CamberLoid

libTIFF / High Severity

It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. (CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799)

It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804)

---

squashfs-tools / TBA

CamberLoid

计划表！

• 写论文 ETA 5.2
  • 绪论
  • 基础知识
  • 方案描述
    • 代码描述
    • 测试结果：和集成测试一起写
• 写客户端Lib ETA 4.23
• Core Library 95%

CamberLoid

diff --git a/hardinfo/util.c b/hardinfo/util.c
index 38c7bce..0f02afb 100644
--- a/hardinfo/util.c
+++ b/hardinfo/util.c
@@ -962,11 +962,21 @@ static GSList *modules_load(gchar ** module_list)
     dir = g_dir_open(filename, 0, NULL);
     g_free(filename);
 
+    /***
+     * g_module_open("benchmark.so"/"computer.so") failed due to some undefined

CamberLoid

[?25l[?7l             .:+syhhhhys+:.
         .ohNMMMMMMMMMMMMMMNho.
      `+mMMMMMMMMMMmdmNMMMMMMMMm+`
     +NMMMMMMMMMMMM/   `./smMMMMMN+
   .mMMMMMMMMMMMMMMo        -yMMMMMm.
  :NMMMMMMMMMMMMMMMs          .hMMMMN:
 .NMMMMhmMMMMMMMMMMm+/-         oMMMMN.
 dMMMMs  ./ymMMMMMMMMMMNy.       sMMMMd
-MMMMN`      oMMMMMMMMMMMN:      `NMMMM-
/MMMMh       NMMMMMMMMMMMMm       hMMMM/

CamberLoid

[?25l[?7l             .:+syhhhhys+:.
         .ohNMMMMMMMMMMMMMMNho.
      `+mMMMMMMMMMMmdmNMMMMMMMMm+`
     +NMMMMMMMMMMMM/   `./smMMMMMN+
   .mMMMMMMMMMMMMMMo        -yMMMMMm.
  :NMMMMMMMMMMMMMMMs          .hMMMMN:
 .NMMMMhmMMMMMMMMMMm+/-         oMMMMN.
 dMMMMs  ./ymMMMMMMMMMMNy.       sMMMMd
-MMMMN`      oMMMMMMMMMMMN:      `NMMMM-
/MMMMh       NMMMMMMMMMMMMm       hMMMM/

CamberLoid

=========================================
   maxima 5.46.0: tests/test-suite.log
=========================================

# TOTAL: 1
# PASS:  0
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0

CamberLoid

=========================================
   maxima 5.46.0: tests/test-suite.log
=========================================

# TOTAL: 1
# PASS:  0
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0

CamberLoid

Some Questions

1. Should the manual introduce a new unprivileged user to perform tests?

• Some unit tests is not able to be processed as root, and some do the contrary.
• If introduced, whether AB3 or buildkit would provide the user?

2. Should enabling the test alternate the normal process of acbs?

• E.g. , if test is enabled, QA check will not be performed, or the final .deb package will not be produced;
  • Maybe, if tests are enabled, QA error may not stop the autobuild, but make build/{80-pm_pack,90-pm_install,99-pm_archive}.sh not to be executed.
• Tests may generate unnecessary executable files, and may be packaged in to $PKGDIR if ABTYPE is set other than self;
• Performing tests between build/90-pm_install.sh and 99-pm_archive.sh might be a solution, but needs more discussion. (Assuming all tests are executed inside a container)

CamberLoid

'''
如果无法定位可以将第19行改成
loc = {
    'lat': 纬度,
    'lng': 经度,
}
'''

import requests
import json

CamberLoid

{
    "characters":[
        "Hikari","Tairitsu","Kou","Sapphire",
        "Lethe","不知道","不知道","不知道","不知道"
        ,"Hikari&Fisica","Ilith","Eto","Luna","Shirabe","Hikari(Zero)",
        "不知道","不知道","不知道","不知道","不知道","不知道","不知道","不知道","不知道","不知道","不知道","不知道","不知道","不知道","不知道","不知道","不知道","不知道","不知道"
    ],
    "clear_type":[],
    "modifier":[],
    "difficulty":["PST","PRS","FTR"],