.c++ @@ -662,7 +662,8 @@ struct WireHelpers { return result; } - KJ_REQUIRE(elementTag->structRef.wordSize() / ELEMENTS * count <= wordCount, + KJ_REQUIRE(elementTag->structRef.wordSize() / ELEMENTS * + ElementCount64(count) <= wordCount, "Struct list pointer's elements overran size.") { return result; } @@ -1681,7 +1682,7 @@ struct WireHelpers { ElementCount elementCount = tag->inlineCompositeListElementCount(); auto wordsPerElement = tag->structRef.wordSize() / ELEMENTS; - KJ_REQUIRE(wordsPerElement * elementCount <= wordCount, + KJ_REQUIRE(wordsPerElement * ElementCount64(elementCount) <= wordCount, "INLINE_COMPOSITE list's elements overrun its word count.") { goto useDefault; } @@ -1923,7 +1924,7 @@ struct WireHelpers { size = tag->inlineCompositeListElementCount(); wordsPerElement = tag->structRef.wordSize() / ELEMENTS; - KJ_REQUIRE(size * wordsPerElement <= wordCount, + KJ_REQUIRE(ElementCount64(size) * wordsPerElement <= wordCount, "INLINE_COMPOSITE list's elements overrun its word count.") { goto useDefault; } debian/patches/CVE-2017-7892.patch0000664000000000000000000000254213327653415013267 0ustar From 51e801a705b1cf40eb3d21f9dd2038edba4d8b2e Mon Sep 17 00:00:00 2001 From: Kenton Varda Date: Sat, 15 Apr 2017 19:31:53 -0700 Subject: [PATCH] SECURITY: Prevent compiler from eliding bounds checks. Details: https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2017-04-17-0-apple-32bit-elides-bounds-check.md --- src/capnp/arena.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/capnp/arena.h b/src/capnp/arena.h index 8edd9bb8..74238a6c 100644 --- a/src/capnp/arena.h +++ b/src/capnp/arena.h @@ -295,7 +295,11 @@ inline SegmentReader::SegmentReader(Arena* arena, SegmentId id, kj::ArrayPtr= this->ptr.begin() && to <= this->ptr.end() && + uintptr_t start = reinterpret_cast(from) - reinterpret_cast(ptr.begin()); + uintptr_t end = reinterpret_cast(to) - reinterpret_cast(ptr.begin()); + uintptr_t bound = ptr.size() * sizeof(capnp::word); + + return start <= bound && end <= bound && start <= end && readLimiter->canRead( intervalLength(reinterpret_cast(from), reinterpret_cast(to)) / BYTES_PER_WORD, -- 2.17.1 debian/patches/CVE-2015-2312.patch0000664000000000000000000002037213327636120013236 0ustar From 4caa02ed303689323cda603928fe6a09a6d9fa74 Mon Sep 17 00:00:00 2001 From: Kenton Varda Date: Fri, 27 Feb 2015 20:23:13 -0800 Subject: [PATCH] SECURITY: CPU usage amplification attack. Details: https://github.com/sandstorm-io/capnproto/tree/master/security-advisories/2014-03-02-0-all-cpu-amplification.md --- src/capnp/arena.h | 11 +++++++++ src/capnp/encoding-test.c++ | 30 ++++++++++++++++++++++++ src/capnp/layout.c++ | 51 +++++++++++++++++++++++++++++++++++++---- 3 files changed, 88 insertions(+), 4 deletions(-) diff --git a/src/capnp/arena.h b/src/capnp/arena.h index 69316f982..53e17c0cb 100644 --- a/src/capnp/arena.h +++ b/src/capnp/arena.h @@ -108,6 +108,13 @@ class SegmentReader { KJ_ALWAYS_INLINE(bool containsInterval(const void* from, const void* to)); + KJ_ALWAYS_INLINE(bool amplifiedRead(WordCount virtualAmount)); + // Indicates that the reader should pretend that `virtualAmount` additional data was read even + // though no actual pointer was traversed. This is used e.g. when reading a struct list pointer + // where the element sizes are zero -- the sender could set the list size arbitrarily high and + // cause the receiver to iterate over this list even though the message itself is small, so we + // need to defend agaisnt DoS attacks based on this. + inline Arena* getArena(); inline SegmentId getSegmentId(); @@ -302,6 +309,10 @@ inline bool SegmentReader::containsInterval(const void* from, const void* to) { arena); } +inline bool SegmentReader::amplifiedRead(WordCount virtualAmount) { + return readLimiter->canRead(virtualAmount, arena); +} + inline Arena* SegmentReader::getArena() { return arena; } inline SegmentId SegmentReader::getSegmentId() { return id; } inline const word* SegmentReader::getStartPtr() { return ptr.begin(); } diff --git a/src/capnp/encoding-test.c++ b/src/capnp/encoding-test.c++ index c50d8ed89..1b08004db 100644 --- a/src/capnp/encoding-test.c++ +++ b/src/capnp/encoding-test.c++ @@ -1484,6 +1484,36 @@ TEST(Encoding, Has) { EXPECT_TRUE(root.asReader().hasInt32List()); } +TEST(Encoding, VoidListAmplification) { + MallocMessageBuilder builder; + builder.initRoot().getAnyPointerField().initAs>(1u << 28); + + auto segments = builder.getSegmentsForOutput(); + EXPECT_EQ(1, segments.size()); + EXPECT_LT(segments[0].size(), 16); // quite small for such a big list! + + SegmentArrayMessageReader reader(builder.getSegmentsForOutput()); + auto root = reader.getRoot().getAnyPointerField(); + EXPECT_NONFATAL_FAILURE(root.getAs>()); + + MallocMessageBuilder copy; + EXPECT_NONFATAL_FAILURE(copy.setRoot(reader.getRoot())); +} + +TEST(Encoding, EmptyStructListAmplification) { + MallocMessageBuilder builder; + builder.initRoot().getAnyPointerField() + .initAs>(1u << 28); + + auto segments = builder.getSegmentsForOutput(); + EXPECT_EQ(1, segments.size()); + EXPECT_LT(segments[0].size(), 16); // quite small for such a big list! + + SegmentArrayMessageReader reader(builder.getSegmentsForOutput()); + auto root = reader.getRoot().getAnyPointerField(); + EXPECT_NONFATAL_FAILURE(root.getAs>()); +} + TEST(Encoding, Constants) { EXPECT_EQ(VOID, test::TestConstants::VOID_CONST); EXPECT_EQ(true, test::TestConstants::BOOL_CONST); diff --git a/src/capnp/layout.c++ b/src/capnp/layout.c++ index b0c09b7a5..d66e70b48 100644 --- a/src/capnp/layout.c++ +++ b/src/capnp/layout.c++ @@ -308,6 +308,11 @@ struct WireHelpers { return segment == nullptr || segment->containsInterval(start, end); } + static KJ_ALWAYS_INLINE(bool amplifiedRead(SegmentReader* segment, WordCount virtualAmount)) { + // If segment is null, this is an unchecked message, so we don't do read limiter checks. + return segment == nullptr || segment->amplifiedRead(virtualAmount); + } + static KJ_ALWAYS_INLINE(word* allocate( WirePointer*& ref, SegmentBuilder*& segment, WordCount amount, WirePointer::Kind kind, BuilderArena* orphanArena)) { @@ -1693,6 +1698,15 @@ struct WireHelpers { goto useDefault; } + if (wordsPerElement * (1 * ELEMENTS) == 0 * WORDS) { + // Watch out for lists of zero-sized structs, which can claim to be arbitrarily large + // without having sent actual data. + KJ_REQUIRE(amplifiedRead(srcSegment, elementCount * (1 * WORDS / ELEMENTS)), + "Message contains amplified list pointer.") { + goto useDefault; + } + } + return setListPointer(dstSegment, dst, ListReader(srcSegment, ptr, elementCount, wordsPerElement * BITS_PER_WORD, tag->structRef.dataSize.get() * BITS_PER_WORD, @@ -1710,6 +1724,15 @@ struct WireHelpers { goto useDefault; } + if (elementSize == FieldSize::VOID) { + // Watch out for lists of void, which can claim to be arbitrarily large without having + // sent actual data. + KJ_REQUIRE(amplifiedRead(srcSegment, elementCount * (1 * WORDS / ELEMENTS)), + "Message contains amplified list pointer.") { + goto useDefault; + } + } + return setListPointer(dstSegment, dst, ListReader(srcSegment, ptr, elementCount, step, dataSize, pointerCount, nestingLimit - 1), @@ -1907,7 +1930,8 @@ struct WireHelpers { goto useDefault; } - if (ref->listRef.elementSize() == FieldSize::INLINE_COMPOSITE) { + FieldSize elementSize = ref->listRef.elementSize(); + if (elementSize == FieldSize::INLINE_COMPOSITE) { decltype(WORDS/ELEMENTS) wordsPerElement; ElementCount size; @@ -1935,6 +1959,15 @@ struct WireHelpers { goto useDefault; } + if (wordsPerElement * (1 * ELEMENTS) == 0 * WORDS) { + // Watch out for lists of zero-sized structs, which can claim to be arbitrarily large + // without having sent actual data. + KJ_REQUIRE(amplifiedRead(segment, size * (1 * WORDS / ELEMENTS)), + "Message contains amplified list pointer.") { + goto useDefault; + } + } + // If a struct list was not expected, then presumably a non-struct list was upgraded to a // struct list. We need to manipulate the pointer to point at the first field of the // struct. Together with the "stepBits", this will allow the