Bug#892031: stretch-pu: package wayland/1.12.0-1

2018-11-10 Thread Héctor Orón Martínez 
Hello,

Missatge de Salvatore Bonaccorso  del dia dv., 9 de
nov. 2018 a les 6:57:

> Friendly ping, can you upload the fixed package? Unfortunately this
> will not make it for 9.6 but can then for 9.7.

I have uploaded the package.

Regards
-- 
 Héctor Orón  -.. . -... .. .- -.   -.. . ...- . .-.. --- .--. . .-.

Bug#892031: stretch-pu: package wayland/1.12.0-1

2018-11-08 Thread Salvatore Bonaccorso 
Hi Héctor,

On Sun, Aug 26, 2018 at 02:43:43PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On 2018-07-14 08:00, Salvatore Bonaccorso wrote:
> > Control: tags -1 - moreinfo
> > 
> > Hi Adam,
> > 
> > On Tue, Jul 03, 2018 at 08:55:44PM +0100, Adam D. Barratt wrote:
> > > Control: tags -1 + moreinfo
> > > 
> > > On Sun, 2018-03-04 at 12:42 +0100, Héctor Orón Martínez wrote:
> > > >   I would like to apply fix in stable for #889681.
> > > >
> > > 
> > > The metadata for that bug report suggests that it still applies to
> > > unstable, possibly because the current changelog is based on the
> > > experimental uploads and contains no reference to either the 1.14.0-2
> > > upload or #889681. Please confirm that the bug is actually fixed in
> > > unstable and fix up the metadata appropriately.
> > 
> > What I think what happened. The issue really was fixed with the
> > unstable upload as 1.14.0-2
> > https://tracker.debian.org/news/937846/accepted-wayland-1140-2-source-into-unstable/
> > 
> > A later 1.15.0-1 upload did though not merged in the debian/changelog
> > information from 1.14.0-2 and that got lost, which is probably what
> > confused the BTS version tracking then because 1.14.0-2 not anymore
> > known.
> 
> That's the conclusion I came to as well, but I was trying to prod Héctor
> towards fixing it. ;-) I see that you did so, thanks.
> 
> Please feel free to go ahead.

Friendly ping, can you upload the fixed package? Unfortunately this
will not make it for 9.6 but can then for 9.7.

Regards,
Salvatore

Bug#892031: stretch-pu: package wayland/1.12.0-1

2018-08-26 Thread Adam D. Barratt 

Control: tags -1 + confirmed

On 2018-07-14 08:00, Salvatore Bonaccorso wrote:

Control: tags -1 - moreinfo

Hi Adam,

On Tue, Jul 03, 2018 at 08:55:44PM +0100, Adam D. Barratt wrote:

Control: tags -1 + moreinfo

On Sun, 2018-03-04 at 12:42 +0100, Héctor Orón Martínez wrote:
>   I would like to apply fix in stable for #889681.
>

The metadata for that bug report suggests that it still applies to
unstable, possibly because the current changelog is based on the
experimental uploads and contains no reference to either the 1.14.0-2
upload or #889681. Please confirm that the bug is actually fixed in
unstable and fix up the metadata appropriately.


What I think what happened. The issue really was fixed with the
unstable upload as 1.14.0-2
https://tracker.debian.org/news/937846/accepted-wayland-1140-2-source-into-unstable/

A later 1.15.0-1 upload did though not merged in the debian/changelog
information from 1.14.0-2 and that got lost, which is probably what
confused the BTS version tracking then because 1.14.0-2 not anymore
known.


That's the conclusion I came to as well, but I was trying to prod Héctor 
towards fixing it. ;-) I see that you did so, thanks.


Please feel free to go ahead.

Regards,

Adam

Bug#892031: stretch-pu: package wayland/1.12.0-1

2018-07-14 Thread Salvatore Bonaccorso 
Control: tags -1 - moreinfo

Hi Adam,

On Tue, Jul 03, 2018 at 08:55:44PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
> 
> On Sun, 2018-03-04 at 12:42 +0100, Héctor Orón Martínez wrote:
> >   I would like to apply fix in stable for #889681.
> > 
> 
> The metadata for that bug report suggests that it still applies to
> unstable, possibly because the current changelog is based on the
> experimental uploads and contains no reference to either the 1.14.0-2
> upload or #889681. Please confirm that the bug is actually fixed in
> unstable and fix up the metadata appropriately.

What I think what happened. The issue really was fixed with the
unstable upload as 1.14.0-2 
https://tracker.debian.org/news/937846/accepted-wayland-1140-2-source-into-unstable/

A later 1.15.0-1 upload did though not merged in the debian/changelog
information from 1.14.0-2 and that got lost, which is probably what
confused the BTS version tracking then because 1.14.0-2 not anymore
known.

