Review: thrift 0.23.0-1
New Package Report
.changes
| Architecture | source all amd64 |
|---|---|
| Distribution | experimental |
| Date | Fri, 01 May 2026 15:26:07 +0200 |
| Source | thrift |
| Version | 0.23.0-1 |
| Changed-By | Laszlo Boszormenyi (GCS) |
Changelog
thrift (0.23.0-1) experimental; urgency=medium
.
* New major upstream release (closes: #1135348):
- fixes CVE-2025-48431: mismatched memory management routines
vulnerability,
- fixes CVE-2026-41602: integer overflow or wraparound vulnerability,
- fixes CVE-2026-41603: improper validation of certificate with host
mismatch vulnerability,
- fixes CVE-2026-41606: uncontrolled recursion vulnerability,
- fixes CVE-2026-41607: out of bounds read vulnerability.
* Rename related packages to -0.23.0 suffix.
* Build without deprecated Qt5 (closes: #1133038).
* Update copyright file.
* Update watch file..dsc
| Section | devel |
|---|---|
| Priority | optional |
| Component | main |
| Package-List | golang-thrift-dev deb devel optional arch=all libthrift-0.23.0 deb libs optional arch=any libthrift-c-glib-dev deb libdevel optional arch=any libthrift-c-glib0t64 deb libs optional arch=any libthrift-dev deb libdevel optional arch=any libthrift-perl deb perl optional arch=all php-thrift deb php optional arch=any python3-thrift deb python optional arch=any thrift-compiler deb devel optional arch=any |
debian/copyright
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: thrift
Source: https://www.apache.org/dist/thrift
Files: *
Copyright: Copyright 2006- Apache Software Foundation
License: Apache-2.0
Files: aclocal/ax_boost_base.m4 aclocal/ax_check_openssl.m4 aclocal/ax_compare_version.m4 aclocal/ax_cxx_compile_stdcxx_11.m4 aclocal/ax_cxx_compile_stdcxx.m4 aclocal/ax_dmd.m4 aclocal/ax_javac_and_java.m4 aclocal/ax_lib_event.m4 aclocal/ax_lib_zlib.m4 aclocal/ax_prog_dotnetcore_version.m4 aclocal/ax_prog_haxe_version.m4 aclocal/ax_prog_perl_modules.m4 aclocal/ax_signed_right_shift.m4 aclocal/ax_thrift_internal.m4 contrib/fb303/acinclude.m4 contrib/fb303/aclocal/ax_boost_base.m4 contrib/fb303/aclocal/ax_cxx_compile_stdcxx_11.m4 contrib/fb303/aclocal/ax_javac_and_java.m4 contrib/fb303/aclocal/ax_thrift_internal.m4
Copyright: 2008 Benjamin Kosnik <bkoz@redhat.com>,
2008 Tim Toolan <toolan@ele.uri.edu>,
2008 Thomas Porschberg <thomas@randspringer.de>,
2009 David Reiss,
2009 Dean Povey <povey@wedgetail.com>,
2009 Facebook,
2009 Peter Adolphs,
2009,2010 Zmanda Inc. <http://www.zmanda.com/>,
2009,2010 Dustin J. Mitchell <dustin@zmanda.com>,
2009,2010 Zmanda Inc. <http://www.zmanda.com/>,
2011 David Nadlinger,
2012 Zack Weinberg <zackw@panix.com>,
2013 Roy Stogner <roystgnr@ices.utexas.edu>,
2014, 2015 Google Inc.; contributed by Alexey Sokolov <sokolov@google.com>,
2015 Jens Geyer <jensg@apache.org>,
2015 Moritz Klammler <moritz@klammler.eu>,
2015 Paul Norman <penorman@mac.com>,
2016, 2018 Krzesimir Nowak <qdlacz@gmail.com>
License: FSFAP
Copying and distribution of this file, with or without modification, are
permitted in any medium without royalty provided the copyright notice
and this notice are preserved. This file is offered as-is, without any
warranty.
Files: aclocal/ax_lua.m4
Copyright: 2014 Tim Perkins <tprk77@gmail.com>,
2015 Reuben Thomas <rrt@sc3d.org>
License: GPL3+-with-Autoconf-Macros-exception
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or (at
your option) any later version.
.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
.
You should have received a copy of the GNU General Public License version 3
along with this program; if not, see <https://www.gnu.org/licenses/>.
.
As a special exception, the respective Autoconf Macro's copyright
owner gives unlimited permission to copy, distribute and modify the
configure scripts that are the output of Autoconf when processing the
Macro. You need not follow the terms of the GNU General Public License
when using or distributing such scripts, even though portions of the
text of the Macro appear in them. The GNU General Public License (GPL)
does govern all other use of the material that constitutes the
Autoconf Macro.
.
This special exception to the GPL applies to versions of the Autoconf
Macro released by the GNU Autoconf Macro Archive. When you make and
distribute a modified version of the Autoconf Macro, you may extend
this special exception to the GPL to apply to your modified version as
well.
.
On Debian systems, the full text of the GNU General Public License version 3
can be found in the file `/usr/share/common-licenses/GPL-3'.
Files: aclocal/lt~obsolete.m4 aclocal/ltoptions.m4 aclocal/ltsugar.m4 aclocal/ltversion.m4 aclocal/tar.m4
Copyright: 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, Inc.
License: FSFULLR
This file is free software; the Free Software Foundation gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Files: aclocal.m4 aclocal/libtool.m4
Copyright: 1996-2001, 2003-2015 Free Software Foundation, Inc.,
2004 Scott James Remnant <scott@netsplit.com>,
2012-2015 Dan Nicholson <dbn.lists@gmail.com>
License: FSFULLR and/or GPL-2+ with Libtool exception
GNU Libtool is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
.
