Package: release.debian.org Severity: normal Tags: stretch User: [email protected] Usertags: pu
Dear Release Team, I have just uploaded libsolv/0.6.24-1+deb9u2 to stretch... + * debian/patches: + + CVE-2019-20387: Add 0001_CVE-2019-20387.patch. Resolves heap-based + buffer over-read in repodata.c (Closes: #949611). -> ... fixing CVE-2019-20387. + + Trivial rebase of patches 1004, 1006 and 2001. -> ... and fixing line numbers in patchs 1004, 1006, and 2001. Greets, Mike -- System Information: Debian Release: 10.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
diff -Nru libsolv-0.6.24/debian/changelog libsolv-0.6.24/debian/changelog --- libsolv-0.6.24/debian/changelog 2017-09-18 17:33:32.000000000 +0200 +++ libsolv-0.6.24/debian/changelog 2020-01-30 18:49:35.000000000 +0100 @@ -1,3 +1,12 @@ +libsolv (0.6.24-1+deb9u2) stretch; urgency=medium + + * debian/patches: + + CVE-2019-20387: Add 0001_CVE-2019-20387.patch. Resolves heap-based + buffer over-read in repodata.c (Closes: #949611). + + Trivial rebase of patches 1004, 1006 and 2001. + + -- Mike Gabriel <[email protected]> Thu, 30 Jan 2020 18:49:35 +0100 + libsolv (0.6.24-1+deb9u1) stretch; urgency=medium * debian/control: diff -Nru libsolv-0.6.24/debian/patches/0001_CVE-2019-20387.patch libsolv-0.6.24/debian/patches/0001_CVE-2019-20387.patch --- libsolv-0.6.24/debian/patches/0001_CVE-2019-20387.patch 1970-01-01 01:00:00.000000000 +0100 +++ libsolv-0.6.24/debian/patches/0001_CVE-2019-20387.patch 2020-01-30 18:49:35.000000000 +0100 @@ -0,0 +1,32 @@ +From fdb9c9c03508990e4583046b590c30d958f272da Mon Sep 17 00:00:00 2001 +From: Zhipeng Xie <[email protected]> +Date: Tue, 6 Aug 2019 09:50:57 +0800 +Subject: [PATCH] repodata_schema2id: fix heap-buffer-overflow in memcmp + +When the length of last schema in data->schemadata is +less than length of input schema, we got a read overflow +in asan test. + +Signed-off-by: Zhipeng Xie <[email protected]> +--- + src/repodata.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/src/repodata.c ++++ b/src/repodata.c +@@ -205,11 +205,13 @@ + cid = schematahash[h]; + if (cid) + { +- if (!memcmp(data->schemadata + data->schemata[cid], schema, len * sizeof(Id))) ++ if ((data->schemata[cid] + len <= data->schemadatalen) && ++ !memcmp(data->schemadata + data->schemata[cid], schema, len * sizeof(Id))) + return cid; + /* cache conflict, do a slow search */ + for (cid = 1; cid < data->nschemata; cid++) +- if (!memcmp(data->schemadata + data->schemata[cid], schema, len * sizeof(Id))) ++ if ((data->schemata[cid] + len <= data->schemadatalen) && ++ !memcmp(data->schemadata + data->schemata[cid], schema, len * sizeof(Id))) + return cid; + } + /* a new one */ diff -Nru libsolv-0.6.24/debian/patches/1004_cmake-module-path-fix.patch libsolv-0.6.24/debian/patches/1004_cmake-module-path-fix.patch --- libsolv-0.6.24/debian/patches/1004_cmake-module-path-fix.patch 2017-09-18 17:31:26.000000000 +0200 +++ libsolv-0.6.24/debian/patches/1004_cmake-module-path-fix.patch 2020-01-30 18:49:35.000000000 +0100 @@ -11,7 +11,7 @@ OPTION (ENABLE_STATIC "Build a static version of the libraries?" OFF) OPTION (DISABLE_SHARED "Do not build a shared version of the libraries?" OFF) -@@ -71,7 +71,7 @@ +@@ -70,7 +70,7 @@ # where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is checked SET (CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake/modules) diff -Nru libsolv-0.6.24/debian/patches/1006_various-types.patch libsolv-0.6.24/debian/patches/1006_various-types.patch --- libsolv-0.6.24/debian/patches/1006_various-types.patch 2017-09-18 17:31:26.000000000 +0200 +++ libsolv-0.6.24/debian/patches/1006_various-types.patch 2020-01-30 18:49:35.000000000 +0100 @@ -120,7 +120,7 @@ FOR_PROVIDES(p, pp, s->name) --- a/src/solver.h +++ b/src/solver.h -@@ -149,10 +149,10 @@ +@@ -143,10 +143,10 @@ * Solver configuration *-------------------------------------------------------------------------------------------------------------*/ @@ -135,7 +135,7 @@ int allowuninstall; /* allow removal of installed solvables */ int noupdateprovide; /* true: update packages needs not to provide old package */ int needupdateprovide; /* true: update packages must provide old package */ -@@ -172,10 +172,10 @@ +@@ -167,10 +167,10 @@ Map dupmap; /* dup these packages*/ int dupmap_all; /* dup all packages */ Map dupinvolvedmap; /* packages involved in dup process */ diff -Nru libsolv-0.6.24/debian/patches/2001_build-for-SUSE-and-find-rpmdb.patch libsolv-0.6.24/debian/patches/2001_build-for-SUSE-and-find-rpmdb.patch --- libsolv-0.6.24/debian/patches/2001_build-for-SUSE-and-find-rpmdb.patch 2017-09-18 17:31:26.000000000 +0200 +++ libsolv-0.6.24/debian/patches/2001_build-for-SUSE-and-find-rpmdb.patch 2020-01-30 18:49:35.000000000 +0100 @@ -14,7 +14,7 @@ --- a/ext/repo_rpmdb.c +++ b/ext/repo_rpmdb.c -@@ -32,7 +32,7 @@ +@@ -34,7 +34,7 @@ #include <rpm/rpmdb.h> #ifndef DB_CREATE diff -Nru libsolv-0.6.24/debian/patches/series libsolv-0.6.24/debian/patches/series --- libsolv-0.6.24/debian/patches/series 2017-09-18 17:31:26.000000000 +0200 +++ libsolv-0.6.24/debian/patches/series 2020-01-30 18:49:35.000000000 +0100 @@ -1,3 +1,4 @@ 1004_cmake-module-path-fix.patch 1006_various-types.patch 2001_build-for-SUSE-and-find-rpmdb.patch +0001_CVE-2019-20387.patch