Regards,
Salvatore

Bug#892031: stretch-pu: package wayland/1.12.0-1

2018-07-03 Thread Adam D. Barratt 
Control: tags -1 + moreinfo

On Sun, 2018-03-04 at 12:42 +0100, Héctor Orón Martínez wrote:
>   I would like to apply fix in stable for #889681.
> 

The metadata for that bug report suggests that it still applies to
unstable, possibly because the current changelog is based on the
experimental uploads and contains no reference to either the 1.14.0-2
upload or #889681. Please confirm that the bug is actually fixed in
unstable and fix up the metadata appropriately.

Regards,

Adam

Bug#892031: stretch-pu: package wayland/1.12.0-1

2018-03-04 Thread Héctor Orón Martínez 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hello,

  I would like to apply fix in stable for #889681.
  I have asked security team if they want the fix via security queue or stable
  update, however I have gotten no reply yet. I am attaching the patch I intend
  to upload to stable if you acknowledge it.

Regards

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: armhf

Kernel: Linux 4.15.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=ca_AD.utf8, LC_CTYPE=ca_AD.utf8 (charmap=UTF-8), LANGUAGE=ca_AD:ca 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
From 2471b0463e9395bd981f8b875e3280f1fc6b995f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=A9ctor=20Or=C3=B3n=20Mart=C3=ADnez?= 
Date: Sun, 4 Mar 2018 11:54:40 +0100
Subject: [PATCH] debian/patches/CVE-2017-16612.patch: fix cursor integer
 overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Héctor Orón Martínez 
---
 debian/changelog| 11 +
 debian/patches/CVE-2017-16612.patch | 47 +
 debian/patches/series   |  1 +
 3 files changed, 59 insertions(+)
 create mode 100644 debian/patches/CVE-2017-16612.patch
 create mode 100644 debian/patches/series

diff --git a/debian/changelog b/debian/changelog
index 2f84b50..7495ef3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+wayland (1.12.0-1+deb9u1) stretch; urgency=medium
+
+  * debian/patches/CVE-2017-16612.patch: (Closes: #889681)
+- libXcursor before 1.1.15 has various integer overflows that could lead
+  to heap buffer overflows when processing malicious cursors, e.g., with
+  programs like GIMP. It is also possible that an attack vector exists
+  against the related code in cursor/xcursor.c in Wayland through
+  1.14.0.
+
+ -- Héctor Orón Martínez   Sun, 04 Mar 2018 11:43:29 +0100
+
 wayland (1.12.0-1) unstable; urgency=medium
 
   * New upstream release. Closes: #840752.
diff --git a/debian/patches/CVE-2017-16612.patch 
b/debian/patches/CVE-2017-16612.patch
new file mode 100644
index 000..9d91f70
--- /dev/null
+++ b/debian/patches/CVE-2017-16612.patch
@@ -0,0 +1,47 @@
+commit 5d201df72f3d4f4cb8b8f75f980169b03507da38
+Author: Tobias Stoeckmann 
+Date:   Tue Nov 28 21:38:07 2017 +0100
+
+cursor: Fix heap overflows when parsing malicious files.
+
+It is possible to trigger heap overflows due to an integer overflow
+while parsing images.
+
+The integer overflow occurs because the chosen limit 0x1 for
+dimensions is too large for 32 bit systems, because each pixel takes
+4 bytes. Properly chosen values allow an overflow which in turn will
+lead to less allocated memory than needed for subsequent reads.
+
+See also: 
https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
+Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=103961
+
+Signed-off-by: Tobias Stoeckmann 
+[Pekka: add link to the corresponding libXcursor commit]
+Signed-off-by: Pekka Paalanen 
+
+diff --git a/cursor/xcursor.c b/cursor/xcursor.c
+index ca41c4a..689c702 100644
+--- a/cursor/xcursor.c
 b/cursor/xcursor.c
+@@ -202,6 +202,11 @@ XcursorImageCreate (int width, int height)
+ {
+ XcursorImage*image;
+ 
++if (width < 0 || height < 0)
++   return NULL;
++if (width > XCURSOR_IMAGE_MAX_SIZE || height > XCURSOR_IMAGE_MAX_SIZE)
++   return NULL;
++
+ image = malloc (sizeof (XcursorImage) +
+   width * height * sizeof (XcursorPixel));
+ if (!image)
+@@ -482,7 +487,8 @@ _XcursorReadImage (XcursorFile *file,
+ if (!_XcursorReadUInt (file, &head.delay))
+   return NULL;
+ /* sanity check data */
+-if (head.width >= 0x1 || head.height > 0x1)
++if (head.width > XCURSOR_IMAGE_MAX_SIZE  ||
++  head.height > XCURSOR_IMAGE_MAX_SIZE)
+   return NULL;
+ if (head.width == 0 || head.height == 0)
+   return NULL;
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 000..4c42ec7
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2017-16612.patch
-- 
2.16.2