Your message dated Tue, 09 Apr 2019 20:40:53 +0200
with message-id <[email protected]>
and subject line Re: unblock: libcaca/0.99.beta19-2.1
has caused the Debian Bug report #926734,
regarding unblock: libcaca/0.99.beta19-2.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
926734: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926734
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package libcaca
The new packages fixes 6 CVE's. (Bug #917807)
Thanks!
unblock libcaca/0.99.beta19-2.1
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru libcaca-0.99.beta19/debian/changelog
libcaca-0.99.beta19/debian/changelog
--- libcaca-0.99.beta19/debian/changelog 2014-06-02 22:39:11.000000000
+0200
+++ libcaca-0.99.beta19/debian/changelog 2019-04-06 22:18:41.000000000
+0200
@@ -1,3 +1,12 @@
+libcaca (0.99.beta19-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Cherry-Pick fixes from upstream git repository:
+ - CVE-2018-20545, CVE-2018-20546, CVE-2018-20547,CVE-2018-20548 and
+ CVE-2018-20549 (Closes: #917807)
+
+ -- Tobias Frost <[email protected]> Sat, 06 Apr 2019 22:18:41 +0200
+
libcaca (0.99.beta19-2) unstable; urgency=medium
* debian/patches/100_doxygen.diff: remove deprecated Doxygen variables.
diff -Nru libcaca-0.99.beta19/debian/patches/CVE-2018-20544.patch
libcaca-0.99.beta19/debian/patches/CVE-2018-20544.patch
--- libcaca-0.99.beta19/debian/patches/CVE-2018-20544.patch 1970-01-01
01:00:00.000000000 +0100
+++ libcaca-0.99.beta19/debian/patches/CVE-2018-20544.patch 2019-04-06
21:36:52.000000000 +0200
@@ -0,0 +1,45 @@
+From 84bd155087b93ab2d8d7cb5b1ac94ecd4cf4f93c Mon Sep 17 00:00:00 2001
+From: Sam Hocevar <[email protected]>
+Date: Sat, 29 Dec 2018 22:13:56 +0100
+Subject: [PATCH] dither: fix integer overflows that were causing a division by
+ zero.
+
+Fixes: #36 (CVE-2018-20544)
+---
+ caca/dither.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/caca/dither.c b/caca/dither.c
+index 04b678e0..c6ebab1b 100644
+--- a/caca/dither.c
++++ b/caca/dither.c
+@@ -991,10 +991,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int y,
int w, int h,
+ /* First get RGB */
+ if(d->antialias)
+ {
+- fromx = (x - x1) * w / deltax;
+- fromy = (y - y1) * h / deltay;
+- tox = (x - x1 + 1) * w / deltax;
+- toy = (y - y1 + 1) * h / deltay;
++ fromx = (uint64_t)(x - x1) * w / deltax;
++ fromy = (uint64_t)(y - y1) * h / deltay;
++ tox = (uint64_t)(x - x1 + 1) * w / deltax;
++ toy = (uint64_t)(y - y1 + 1) * h / deltay;
+
+ /* We want at least one pixel */
+ if(tox == fromx) tox++;
+@@ -1017,10 +1017,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int
y, int w, int h,
+ }
+ else
+ {
+- fromx = (x - x1) * w / deltax;
+- fromy = (y - y1) * h / deltay;
+- tox = (x - x1 + 1) * w / deltax;
+- toy = (y - y1 + 1) * h / deltay;
++ fromx = (uint64_t)(x - x1) * w / deltax;
++ fromy = (uint64_t)(y - y1) * h / deltay;
++ tox = (uint64_t)(x - x1 + 1) * w / deltax;
++ toy = (uint64_t)(y - y1 + 1) * h / deltay;
+
+ /* tox and toy can overflow the canvas, but they cannot overflow
+ * when averaged with fromx and fromy because these are guaranteed
diff -Nru libcaca-0.99.beta19/debian/patches/CVE-2018-20545+20547+20549.patch
libcaca-0.99.beta19/debian/patches/CVE-2018-20545+20547+20549.patch
--- libcaca-0.99.beta19/debian/patches/CVE-2018-20545+20547+20549.patch
1970-01-01 01:00:00.000000000 +0100
+++ libcaca-0.99.beta19/debian/patches/CVE-2018-20545+20547+20549.patch
2019-04-06 22:08:34.000000000 +0200
@@ -0,0 +1,34 @@
+Description: img2txt: fix an integer overflow in the BMP loader.
