Bug#987246: buster-pu: package tnef/1.4.12-1.2

2021-05-30 Thread Thorsten Alteholz 




On Sat, 29 May 2021, Adam D. Barratt wrote:


On Tue, 2021-04-20 at 11:21 +, Thorsten Alteholz wrote:
The distribution should just be "buster" for a pu upload, pleae.


Opps, sorry, changed and uploaded.

  Thorsten

Bug#987246: buster-pu: package tnef/1.4.12-1.2

2021-05-29 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Tue, 2021-04-20 at 11:21 +, Thorsten Alteholz wrote:
> The attached debdiff for tnef fixes CVE-2019-18849 in Buster.
> 

+tnef (1.4.12-1.2+deb10u1) buster-security; urgency=high

The distribution should just be "buster" for a pu upload, pleae.

Please go ahead; sorry for the delay.

Regards,

Adam

Bug#987246: buster-pu: package tnef/1.4.12-1.2

2021-04-20 Thread Thorsten Alteholz 

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

The attached debdiff for tnef fixes CVE-2019-18849 in Buster.

It is marked as no-dsa by the security team.

The fix has been uploaded to Jessie long time ago and nobody complained up 
to now.


  Thorstendiff -Nru tnef-1.4.12/debian/changelog tnef-1.4.12/debian/changelog
--- tnef-1.4.12/debian/changelog2017-05-29 15:03:02.0 +0200
+++ tnef-1.4.12/debian/changelog2021-04-18 10:03:02.0 +0200
@@ -1,3 +1,12 @@
+tnef (1.4.12-1.2+deb10u1) buster-security; urgency=high
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2019-18849 (Closes: #944851)
+Using emails with a crafted winmail.dat application/ms-tnef attachment
+might allow to change .ssh/authorized_keys.
+
+ -- Thorsten Alteholz   Sun, 18 Apr 2021 10:03:02 +0200
+
 tnef (1.4.12-1.2) unstable; urgency=medium
 
   * Non-maintainer upload by the Wheezy LTS Team. (Closes: #862442)
diff -Nru tnef-1.4.12/debian/patches/CVE-2019-18849.patch 
tnef-1.4.12/debian/patches/CVE-2019-18849.patch
--- tnef-1.4.12/debian/patches/CVE-2019-18849.patch 1970-01-01 
01:00:00.0 +0100
+++ tnef-1.4.12/debian/patches/CVE-2019-18849.patch 2021-04-18 
10:03:02.0 +0200
@@ -0,0 +1,147 @@
+Index: tnef-1.4.12/src/alloc.c
+===
+--- tnef-1.4.12.orig/src/alloc.c   2021-04-16 09:49:11.067016999 +0200
 tnef-1.4.12/src/alloc.c2021-04-16 09:49:11.063016905 +0200
+@@ -72,13 +72,14 @@
+ 
+ /* attempts to malloc memory, if fails print error and call abort */
+ void*
+-xmalloc (size_t num, size_t size)
++xmalloc (size_t num, size_t size, size_t extra)
+ {
+ size_t res;
+ if (check_mul_overflow(num, size, &res))
+ abort();
+-
+-void *ptr = malloc (res);
++if (res + extra < res)
++abort();
++void *ptr = malloc (res + extra);
+ if (!ptr
+ && (size != 0)) /* some libc don't like size == 0 */
+ {
+@@ -90,41 +91,44 @@
+ 
+ /* Allocates memory but only up to a limit */
+ void*
+-checked_xmalloc (size_t num, size_t size)
++checked_xmalloc (size_t num, size_t size, size_t extra)
+ {
+ size_t res;
+ if (check_mul_overflow(num, size, &res))
+ abort();
+-
++if (res + extra < res)
++abort();
+ alloc_limit_assert ("checked_xmalloc", res);
+-return xmalloc (num, size);
++return xmalloc (num, size, extra);
+ }
+ 
+ /* xmallocs memory and clears it out */
+ void*
+-xcalloc (size_t num, size_t size)
++xcalloc (size_t num, size_t size, size_t extra)
+ {
+ size_t res;
+ if (check_mul_overflow(num, size, &res))
+ abort();
+ 
+ void *ptr;
+-ptr = malloc(res);
++if (res + extra < res)
++abort();
++ptr = malloc(res + extra);
+ if (ptr)
+ {
+-memset (ptr, '\0', (res));
++memset (ptr, '\0', (res + extra));
+ }
+ return ptr;
+ }
+ 
+ /* xcallocs memory but only up to a limit */
+ void*
+-checked_xcalloc (size_t num, size_t size)
++checked_xcalloc (size_t num, size_t size, size_t extra)
+ {
+ size_t res;
+ if (check_mul_overflow(num, size, &res))
+ abort();
+ 
+ alloc_limit_assert ("checked_xcalloc", (res));
+-return xcalloc (num, size);
++return xcalloc (num, size, extra);
+ }
+Index: tnef-1.4.12/src/alloc.h
+===
+--- tnef-1.4.12.orig/src/alloc.h   2021-04-16 09:49:11.067016999 +0200
 tnef-1.4.12/src/alloc.h2021-04-16 09:49:11.063016905 +0200
+@@ -35,19 +35,23 @@
+ extern void set_alloc_limit (size_t size);
+ extern size_t get_alloc_limit();
+ extern void alloc_limit_assert (char *fn_name, size_t size);
+-extern void* checked_xmalloc (size_t num, size_t size);
+-extern void* xmalloc (size_t num, size_t size);
+-extern void* checked_xcalloc (size_t num, size_t size);
+-extern void* xcalloc (size_t num, size_t size);
++extern void* checked_xmalloc (size_t num, size_t size, size_t extra);
++extern void* xmalloc (size_t num, size_t size, size_t extra);
++extern void* checked_xcalloc (size_t num, size_t size, size_t extra);
++extern void* xcalloc (size_t num, size_t size, size_t extra);
+ 
+ #define XMALLOC(_type,_num)   \
+-((_type*)xmalloc((_num), sizeof(_type)))
++  ((_type*)xmalloc((_num), sizeof(_type), 0))
+ #define XCALLOC(_type,_num)   \
+-((_type*)xcalloc((_num), sizeof (_type)))
++  ((_type*)xcalloc((_num), sizeof (_type), 0))
+ #define CHECKED_XMALLOC(_type,_num)   \
+-((_type*)checked_xmalloc((_num),sizeof(_type)))
+-#define CHECKED_XCALLOC(_type,_num)   \
+-((_type*)checked_xcalloc((_num),sizeof(_type)))
++  ((_type*)checked_xmalloc((_num),sizeof(_type),0))
++#define CHECKED_XMALLOC_ADDNULL(_type,_num)   \
++  ((_type*)chec