Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock mcrypt (yeah, again). It fixes some more issues and enables hardening flags via dpkg's .mk unblock mcrypt/2.6.8-1.2 Thanks in advance. Cheers, Raphael Geissert
diff -u mcrypt-2.6.8/debian/rules mcrypt-2.6.8/debian/rules --- mcrypt-2.6.8/debian/rules +++ mcrypt-2.6.8/debian/rules @@ -2,6 +2,9 @@ # Sample debian/rules that uses debhelper. # This file is public domain software, originally written by Joey Hess. +DPKG_EXPORT_BUILDFLAGS=1 +-include /usr/share/dpkg/buildflags.mk + source-clean: @echo Running distclean if possible $(MAKE) distclean || true diff -u mcrypt-2.6.8/debian/changelog mcrypt-2.6.8/debian/changelog --- mcrypt-2.6.8/debian/changelog +++ mcrypt-2.6.8/debian/changelog @@ -1,3 +1,12 @@ +mcrypt (2.6.8-1.2) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix three other buffer overflows in check_file_head. + * Fix use of uninitialized data when no salt is used. + * Enable hardening flags. + + -- Raphael Geissert <[email protected]> Sat, 15 Sep 2012 13:40:02 -0500 + mcrypt (2.6.8-1.1) unstable; urgency=high * Non-maintainer upload by the Security Team. diff -u mcrypt-2.6.8/src/extra.c mcrypt-2.6.8/src/extra.c --- mcrypt-2.6.8/src/extra.c +++ mcrypt-2.6.8/src/extra.c @@ -223,7 +223,8 @@ } read_until_null(tmp_buf, fstream); - strcpy(algorithm, tmp_buf); + strncpy(algorithm, tmp_buf, 50); + algorithm[49] = '\0'; fread(&keylen, sizeof(short int), 1, fstream); #ifdef WORDS_BIGENDIAN @@ -233,10 +234,12 @@ #endif read_until_null(tmp_buf, fstream); - strcpy(mode, tmp_buf); + strncpy(mode, tmp_buf, 50); + mode[49] = '\0'; read_until_null(tmp_buf, fstream); - strcpy(keymode, tmp_buf); + strncpy(keymode, tmp_buf, 50); + keymode[49] = '\0'; fread(&sflag, 1, 1, fstream); if (m_getbit(6, flags) == 1) { /* if the salt bit is set */ if (m_getbit(0, sflag) != 0) { /* if the first bit is set */ only in patch2: unchanged: --- mcrypt-2.6.8.orig/src/classic.c +++ mcrypt-2.6.8/src/classic.c @@ -437,7 +437,7 @@ char tmp_buf[BUFFER_SIZE]; int how = 0; int i = 0; - int blocksize, crcsize, salt_size; + int blocksize, crcsize, salt_size = 0; MCRYPT td; int pid, buf_block, start; word32 *IV = NULL;
