Bug#950281: marked as done (stretch-pu: package libsolv/0.6.24-1+deb9u2)

Debian Bug Tracking System Sat, 08 Feb 2020 06:39:55 -0800

Your message dated Sat, 08 Feb 2020 14:23:35 +0000
with message-id 
<a894a0233c2d264936953d7a69507573c4a5742a.ca...@adam-barratt.org.uk>
and subject line Closing bugs included in 9.12
has caused the Debian Bug report #950281,
regarding stretch-pu: package libsolv/0.6.24-1+deb9u2
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
950281: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950281
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: stretch
User: [email protected]
Usertags: pu

Dear Release Team,

I have just uploaded libsolv/0.6.24-1+deb9u2 to stretch...

+  * debian/patches:
+    + CVE-2019-20387: Add 0001_CVE-2019-20387.patch. Resolves heap-based
+      buffer over-read in repodata.c (Closes: #949611).

  -> ... fixing CVE-2019-20387.

+    + Trivial rebase of patches 1004, 1006 and 2001.

  -> ... and fixing line numbers in patchs 1004, 1006, and 2001.

Greets,
Mike

-- System Information:
Debian Release: 10.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru libsolv-0.6.24/debian/changelog libsolv-0.6.24/debian/changelog
--- libsolv-0.6.24/debian/changelog     2017-09-18 17:33:32.000000000 +0200
+++ libsolv-0.6.24/debian/changelog     2020-01-30 18:49:35.000000000 +0100
@@ -1,3 +1,12 @@
+libsolv (0.6.24-1+deb9u2) stretch; urgency=medium
+
+  * debian/patches:
+    + CVE-2019-20387: Add 0001_CVE-2019-20387.patch. Resolves heap-based
+      buffer over-read in repodata.c (Closes: #949611).
+    + Trivial rebase of patches 1004, 1006 and 2001.
+
+ -- Mike Gabriel <[email protected]>  Thu, 30 Jan 2020 18:49:35 +0100
+
 libsolv (0.6.24-1+deb9u1) stretch; urgency=medium
 
   * debian/control:
diff -Nru libsolv-0.6.24/debian/patches/0001_CVE-2019-20387.patch 
libsolv-0.6.24/debian/patches/0001_CVE-2019-20387.patch
--- libsolv-0.6.24/debian/patches/0001_CVE-2019-20387.patch     1970-01-01 
01:00:00.000000000 +0100
+++ libsolv-0.6.24/debian/patches/0001_CVE-2019-20387.patch     2020-01-30 
18:49:35.000000000 +0100
@@ -0,0 +1,32 @@
+From fdb9c9c03508990e4583046b590c30d958f272da Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <[email protected]>
+Date: Tue, 6 Aug 2019 09:50:57 +0800
+Subject: [PATCH] repodata_schema2id: fix heap-buffer-overflow in memcmp
+
+When the length of last schema in data->schemadata is
+less than length of input schema, we got a read overflow
+in asan test.
+
+Signed-off-by: Zhipeng Xie <[email protected]>
+---
+ src/repodata.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/src/repodata.c
++++ b/src/repodata.c
+@@ -205,11 +205,13 @@
+   cid = schematahash[h];
+   if (cid)
+     {
+-      if (!memcmp(data->schemadata + data->schemata[cid], schema, len * 
sizeof(Id)))
++      if ((data->schemata[cid] + len <= data->schemadatalen) &&
++                        !memcmp(data->schemadata + data->schemata[cid], 
schema, len * sizeof(Id)))
+         return cid;
+       /* cache conflict, do a slow search */
+       for (cid = 1; cid < data->nschemata; cid++)
+-        if (!memcmp(data->schemadata + data->schemata[cid], schema, len * 
sizeof(Id)))
++        if ((data->schemata[cid] + len <= data->schemadatalen) &&
++                              !memcmp(data->schemadata + data->schemata[cid], 
schema, len * sizeof(Id)))
+           return cid;
+     }
+   /* a new one */
diff -Nru libsolv-0.6.24/debian/patches/1004_cmake-module-path-fix.patch 
libsolv-0.6.24/debian/patches/1004_cmake-module-path-fix.patch
--- libsolv-0.6.24/debian/patches/1004_cmake-module-path-fix.patch      
2017-09-18 17:31:26.000000000 +0200
+++ libsolv-0.6.24/debian/patches/1004_cmake-module-path-fix.patch      
2020-01-30 18:49:35.000000000 +0100
@@ -11,7 +11,7 @@
  