struct list to be accessed as @@ -1982,14 +2015,24 @@ struct WireHelpers { BitCount dataSize = dataBitsPerElement(ref->listRef.elementSize()) * ELEMENTS; WirePointerCount pointerCount = pointersPerElement(ref->listRef.elementSize()) * ELEMENTS; + ElementCount elementCount = ref->listRef.elementCount(); auto step = (dataSize + pointerCount * BITS_PER_POINTER) / ELEMENTS; - KJ_REQUIRE(boundsCheck(segment, ptr, ptr + - roundBitsUpToWords(ElementCount64(ref->listRef.elementCount()) * step)), + WordCount wordCount = roundBitsUpToWords(ElementCount64(elementCount) * step); + KJ_REQUIRE(boundsCheck(segment, ptr, ptr + wordCount), "Message contains out-of-bounds list pointer.") { goto useDefault; } + if (elementSize == FieldSize::VOID) { + // Watch out for lists of void, which can claim to be arbitrarily large without having sent + // actual data. + KJ_REQUIRE(amplifiedRead(segment, elementCount * (1 * WORDS / ELEMENTS)), + "Message contains amplified list pointer.") { + goto useDefault; + } + } + // Verify that the elements are at least as large as the expected type. Note that if we // expected INLINE_COMPOSITE, the expected sizes here will be zero, because bounds checking // will be performed at field access time. So this check here is for the case where we @@ -2009,7 +2052,7 @@ struct WireHelpers { goto useDefault; } - return ListReader(segment, ptr, ref->listRef.elementCount(), step, + return ListReader(segment, ptr, elementCount, step, dataSize, pointerCount, nestingLimit - 1); } } debian/copyright0000664000000000000000000001072412253376206011135 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: capnproto Source: http://capnproto.org/ Files: * Copyright: 2013 Kenton Varda License: BSD-2-clause Copyright (c) 2013, Kenton Varda All rights reserved. . Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Files: debian/* Copyright: 2013 Tom Lee License: BSD-2-clause Copyright (c) 2013, Tom Lee All rights reserved. . Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Files: gtest/* Copyright: 2008 Google Inc. License: BSD-3-clause Copyright (c) 2008, Google Inc. All rights reserved. . Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. debian/capnproto.install0000664000000000000000000000001112253376206012563 0ustar usr/bin debian/source/0000775000000000000000000000000012253376206010476 5ustar debian/source/format0000664000000000000000000000001412253376206011704 0ustar 3.0 (quilt) debian/changelog0000664000000000000000000000401213327714215011044 0ustar capnproto (0.4.0-1ubuntu2.1) trusty-security; urgency=medium * SECURITY UPDATE: Integer overflow in pointer validation. - debian/patches/CVE-2015-2310.patch: fix in src/capnp/layout.c++ - CVE-2015-2310 * SECURITY UPDATE: Integer underflow in pointer validation. - debian/patches/CVE-2015-2311.patch: fix in src/capnp/layout.c++ - CVE-2015-2311 * SECURITY UPDATE: CPU usage amplification attack. - debian/patches/CVE-2015-2312.patch: fix in src/capnp/arena.h, src/capnp/encoding-test.c++ and src/capnp/layout.c++ - CVE-2015-2312 * SECURITY UPDATE: CPU additional CPU amplification case. - debian/patches/CVE-2015-2313.patch: fix in src/capnp/layout.c++ and src/capnp/encoding-test.c++ - CVE-2015-2313 * SECURITY UPDATE: Prevent compiler from eliding bounds checks. - debian/patches/CVE-2017-7892.patch: fix in src/capnp/arena.h - CVE-2017-7892 -- Eduardo Barretto Mon, 30 Jul 2018 20:00:10 -0300 capnproto (0.4.0-1ubuntu2) trusty; urgency=medium * Bump compat level to 9. * Multi-arch library packages. * Mark the utility as foreign. * Enable parallel build. * Drop maintainer scripts, dh_makeshlibs adds ldconfig. -- Dimitri John Ledkov Tue, 01 Apr 2014 12:23:36 +0100 capnproto (0.4.0-1ubuntu1) trusty; urgency=medium * Use dh-autoreconf to get new libtool macros for ppc64el and update config.