Version in base suite: 20160919-1

Base version: fex_20160919-1
Target version: fex_20160919-2~deb10u1
Base file: /srv/ftp-master.debian.org/ftp/pool/non-free/f/fex/fex_20160919-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/non-free/f/fex/fex_20160919-2~deb10u1.dsc

 changelog                         |    6 ++++++
 htdocs.md5/20160919-2~deb10u1     |   31 +++++++++++++++++++++++++++++++
 patches/03_fexsrv_security.dpatch |   23 +++++++++++++++++++++++
 patches/series                    |    1 +
 4 files changed, 61 insertions(+)

diff: /srv/release.debian.org/tmp/EFEkFYpnM3/fex-20160919/htdocs/download/sex.stream: No such file or directory
diff: /srv/release.debian.org/tmp/d8c285Wx4f/fex-20160919/htdocs/download/sex.stream: No such file or directory
diff -Nru fex-20160919/debian/changelog fex-20160919/debian/changelog
--- fex-20160919/debian/changelog	2017-01-31 13:06:50.000000000 +0000
+++ fex-20160919/debian/changelog	2020-04-19 19:04:06.000000000 +0000
@@ -1,3 +1,9 @@
+fex (20160919-2~deb10u1) buster; urgency=high
+
+  * Security fix for fexsrv.
+
+ -- Kilian Krause <kilian@debian.org>  Sun, 19 Apr 2020 21:04:06 +0200
+
 fex (20160919-1) unstable; urgency=medium
 
   * New upstream version: 20160919
diff -Nru fex-20160919/debian/htdocs.md5/20160919-2~deb10u1 fex-20160919/debian/htdocs.md5/20160919-2~deb10u1
--- fex-20160919/debian/htdocs.md5/20160919-2~deb10u1	1970-01-01 00:00:00.000000000 +0000
+++ fex-20160919/debian/htdocs.md5/20160919-2~deb10u1	2020-04-19 19:04:06.000000000 +0000
@@ -0,0 +1,31 @@
+a5761011654f933b0f2592bade0f0cf2  htdocs/FAQ/FAQ.html
+43c12a5f61fa432b32e56f7eb9f7d274  htdocs/FAQ/admin.faq
+a5761011654f933b0f2592bade0f0cf2  htdocs/FAQ/admin.html
+a5761011654f933b0f2592bade0f0cf2  htdocs/FAQ/all.html
+48feac6c57bb0346662449600828ade5  htdocs/FAQ/faq.pl
+a5761011654f933b0f2592bade0f0cf2  htdocs/FAQ/index.html
+6f7e1a56ba9a8e5a42def936729e2089  htdocs/FAQ/local.faq
+a5761011654f933b0f2592bade0f0cf2  htdocs/FAQ/local.html
+ae3b907d32077f16db343420deb99085  htdocs/FAQ/meta.faq
+a5761011654f933b0f2592bade0f0cf2  htdocs/FAQ/meta.html
+096a73749cf98d0e4a7bd23fd2abd8d7  htdocs/FAQ/misc.faq
+a5761011654f933b0f2592bade0f0cf2  htdocs/FAQ/misc.html
+a4ee2ea62766f9058ea03fbf1978d955  htdocs/FAQ/user.faq
+a5761011654f933b0f2592bade0f0cf2  htdocs/FAQ/user.html
+f4170c5eb8993df5131b4ab44f5b43c1  htdocs/FAQ/xx.html
+1138eac0aa4fe737f61b70a804366ff6  htdocs/FAQ/xx.pl
+9e49d243ae3d9907a58a779e670bca07  htdocs/FAQ/zz.pl
+75c98f6197fdac1e1dea998b45e5a43d  htdocs/SEX.html
+1f3d7acc70377496f95c5adddaf4ca7b  htdocs/action-fex-camel.gif
+9518c02523c765d590465393659bfa13  htdocs/dynamic.html
+d41d8cd98f00b204e9800998ecf8427e  htdocs/favicon.ico
+1953b5f55c71f9c06fdcf7fbff0aeeaa  htdocs/fexit.html
+89cb3867b017f121ead5b7dc5f40a063  htdocs/fup_template.html
+356da43fcc98671da0ac1108b1ec885d  htdocs/index.html
+ad8a95bba8dd1a61d70bd38611bc2059  htdocs/logo.jpg
+32d5e517d3ba4600ee79fff3b09e9701  htdocs/macfexsend.html
+f71d20196d4caf35b6a670db8c70b03d  htdocs/robots.txt
+968a8facfcdd185ad696b86b67ec63ff  htdocs/small_logo.jpg
+f7d7cf2fb119ea3c0cf973ff8f21101e  htdocs/sup.html
+583c18d43b05cd8518a3a03af7ce1f57  htdocs/tools.html
+00fdb6e178cab29373eb1816bcf6dbcc  htdocs/users.html
diff -Nru fex-20160919/debian/patches/03_fexsrv_security.dpatch fex-20160919/debian/patches/03_fexsrv_security.dpatch
--- fex-20160919/debian/patches/03_fexsrv_security.dpatch	1970-01-01 00:00:00.000000000 +0000
+++ fex-20160919/debian/patches/03_fexsrv_security.dpatch	2020-04-19 19:04:06.000000000 +0000
@@ -0,0 +1,23 @@
+--- a/bin/fexsrv
++++ b/bin/fexsrv
+@@ -629,16 +629,16 @@ REQUEST: while (*STDIN) {
+ 
+       # special request for F*EX UNIX clients
+       if ($ENV{SCRIPT_NAME} eq 'xx.tar') {
+-        bintar(qw'fexget fexsend xx zz ezz');
++        #bintar(qw'fexget fexsend xx zz ezz');
+       }
+       if ($ENV{SCRIPT_NAME} eq 'sex.tar') {
+-        bintar(qw'sexsend sexget sexxx');
++        #bintar(qw'sexsend sexget sexxx');
+       }
+       if ($ENV{SCRIPT_NAME} eq 'afex.tar') {
+-        bintar(qw'afex asex fexget fexsend sexsend sexget');
++        #bintar(qw'afex asex fexget fexsend sexsend sexget');
+       }
+       if ($ENV{SCRIPT_NAME} eq 'afs.tar') {
+-        bintar(qw'afex asex fexget fexsend xx sexsend sexget sexxx zz ezz');
++        #bintar(qw'afex asex fexget fexsend xx sexsend sexget sexxx zz ezz');
+       }
+       # URL ends with ".html!" or ".html?!"
+       if ($doc =~ s/(\.html)!$/$1/ or
diff -Nru fex-20160919/debian/patches/series fex-20160919/debian/patches/series
--- fex-20160919/debian/patches/series	2017-01-31 13:06:50.000000000 +0000
+++ fex-20160919/debian/patches/series	2020-04-19 19:04:06.000000000 +0000
@@ -1,2 +1,3 @@
 01_xinetd.patch
 02_fex.ph_no_newrelease.patch
+03_fexsrv_security.dpatch