  OPTION (ENABLE_STATIC "Build a static version of the libraries?" OFF)
  OPTION (DISABLE_SHARED "Do not build a shared version of the libraries?" OFF)
-@@ -71,7 +71,7 @@
+@@ -70,7 +70,7 @@
  
  # where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is 
checked
  SET (CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake/modules)
diff -Nru libsolv-0.6.24/debian/patches/1006_various-types.patch 
libsolv-0.6.24/debian/patches/1006_various-types.patch
--- libsolv-0.6.24/debian/patches/1006_various-types.patch      2017-09-18 
17:31:26.000000000 +0200
+++ libsolv-0.6.24/debian/patches/1006_various-types.patch      2020-01-30 
18:49:35.000000000 +0100
@@ -120,7 +120,7 @@
          FOR_PROVIDES(p, pp, s->name)
 --- a/src/solver.h
 +++ b/src/solver.h
-@@ -149,10 +149,10 @@
+@@ -143,10 +143,10 @@
     * Solver configuration
     
*-------------------------------------------------------------------------------------------------------------*/
  
@@ -135,7 +135,7 @@
    int allowuninstall;                 /* allow removal of installed solvables 
*/
    int noupdateprovide;                        /* true: update packages needs 
not to provide old package */
    int needupdateprovide;              /* true: update packages must provide 
old package */
-@@ -172,10 +172,10 @@
+@@ -167,10 +167,10 @@
    Map dupmap;                         /* dup these packages*/
    int dupmap_all;                     /* dup all packages */
    Map dupinvolvedmap;                 /* packages involved in dup process */
diff -Nru 
libsolv-0.6.24/debian/patches/2001_build-for-SUSE-and-find-rpmdb.patch 
libsolv-0.6.24/debian/patches/2001_build-for-SUSE-and-find-rpmdb.patch
--- libsolv-0.6.24/debian/patches/2001_build-for-SUSE-and-find-rpmdb.patch      
2017-09-18 17:31:26.000000000 +0200
+++ libsolv-0.6.24/debian/patches/2001_build-for-SUSE-and-find-rpmdb.patch      
2020-01-30 18:49:35.000000000 +0100
@@ -14,7 +14,7 @@
 
 --- a/ext/repo_rpmdb.c
 +++ b/ext/repo_rpmdb.c
-@@ -32,7 +32,7 @@
+@@ -34,7 +34,7 @@
  #include <rpm/rpmdb.h>
  
  #ifndef DB_CREATE
diff -Nru libsolv-0.6.24/debian/patches/series 
libsolv-0.6.24/debian/patches/series
--- libsolv-0.6.24/debian/patches/series        2017-09-18 17:31:26.000000000 
+0200
+++ libsolv-0.6.24/debian/patches/series        2020-01-30 18:49:35.000000000 
+0100
@@ -1,3 +1,4 @@
 1004_cmake-module-path-fix.patch
 1006_various-types.patch
 2001_build-for-SUSE-and-find-rpmdb.patch
+0001_CVE-2019-20387.patch

--- End Message ---

--- Begin Message ---

Package: release.debian.org
Version: 9.12

Hi,

Each of the uploads referred to by these bugs was included in today's
oldstable point release.

Regards,

Adam

--- End Message ---

Bug#950281: marked as done (stretch-pu: package libsolv/0.6.24-1+deb9u2)

Reply via email to