{sub,guess} for new arches. -- Logan Rosen Mon, 13 Jan 2014 02:44:12 -0500 capnproto (0.4.0-1) unstable; urgency=low * Updated packaging, include libkj-async and libcapnp-rpc. * Imported Upstream version 0.4.0 -- Tom Lee Sun, 15 Dec 2013 10:41:21 -0700 capnproto (0.3.0-1) unstable; urgency=low * Fix Vcs-Git URL * Imported Upstream version 0.3.0 -- Tom Lee Wed, 13 Nov 2013 12:45:02 -0700 capnproto (0.2.1-1) unstable; urgency=low * Initial release (Closes: #719782) -- Tom Lee Tue, 20 Aug 2013 00:18:16 -0700 debian/control0000664000000000000000000000552312316520611010575 0ustar Source: capnproto Section: devel Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Tom Lee Build-Depends: debhelper (>= 8.0.0), gcc (>= 4.7), python-all (>= 2.6), dpkg-dev (>= 1.16.1.1), docbook-xsl, docbook-xml, xsltproc, dh-autoreconf, netbase Standards-Version: 3.9.5 Homepage: http://kentonv.github.io/capnproto/ Vcs-Git: git://github.com/thomaslee/capnproto-debian Vcs-Browser: http://github.com/thomaslee/capnproto-debian Package: libcapnp-0.4.0 Architecture: any Multi-Arch: same Section: libs Depends: ${shlibs:Depends}, ${misc:Depends} Description: Cap'n Proto C++ library Similar to Protocol Buffers, Cap'n Proto is an efficient means of serializing structured data to be transferred across a network or written to disk. Users write a Cap'n Proto definition file that drives a code generator, which in turn emits C++ code for encoding & decoding messages in the Cap'n Proto format. . In addition to being extremely fast, Cap'n Proto also smooths over some of the rougher aspects of Protocol Buffers & introduces a number of new features to boot. . This package contains the runtime libraries needed for C++ applications. Package: libcapnp-dev Architecture: any Multi-Arch: same Section: libdevel Depends: ${misc:Depends}, libcapnp-0.4.0 (= ${binary:Version}) Description: Cap'n Proto C++ library (development files) Similar to Protocol Buffers, Cap'n Proto is an efficient means of serializing structured data to be transferred across a network or written to disk. Users write a Cap'n Proto definition file that drives a code generator, which in turn emits C++ code for encoding & decoding messages in the Cap'n Proto format. . In addition to being extremely fast, Cap'n Proto also smooths over some of the rougher aspects of Protocol Buffers & introduces a number of new features to boot. . This package contains the headers and static libraries needed for writing C++ applications. Package: capnproto Architecture: any Multi-Arch: foreign Depends: ${shlibs:Depends}, ${misc:Depends}, libcapnp-0.4.0 (= ${binary:Version}) Description: tool for working with the Cap'n Proto data interchange format Similar to Protocol Buffers, Cap'n Proto is an efficient means of serializing structured data to be transferred across a network or written to disk. Users write a Cap'n Proto definition file that drives a code generator, which in turn emits C++ code for encoding & decoding messages in the Cap'n Proto format. . In addition to being extremely fast, Cap'n Proto also smooths over some of the rougher aspects of Protocol Buffers & introduces a number of new features to boot. . This package contains a small suite of tools for developing & maintaining your Cap'n Proto schema files, including a code generator for compiling your schema files to supported languages. debian/rules0000775000000000000000000000127412316521110010244 0ustar #!/usr/bin/make -f # # Force a release build & works around a g++ compiler bug by happy coincidence # export DEB_CXXFLAGS_MAINT_APPEND = -DNDEBUG export DEB_LDFLAGS_MAINT_APPEND = -lpthread export DEB_BUILD_MAINT_OPTIONS=hardening=+all DPKG_EXPORT_BUILDFLAGS=1 include /usr/share/dpkg/buildflags.mk export DH_OPTIONS %: dh $@ --with autoreconf --parallel override_dh_auto_build: xsltproc --nonet \ --param make.year.ranges 1 \ --param make.single.year.ranges 1 \ --param man.charmap.use.subset 0 \ -o debian/ \ http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl \ debian/capnp.1.xml dh_auto_build override_dh_auto_clean: rm -f debian/capnp.1 dh_auto_clean debian/libcapnp-0.4.0.install0000664000000000000000000000021512316520250012777 0ustar usr/lib/*/libcapnp-0.4.0.so usr/lib/*/libcapnp-rpc-0.4.0.so usr/lib/*/libcapnpc-*.so usr/lib/*/libkj-0.4.0.so usr/lib/*/libkj-async-0.4.0.so debian/watch0000664000000000000000000000015712253376206010232 0ustar version=3 http://kentonv.github.io/capnproto/install.html http://capnproto.org/capnproto-c\+\+-(.+)\.tar\.gz debian/compat0000664000000000000000000000000212316520153010364 0ustar 9 debian/capnp.1.xml0000664000000000000000000002505712253376206011171 0ustar ]> &dhtitle; &dhpackage; &dhfirstname; &dhsurname; Wrote this manpage for the Debian system.
