Source: kodi Followup-For: Bug #998419 X-Debbugs-Cc: [email protected] Hi Salvatore!
I have prepared the 2:19.1+dfsg2-3~deb11u1 upload in Salsa: https://salsa.debian.org/multimedia-team/kodi-media-center/kodi/-/tree/bullseye fixing the CVE for bullseye-pu with the debdiff attached. Vasyl -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-amd64 (SMP w/6 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: unable to detect
diff -Nru kodi-19.1+dfsg2/debian/changelog kodi-19.1+dfsg2/debian/changelog --- kodi-19.1+dfsg2/debian/changelog 2021-06-24 20:44:30.000000000 +0000 +++ kodi-19.1+dfsg2/debian/changelog 2021-11-04 09:17:25.000000000 +0000 @@ -1,3 +1,10 @@ +kodi (2:19.1+dfsg2-3~deb11u1) bullseye-updates; urgency=medium + + * Branch out bullseye + * Fix buffer overflow in PLS playlists (Closes: CVE-2021-42917) + + -- Vasyl Gello <[email protected]> Thu, 04 Nov 2021 09:17:25 +0000 + kodi (2:19.1+dfsg2-2) unstable; urgency=medium * Add runtime locale test and fallback (Closes: #989814) diff -Nru kodi-19.1+dfsg2/debian/control kodi-19.1+dfsg2/debian/control --- kodi-19.1+dfsg2/debian/control 2021-06-24 20:44:30.000000000 +0000 +++ kodi-19.1+dfsg2/debian/control 2021-11-04 09:17:25.000000000 +0000 @@ -107,7 +107,7 @@ Standards-Version: 4.5.1 Rules-Requires-Root: no Vcs-Browser: https://salsa.debian.org/multimedia-team/kodi-media-center/kodi -Vcs-Git: https://salsa.debian.org/multimedia-team/kodi-media-center/kodi.git +Vcs-Git: https://salsa.debian.org/multimedia-team/kodi-media-center/kodi.git -b bullseye Homepage: https://kodi.tv/ Package: kodi diff -Nru kodi-19.1+dfsg2/debian/gbp.conf kodi-19.1+dfsg2/debian/gbp.conf --- kodi-19.1+dfsg2/debian/gbp.conf 2021-06-24 20:44:30.000000000 +0000 +++ kodi-19.1+dfsg2/debian/gbp.conf 2021-11-04 09:17:25.000000000 +0000 @@ -3,3 +3,4 @@ [DEFAULT] filter = */.git* components = ["libdate-tz-embedded", "libdvdnav-embedded", "libdvdread-embedded"] +debian-branch = bullseye diff -Nru kodi-19.1+dfsg2/debian/patches/series kodi-19.1+dfsg2/debian/patches/series --- kodi-19.1+dfsg2/debian/patches/series 2021-06-24 20:44:30.000000000 +0000 +++ kodi-19.1+dfsg2/debian/patches/series 2021-11-04 09:17:25.000000000 +0000 @@ -42,3 +42,4 @@ cdatetime-std-chrono/0002-Use-Debian-tzdata.patch cdatetime-std-chrono/0003-Reinstate-date-library-Makefile.patch cdatetime-std-chrono/0004-date-library-crash-fix.patch +stable/CVE-2021-42917.patch diff -Nru kodi-19.1+dfsg2/debian/patches/stable/CVE-2021-42917.patch kodi-19.1+dfsg2/debian/patches/stable/CVE-2021-42917.patch --- kodi-19.1+dfsg2/debian/patches/stable/CVE-2021-42917.patch 1970-01-01 00:00:00.000000000 +0000 +++ kodi-19.1+dfsg2/debian/patches/stable/CVE-2021-42917.patch 2021-11-04 09:17:25.000000000 +0000 @@ -0,0 +1,35 @@ +From 80c8138c09598e88b4ddb6dbb279fa193bbb3237 Mon Sep 17 00:00:00 2001 +From: fuzzard <[email protected]> +Date: Tue, 12 Oct 2021 17:38:30 +1000 +Subject: [PATCH] [Playlist] dont use istream directly to a tinyxml structure + +Turn istream into a std::string to handle large buffers (#20305) +--- + xbmc/playlists/PlayListPLS.cpp | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/xbmc/playlists/PlayListPLS.cpp b/xbmc/playlists/PlayListPLS.cpp +index bc62a1fe7ad5b..17d6e491d25b6 100644 +--- a/xbmc/playlists/PlayListPLS.cpp ++++ b/xbmc/playlists/PlayListPLS.cpp +@@ -289,8 +289,9 @@ bool CPlayListASX::LoadData(std::istream& stream) + } + else + { ++ std::string asxstream(std::istreambuf_iterator<char>(stream), {}); + CXBMCTinyXML xmlDoc; +- stream >> xmlDoc; ++ xmlDoc.Parse(asxstream, TIXML_DEFAULT_ENCODING); + + if (xmlDoc.Error()) + { +@@ -300,6 +301,9 @@ bool CPlayListASX::LoadData(std::istream& stream) + + TiXmlElement *pRootElement = xmlDoc.RootElement(); + ++ if (!pRootElement) ++ return false; ++ + // lowercase every element + TiXmlNode *pNode = pRootElement; + TiXmlNode *pChild = NULL;