+Origin:
https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
+Forwarded: not-needed
+Applied-Upstream:
https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
+Last-Update: 2019-04-06
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/common-image.h
++++ b/src/common-image.h
+@@ -1,19 +1,19 @@
+ /*
+ * Imaging tools for cacaview and img2irc
+- * Copyright (c) 2003-2012 Sam Hocevar <[email protected]>
+- * All Rights Reserved
++ * Copyright (c) 2003-2018 Sam Hocevar <[email protected]>
++ * All Rights Reserved
+ *
+ * This program is free software. It comes without any warranty, to
+ * the extent permitted by applicable law. You can redistribute it
+ * and/or modify it under the terms of the Do What the Fuck You Want
+- * to Public License, Version 2, as published by Sam Hocevar. See
+- * http://www.wtfpl.net/ for more details.
++ * to Public License, Version 2, as published by the WTFPL Task Force.
++ * See http://www.wtfpl.net/ for more details.
+ */
+
+ struct image
+ {
+ char *pixels;
+- unsigned int w, h;
++ size_t w, h;
+ struct caca_dither *dither;
+ void *priv;
+ };
diff -Nru libcaca-0.99.beta19/debian/patches/CVE-2018-20546+20547.patch
libcaca-0.99.beta19/debian/patches/CVE-2018-20546+20547.patch
--- libcaca-0.99.beta19/debian/patches/CVE-2018-20546+20547.patch
1970-01-01 01:00:00.000000000 +0100
+++ libcaca-0.99.beta19/debian/patches/CVE-2018-20546+20547.patch
2019-04-06 21:39:32.000000000 +0200
@@ -0,0 +1,36 @@
+From 02a09ec9e5ed8981e7a810bfb6a0172dc24f0790 Mon Sep 17 00:00:00 2001
+From: Sam Hocevar <[email protected]>
+Date: Sun, 30 Dec 2018 13:18:27 +0100
+Subject: [PATCH] dither: fix integer multiplication overflow that caused
+ crashes.
+
+Fixes: #38 (CVE-2018-20546)
+Fixes: #39 (CVE-2018-20547)
+---
+ caca/dither.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/caca/dither.c b/caca/dither.c
+index c6ebab1b..b2e24e55 100644
+--- a/caca/dither.c
++++ b/caca/dither.c
+@@ -6,8 +6,8 @@
+ * This library is free software. It comes without any warranty, to
+ * the extent permitted by applicable law. You can redistribute it
+ * and/or modify it under the terms of the Do What the Fuck You Want
+- * to Public License, Version 2, as published by Sam Hocevar. See
+- * http://www.wtfpl.net/ for more details.
++ * to Public License, Version 2, as published by the WTFPL Task Force.
++ * See http://www.wtfpl.net/ for more details.
+ */
+
+ /*
+@@ -116,7 +116,7 @@ enum color_mode
+ struct caca_dither
+ {
+ int bpp, has_palette, has_alpha;
+- int w, h, pitch;
++ size_t w, h, pitch;
+ int rmask, gmask, bmask, amask;
+ int rright, gright, bright, aright;
+ int rleft, gleft, bleft, aleft;
diff -Nru libcaca-0.99.beta19/debian/patches/series
libcaca-0.99.beta19/debian/patches/series
--- libcaca-0.99.beta19/debian/patches/series 2014-05-16 21:30:34.000000000
+0200
+++ libcaca-0.99.beta19/debian/patches/series 2019-04-06 21:46:52.000000000
+0200
@@ -1,2 +1,5 @@
100_doxygen.diff
200_glut_header.diff
+CVE-2018-20544.patch
+CVE-2018-20545+20547+20549.patch
+CVE-2018-20546+20547.patch
--- End Message ---
--- Begin Message ---
Already unblocked, sorry for the noise.
(and thanks to the release team for the work!)
--- End Message ---