As a special exception to the GNU General Public License, if you
distribute this file as part of a program or library that is built
using GNU Libtool, you may include this file under the same
distribution terms that you use for the rest of that program.
.
GNU Libtool is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License version 2
along with this program. If not, see <http://www.gnu.org/licenses/>.
Files: configure
Copyright: 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, Inc.
License: FSFUL
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
Files: install-sh
Copyright: 1994 X Consortium
License: X11
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
.
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE X
CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
.
Except as contained in this notice, the name of the X Consortium shall not be
used in advertising or otherwise to promote the sale, use or other dealings in
this Software without prior written authorization from the X Consortium.
Files: ltmain.sh
Copyright: 1996-2015 Free Software Foundation, Inc.
License: GPL-2+ with Libtool exception
GNU Libtool is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
.
As a special exception to the GNU General Public License, if you
distribute this file as part of a program or library that is built
using GNU Libtool, you may include this file under the same
distribution terms that you use for the rest of that program.
.
GNU Libtool is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License version 2
along with this program. If not, see <http://www.gnu.org/licenses/>.
Files: compiler/cpp/tests/catch/catch.hpp
Copyright: 2012 Two Blue Cubes Ltd.
License: BSL-1.0
Boost Software License - Version 1.0 - August 17th, 2003
.
Permission is hereby granted, free of charge, to any person or organization
obtaining a copy of the software and accompanying documentation covered by
this license (the "Software") to use, reproduce, display, distribute,
execute, and transmit the Software, and to prepare derivative works of the
Software, and to permit third-parties to whom the Software is furnished to
do so, all subject to the following:
.
The copyright notices in the Software and this entire statement, including
the above license grant, this restriction and the following disclaimer,
must be included in all copies of the Software, in whole or in part, and
all derivative works of the Software, unless such copies or derivative
works are solely in the form of machine-executable object code generated by
a source language processor.
.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.
Files: build/cmake/FindGLIB.cmake
Copyright: Copyright (C) 2012 Raphael Kubo da Costa <rakuco@webkit.org>
License: BSD-2-Clause
All rights reserved.
.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
.
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Files: compiler/cpp/src/thrift/generate/t_cl_generator.cc
Copyright: 2006- Facebook,
2006- Apache Software Foundation,
2008- Patrick Collison <patrick@collison.ie>
License: Apache-2.0
Files: compiler/cpp/src/thrift/generate/t_html_generator.h
Copyright: 2012 Twitter, Inc.
License: Apache-2.0
Files: compiler/cpp/src/thrift/thrifty.cc compiler/cpp/src/thrift/thrifty.hh
Copyright: Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2021 Free Software Foundation, Inc.
License: GPL-3+ with Bison-2.2 exception
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License version 3
along with this program. If not, see <https://www.gnu.org/licenses/>.
.
As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
under terms of your choice, so long as that work isn't itself a
parser generator using the skeleton or a modified version thereof
as a parser skeleton. Alternatively, if you modify or redistribute
the parser skeleton itself, you may (at your option) remove this
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
Files: doc/licenses/otp-base-license.txt
Copyright: 2006 Martin J. Logan, Erlware
License: Expat
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
.
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Files: lib/cpp/src/thrift/windows/SocketPair.cpp
Copyright: 2007 by Nathan C. Myers <ncm@cantrip.org>
License: Apache-2.0 or FSFAP
Files: lib/php/src/ext/thrift_protocol/config.m4
Copyright: 2009 Facebook
License: Apache-2.0 or FSFAP
Files: lib/py/compat/win32/stdint.h
Copyright: 2006-2008 Alexander Chemeris
License: BSD-3-Clause
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
.
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
.
* Neither the name of Kitware, Inc. nor the names of Contributors
may be used to endorse or promote products derived from this
software without specific prior written permission.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Files: debian/*
Copyright: Copyright 2012-2014 Eric Evans <eevans@debian.org>,
Copyright 2014- Laszlo Boszormenyi (GCS) <gcs@debian.org>
License: GPL-2+
License: GPL-2+
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
.
You should have received a copy of the GNU General Public License version 2
along with this program. If not, see <https://www.gnu.org/licenses/>.
.
On Debian systems, the full text of the GNU General Public License version 2
can be found in the file `/usr/share/common-licenses/GPL-2'.
License: GPL-3+
This program is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option)
any later version.
.
This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License version 3
along with this program. If not, see <https://www.gnu.org/licenses/>.
.
On Debian systems, the full text of the GNU General Public License
version 3 can be found in the file `/usr/share/common-licenses/GPL-3'.
License: Apache-2.0
Licensed to the Apache Software Foundation (ASF) under one or more contributor
license agreements. The ASF licenses this work to You under the Apache License,
Version 2.0 (the "License"); you may not use this work except in compliance
with the License. You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
On Debian systems, the complete text of the Apache License Version 2.0
can be found in the file '/usr/share/common-licenses/Apache-2.0'.
License: FSFAP
Copying and distribution of this file, with or without modification, are
permitted in any medium without royalty provided the copyright notice
and this notice are preserved. This file is offered as-is, without any
warranty.
Review Information
accepted — allocated to mechtilde 1 hour ago, started 1 hour ago, completed 0 hours ago.
Final Comment
Other Reviews of this Package
| Version | Hash | Allocated | Completed | Reviewer | Status | Details |
|---|---|---|---|---|---|---|
| 0.23.0-1 | 148779b3… | 2026-05-02 14:17 | 2026-05-02 14:26 | mechtilde | rejected | VIEW |