Control: tags 811046 + patch Hi
Find attached a proposed debdiff for the two issues #811046 and #811048 in claws-mail. I have not done any upload (to a delayed queue) yet. Regards, Salvatore
diff -Nru claws-mail-3.13.1/debian/changelog claws-mail-3.13.1/debian/changelog --- claws-mail-3.13.1/debian/changelog 2015-12-21 00:46:09.000000000 +0100 +++ claws-mail-3.13.1/debian/changelog 2016-01-15 08:46:59.000000000 +0100 @@ -1,3 +1,16 @@ +claws-mail (3.13.1-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add fix-bug-3584-After-3.13.1-characters-in-some-Japanes.patch. + Fixes "Characters in some Japanese codec are never correctly converted + to internal ones". (Closes: #811046) + * Add CVE-2015-8708.patch. + CVE-2015-8708: Incomplete fix for CVE-2015-8614. Adjusts and comments + range checks in JP text conversions. + Thanks to Ben Hutchings <[email protected]> (Closes: #811048) + + -- Salvatore Bonaccorso <[email protected]> Fri, 15 Jan 2016 08:46:03 +0100 + claws-mail (3.13.1-1) unstable; urgency=medium * New upstream release: diff -Nru claws-mail-3.13.1/debian/patches/CVE-2015-8708.patch claws-mail-3.13.1/debian/patches/CVE-2015-8708.patch --- claws-mail-3.13.1/debian/patches/CVE-2015-8708.patch 1970-01-01 01:00:00.000000000 +0100 +++ claws-mail-3.13.1/debian/patches/CVE-2015-8708.patch 2016-01-15 08:46:59.000000000 +0100 @@ -0,0 +1,50 @@ +From: Ben Hutchings <[email protected]> +Date: Tue, 12 Jan 2016 19:28:32 +0000 +Subject: Adjust and comment range checks in JP text conversions +Bug: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557 + +Two of the conversion functions may need more than 3 bytes to convert +the last character, so a limited buffer overrun is still possible. + +Bug #3557 / CVE-2015-8708 +--- +--- a/src/codeconv.c ++++ b/src/codeconv.c +@@ -158,7 +158,11 @@ static gint conv_jistoeuc(gchar *outbuf, + gchar *out = outbuf; + JISState state = JIS_ASCII; + +- while (*in != '\0' && (out - outbuf) < outlen - 3) { ++ /* ++ * Loop outputs up to 3 bytes in each pass (aux kanji) and we ++ * need 1 byte to terminate the output ++ */ ++ while (*in != '\0' && (out - outbuf) < outlen - 4) { + if (*in == ESC) { + in++; + if (*in == '$') { +@@ -294,7 +298,12 @@ static gint conv_euctojis(gchar *outbuf, + gchar *out = outbuf; + JISState state = JIS_ASCII; + +- while (*in != '\0' && (out - outbuf) < outlen - 3) { ++ /* ++ * Loop outputs up to 6 bytes in each pass (aux shift + aux ++ * kanji) and we need up to 4 bytes to terminate the output ++ * (ASCII shift + null) ++ */ ++ while (*in != '\0' && (out - outbuf) < outlen - 10) { + if (IS_ASCII(*in)) { + K_OUT(); + *out++ = *in++; +@@ -382,6 +391,10 @@ static gint conv_sjistoeuc(gchar *outbuf + const guchar *in = inbuf; + gchar *out = outbuf; + ++ /* ++ * Loop outputs up to 2 bytes in each pass and we need 1 byte ++ * to terminate the output ++ */ + while (*in != '\0' && (out - outbuf) < outlen - 3) { + if (IS_ASCII(*in)) { + *out++ = *in++; diff -Nru claws-mail-3.13.1/debian/patches/fix-bug-3584-After-3.13.1-characters-in-some-Japanes.patch claws-mail-3.13.1/debian/patches/fix-bug-3584-After-3.13.1-characters-in-some-Japanes.patch --- claws-mail-3.13.1/debian/patches/fix-bug-3584-After-3.13.1-characters-in-some-Japanes.patch 1970-01-01 01:00:00.000000000 +0100 +++ claws-mail-3.13.1/debian/patches/fix-bug-3584-After-3.13.1-characters-in-some-Japanes.patch 2016-01-15 08:46:59.000000000 +0100 @@ -0,0 +1,27 @@ +From e3ffcb455e0376053451ce968e6c71ef37708222 Mon Sep 17 00:00:00 2001 +From: Paul <[email protected]> +Date: Tue, 22 Dec 2015 11:17:02 +0000 +Subject: [PATCH] fix bug 3584, 'After 3.13.1, characters in some Japanese + codec are never correctly converted to internal ones' + +Thanks to [email protected] +--- + src/codeconv.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/codeconv.c b/src/codeconv.c +index 39e259f..f0ed616 100644 +--- a/src/codeconv.c ++++ b/src/codeconv.c +@@ -158,7 +158,7 @@ static gint conv_jistoeuc(gchar *outbuf, gint outlen, const gchar *inbuf) + gchar *out = outbuf; + JISState state = JIS_ASCII; + +- while (*in != '\0' && (out - outbuf) > outlen - 3) { ++ while (*in != '\0' && (out - outbuf) < outlen - 3) { + if (*in == ESC) { + in++; + if (*in == '$') { +-- +2.7.0.rc3 + diff -Nru claws-mail-3.13.1/debian/patches/series claws-mail-3.13.1/debian/patches/series --- claws-mail-3.13.1/debian/patches/series 2015-12-21 00:46:09.000000000 +0100 +++ claws-mail-3.13.1/debian/patches/series 2016-01-15 08:46:59.000000000 +0100 @@ -1,2 +1,4 @@ 11mark_trashed_as_read.patch 12fix_manpage_header.patch +fix-bug-3584-After-3.13.1-characters-in-some-Japanes.patch +CVE-2015-8708.patch