&dhemail;
2013 &dhusername; This manual page was written for the Debian system (and may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or (at your option) any later version published by the Free Software Foundation. On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. &dhucpackage; &dhsection; &dhpackage; compiler for Cap'n Proto data interchange format definition files &dhpackage; <options> <command> <args> &dhpackage; id &dhpackage; DESCRIPTION This manual page documents briefly the &dhpackage; command. It was written for the Debian distribution because the original program does not have a manual page. &dhpackage; is wrapper for various tools used to manipulate the Cap'n Proto data interchange format. These tools include a definition file compiler, a C++ backend, a decoder for converting Cap'n Proto messages to text and a generator for Cap'n Proto definition IDs. OPTIONS The program follows the usual GNU command line syntax, with long options starting with two dashes (`-'). A summary of options is included below. Add DIR to the list of directories searched for non-relative imports (ones that start with a '/'). Do not add any default import paths; use only those specified by -I. Otherwise, typically /usr/include and /usr/local/include are added by default. Log informational messages to stderr; useful for debugging. Show summary of options. Show version of program. COMMANDS compile Compile Cap'n Proto schema files & generate corresponding source code in one or more languages. OPTIONS to the list of directories searched for non-relative imports (ones that start with a '/'). ]]> in directory (default: current directory). actually specifies a plugin to use. If is a simple word, the compiler for a plugin called 'capnpc-' in $PATH. If is a file path containing slashes, it is interpreted as the exact plugin executable file name, and $PATH is not searched. ]]> , remove the prefix for the purpose of deciding the names of output files. For example, the following command: capnp --src-prefix=foo/bar -oc++:corge foo/bar/baz/qux.capnp would generate the files corge/baz/qux.capnp.{h,c++}. ]]> decode Decodes one or more encoded Cap'n Proto messages as text. Messages are read from standard input and by default are expected to be in standard Cap'n Proto serialization format. OPTIONS Add <dir> to the list of directories searched for non-relative imports (ones that start with a '/'). Interpret the input as one large single-segment message rather than a stream in standard serialization format. Do not add any default import paths; use only those specified by -I. Otherwise, typically /usr/include and /usr/local/include are added by default. Expect the input to be packed using standard Cap'n Proto packing, which deflates zero-valued bytes. Print in short (non-pretty) format. Each message will be printed on one line, without using whitespace to improve readability. id Generates a unique identifier for Cap'n Proto schema files. SEE ALSO More documentation about Cap'n Proto is available online at . debian/docs0000664000000000000000000000001312253376206010043 0ustar README.txt debian/libcapnp-0.4.0.shlibs0000664000000000000000000000023312253377450012631 0ustar libcapnp 0.4.0 libcapnp-0.4.0 libcapnp-rpc 0.4.0 libcapnp-0.4.0 libcapnpc 0.4.0 libcapnp-0.4.0 libkj 0.4.0 libcapnp-0.4.0 libkj-async 0.4.0 libcapnp-0.4.0 debian/capnproto.links0000664000000000000000000000025712253376206012251 0ustar usr/share/man/man1/capnp.1 usr/share/man/man1/capnpc.1 usr/share/man/man1/capnp.1 usr/share/man/man1/capnpc-c++.1 usr/share/man/man1/capnp.1 usr/share/man/man1/capnpc-capnp.1