Package: release.debian.org Severity: normal Tags: wheezy User: [email protected] Usertags: pu
I would like to update the gnustep-base package in wheezy to fix CVE-2014-2980 (user security hole, medium severity, no DSA) and probably more importantly RC bug #753603. Both patches are from upstream, and I've been testing them on a wheezy system for a few weeks with no ill effects. Proposed debdiff against the version in stable attached.
diff --git a/debian/changelog b/debian/changelog index 598d7bc..b0513e0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +gnustep-base (1.22.1-4+deb7u1) wheezy; urgency=medium + + * debian/patches/CVE-2014-2980.patch: New; fixes user security hole in + gdomap (Closes: #745470). + * debian/patches/performSelector-forwarding.patch: New; fixes regression + in -performSelector: with message forwarding (Closes: #753603). + * debian/patches/series: Update. + + -- Yavor Doganov <[email protected]> Wed, 19 Nov 2014 19:25:07 +0200 + gnustep-base (1.22.1-4) unstable; urgency=low * debian/rules (build-arch): Depend on the patch target to ensure that diff --git a/debian/patches/CVE-2014-2980.patch b/debian/patches/CVE-2014-2980.patch new file mode 100644 index 0000000..579ded4 --- /dev/null +++ b/debian/patches/CVE-2014-2980.patch @@ -0,0 +1,72 @@ +Description: Fix user security hole in gdomap (CVE-2014-2980). +Bug: https://savannah.gnu.org/bugs/?41751 +Bug-Debian: https://bugs.debian.org/745470 +Origin: upstream, commit: r37756 +Last-Update: 2014-11-19 +--- + +--- gnustep-base.orig/Tools/gdomap.c ++++ gnustep-base/Tools/gdomap.c +@@ -279,7 +279,7 @@ + + #if defined(HAVE_SYSLOG) + +-static int log_priority; ++static int log_priority = 0; + + static void + gdomap_log (int prio) +@@ -4417,16 +4417,7 @@ + const char *machine = 0; + const char *lookupf = 0; + int donamesf = 0; +- +-#if defined(HAVE_SYSLOG) +- /* Initially, gdomap_log errors to stderr as well as to syslogd. */ +-#if defined(SYSLOG_4_2) +- openlog ("gdomap", LOG_NDELAY); +- log_priority = LOG_DAEMON; +-#else +- openlog ("gdomap", LOG_NDELAY, LOG_DAEMON); +-#endif +-#endif ++ int forked = 0; + + #if defined(__MINGW__) + WORD wVersionRequested; +@@ -4778,7 +4769,6 @@ + #else + if (nofork == 0) + { +- is_daemon = 1; + /* + * Now fork off child process to run in background. + */ +@@ -4792,6 +4782,7 @@ + /* + * Try to run in background. + */ ++ forked = 1; + #if defined(NeXT) + setpgrp(0, getpid()); + #else +@@ -4851,6 +4842,19 @@ + + #endif /* !__MINGW__ */ + ++ if (forked) ++ { ++ is_daemon = 1; ++#if defined(HAVE_SYSLOG) ++#if defined(SYSLOG_4_2) ++ openlog ("gdomap", LOG_NDELAY); ++ log_priority = LOG_DAEMON; ++#else ++ openlog ("gdomap", LOG_NDELAY, LOG_DAEMON); ++#endif ++#endif ++ } ++ + init_my_port(); /* Determine port to listen on. */ + init_ports(); /* Create ports to handle requests. */ + diff --git a/debian/patches/performSelector-forwarding.patch b/debian/patches/performSelector-forwarding.patch new file mode 100644 index 0000000..3b4be34 --- /dev/null +++ b/debian/patches/performSelector-forwarding.patch @@ -0,0 +1,99 @@ +Description: Fix regression in -performSelector: with message forwarding. +Bug: https://savannah.gnu.org/bugs/?36706 +Bug-Debian: https://bugs.debian.org/753603 +Origin: upstream, commit: r35278, r35279 +Last-Update: 2014-11-19 +--- + +--- gnustep-base.orig/Source/GSFFIInvocation.m ++++ gnustep-base/Source/GSFFIInvocation.m +@@ -185,6 +185,14 @@ + } + if (nil == sig) + { ++ if (nil == receiver) ++ { ++ /* If we have a nil receiver, so the runtime is probably trying ++ * to check for forwarding ... return NULL to let it fall back ++ * on the standard forwarding mechanism. ++ */ ++ return NULL; ++ } + [NSException raise: NSInvalidArgumentException + format: @"%c[%s %s]: unrecognized selector sent to instance %p", + (class_isMetaClass(c) ? '+' : '-'), +--- gnustep-base.orig/Source/NSObject.m ++++ gnustep-base/Source/NSObject.m +@@ -1448,13 +1448,15 @@ + if (aSelector == 0) + [NSException raise: NSInvalidArgumentException + format: @"%@ null selector given", NSStringFromSelector(_cmd)]; +- /* +- * If 'self' is an instance, object_getClass() will get the class, +- * and class_getMethodImplementation() will get the instance method. +- * If 'self' is a class, object_getClass() will get the meta-class, +- * and class_getMethodImplementation() will get the class method. ++ /* The Apple runtime API would do: ++ * return class_getMethodImplementation(object_getClass(self), aSelector); ++ * but this cannot ask self for information about any method reached by ++ * forwarding, so the returned forwarding function would ge a generic one ++ * rather than one aware of hardware issues with returning structures ++ * and floating points. We therefore prefer the GNU API which is able to ++ * use forwarding callbacks to get better type information. + */ +- return class_getMethodImplementation(object_getClass(self), aSelector); ++ return objc_msg_lookup(self, aSelector); + } + + /** +@@ -1837,7 +1839,15 @@ + [NSException raise: NSInvalidArgumentException + format: @"%@ null selector given", NSStringFromSelector(_cmd)]; + +- msg = class_getMethodImplementation(object_getClass(self), aSelector); ++ /* The Apple runtime API would do: ++ * msg = class_getMethodImplementation(object_getClass(self), aSelector); ++ * but this cannot ask self for information about any method reached by ++ * forwarding, so the returned forwarding function would ge a generic one ++ * rather than one aware of hardware issues with returning structures ++ * and floating points. We therefore prefer the GNU API which is able to ++ * use forwarding callbacks to get better type information. ++ */ ++ msg = objc_msg_lookup(self, aSelector); + if (!msg) + { + [NSException raise: NSGenericException +@@ -1862,7 +1872,15 @@ + [NSException raise: NSInvalidArgumentException + format: @"%@ null selector given", NSStringFromSelector(_cmd)]; + +- msg = class_getMethodImplementation(object_getClass(self), aSelector); ++ /* The Apple runtime API would do: ++ * msg = class_getMethodImplementation(object_getClass(self), aSelector); ++ * but this cannot ask self for information about any method reached by ++ * forwarding, so the returned forwarding function would ge a generic one ++ * rather than one aware of hardware issues with returning structures ++ * and floating points. We therefore prefer the GNU API which is able to ++ * use forwarding callbacks to get better type information. ++ */ ++ msg = objc_msg_lookup(self, aSelector); + if (!msg) + { + [NSException raise: NSGenericException +@@ -1890,7 +1908,15 @@ + [NSException raise: NSInvalidArgumentException + format: @"%@ null selector given", NSStringFromSelector(_cmd)]; + +- msg = class_getMethodImplementation(object_getClass(self), aSelector); ++ /* The Apple runtime API would do: ++ * msg = class_getMethodImplementation(object_getClass(self), aSelector); ++ * but this cannot ask self for information about any method reached by ++ * forwarding, so the returned forwarding function would ge a generic one ++ * rather than one aware of hardware issues with returning structures ++ * and floating points. We therefore prefer the GNU API which is able to ++ * use forwarding callbacks to get better type information. ++ */ ++ msg = objc_msg_lookup(self, aSelector); + if (!msg) + { + [NSException raise: NSGenericException diff --git a/debian/patches/series b/debian/patches/series index 40b23aa..a4818ee 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,5 @@ +performSelector-forwarding.patch +CVE-2014-2980.patch libobjc4.patch kfreebsd-fake-main.patch gnutls-deprecated.patch
