Bug#950280: marked as done (buster-pu: package libsolv/0.6.35-2+deb10u1)

[Debian Bug Tracking System]

Your message dated Sat, 08 Feb 2020 14:21:36 +0000
with message-id 
<cf1cb2f35981916a86b98b83609df15c95aa378b.ca...@adam-barratt.org.uk>
and subject line Closing requests included in 10.3 point release
has caused the Debian Bug report #950280,
regarding buster-pu: package libsolv/0.6.35-2+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
950280: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950280
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu

Dear Release Team,

I have just uploaded libsolv/0.6.35-2+deb10u1 to buster.

+  * debian/patches:
+    + CVE-2019-20387: Add 0001_CVE-2019-20387.patch. Resolves heap-based buffer
+      over-read in repodata.c (Closes: #949611).

  -> ... fixing CVE-2019-20387.

+    + 1006_various-types.patch: Trivial rebase.
+

  -> ... and fixing lines in patch 1006.

Greets,
Mike


-- System Information:
Debian Release: 10.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru libsolv-0.6.35/debian/changelog libsolv-0.6.35/debian/changelog
--- libsolv-0.6.35/debian/changelog     2018-09-03 11:14:21.000000000 +0200
+++ libsolv-0.6.35/debian/changelog     2020-01-30 22:35:28.000000000 +0100
@@ -1,3 +1,12 @@
+libsolv (0.6.35-2+deb10u1) buster; urgency=medium
+
+  * debian/patches:
+    + CVE-2019-20387: Add 0001_CVE-2019-20387.patch. Resolves heap-based buffer
+      over-read in repodata.c (Closes: #949611).
+    + 1006_various-types.patch: Trivial rebase.
+
+ -- Mike Gabriel <mike.gabr...@das-netzwerkteam.de>  Thu, 30 Jan 2020 22:35:28 
+0100
+
 libsolv (0.6.35-2) unstable; urgency=medium
 
   * debian/changelog: White-space cleanup in previous stanza.
diff -Nru libsolv-0.6.35/debian/patches/0001_CVE-2019-20387.patch 
libsolv-0.6.35/debian/patches/0001_CVE-2019-20387.patch
--- libsolv-0.6.35/debian/patches/0001_CVE-2019-20387.patch     1970-01-01 
01:00:00.000000000 +0100
+++ libsolv-0.6.35/debian/patches/0001_CVE-2019-20387.patch     2020-01-30 
18:50:22.000000000 +0100
@@ -0,0 +1,32 @@
+From fdb9c9c03508990e4583046b590c30d958f272da Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipe...@huawei.com>
+Date: Tue, 6 Aug 2019 09:50:57 +0800
+Subject: [PATCH] repodata_schema2id: fix heap-buffer-overflow in memcmp
+
+When the length of last schema in data->schemadata is
+less than length of input schema, we got a read overflow
+in asan test.
+
+Signed-off-by: Zhipeng Xie <xiezhipe...@huawei.com>
+---
+ src/repodata.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/src/repodata.c
++++ b/src/repodata.c
+@@ -205,11 +205,13 @@
+   cid = schematahash[h];
+   if (cid)
+     {
+-      if (!memcmp(data->schemadata + data->schemata[cid], schema, len * 
sizeof(Id)))
++      if ((data->schemata[cid] + len <= data->schemadatalen) &&
++                        !memcmp(data->schemadata + data->schemata[cid], 
schema, len * sizeof(Id)))
+         return cid;
+       /* cache conflict, do a slow search */
+       for (cid = 1; cid < data->nschemata; cid++)
+-        if (!memcmp(data->schemadata + data->schemata[cid], schema, len * 
sizeof(Id)))
++        if ((data->schemata[cid] + len <= data->schemadatalen) &&
++                              !memcmp(data->schemadata + data->schemata[cid], 
schema, len * sizeof(Id)))
+           return cid;
+     }
+   /* a new one */
diff -Nru libsolv-0.6.35/debian/patches/1006_various-types.patch 
libsolv-0.6.35/debian/patches/1006_various-types.patch
--- libsolv-0.6.35/debian/patches/1006_various-types.patch      2018-08-20 
12:35:15.000000000 +0200
+++ libsolv-0.6.35/debian/patches/1006_various-types.patch      2020-01-30 
22:35:14.000000000 +0100
@@ -87,7 +87,7 @@
  *-l* 'PKGSPEC'::
 --- a/src/rules.c
 +++ b/src/rules.c
-@@ -1583,7 +1583,7 @@
+@@ -1607,7 +1607,7 @@
  
        if (allowedarchs.count && pool->implicitobsoleteusescolors && installed 
&& bestscore)
        {
diff -Nru libsolv-0.6.35/debian/patches/series 
libsolv-0.6.35/debian/patches/series
--- libsolv-0.6.35/debian/patches/series        2018-04-24 12:45:47.000000000 
+0200
+++ libsolv-0.6.35/debian/patches/series        2020-01-30 22:35:14.000000000 
+0100
@@ -1,2 +1,3 @@
 1004_cmake-module-path-fix.patch
 1006_various-types.patch
+0001_CVE-2019-20387.patch

--- End Message ---

--- Begin Message ---

Package: release.debian.org
Version: 10.3

Hi,

Each of the uploads referred to by these bugs was included in today's
stable point release.

Regards,

Adam

--- End Message ---