Re: possible bug in auto-removals.
Hi Peter, On 16-12-2019 01:21, peter green wrote: > I have been observing a number of python cruft packages that are still > in testing recently, and I noticed that there seems to be an issue with > an auto-removal. cruft has never been supposed to be in testing. There was a bug in britney that we believe is fixed. The end of the output.txt has the packages which shouldn't have been left in testing: List of old libraries in the target suite (96): [...] (libraries in smooth update transitions) python-colorama: amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x python-colorlog: amd64 arm64 i386 mips64el ppc64el python-fonttools: amd64 i386 python-fs: amd64 i386 python-terminado: amd64 i386 python-waitress: amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x > My understanding is that auto-removals is supposed to keep track of > reverse dependencies and initially delay auto-removal, then later, if > the package remains rc buggy for long enough, remove the > reverse-dependencies as well. Correct, if you mean with "remove the reverse-dependencies as well" that these reverse-dependencies are removed together when the "main" package. > However in the case of python-easydev auto-removals seems to be trying > to remove python-easydev without also removing it's reverse dependency > hinge. Any idea why? I see, probably a bug somewhere. I think the code that generates the list for autoremoval is this one: https://salsa.debian.org/qa/udd/blob/master/udd/testing_autoremovals_gatherer.pl Paul signature.asc Description: OpenPGP digital signature
Bug#946864: buster-pu: package libmatroska/1.4.9-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu libmatroska in stable has an incorrect version in its shlibs file. So the generated depenendencies of reverse depenendencies are not tight enough (see #946669 for details). I have uploaded a targeted fixed to buster-pu. The next time we have a vlc DSA it will pick up tight enough depenendencies. The full debdiff is attached. Cheers -- Sebastian Ramacher diff --git a/debian/changelog b/debian/changelog index 2458132..9df392a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +libmatroska (1.4.9-1+deb10u1) buster; urgency=medium + + * debian/shlibs: Bump version to 1.4.7 since that version introduced new +symbols (Closes: #946669) + + -- Sebastian Ramacher Mon, 16 Dec 2019 20:25:14 +0100 + libmatroska (1.4.9-1) unstable; urgency=medium * Team upload. diff --git a/debian/gbp.conf b/debian/gbp.conf index 682c4cf..5dfa190 100644 --- a/debian/gbp.conf +++ b/debian/gbp.conf @@ -1,6 +1,6 @@ [DEFAULT] upstream-branch = upstream -debian-branch = master +debian-branch = buster upstream-tag = upstream/%(version)s debian-tag = debian/%(version)s pristine-tar = True diff --git a/debian/shlibs b/debian/shlibs index fead0d7..aa7c745 100644 --- a/debian/shlibs +++ b/debian/shlibs @@ -1 +1 @@ -libmatroska 6 libmatroska6v5 (>= 1.4.5) +libmatroska 6 libmatroska6v5 (>= 1.4.7) signature.asc Description: PGP signature
Bug#946841: buster-pu: package simplesamlphp/1.16.3-1+deb10u2
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hi, The simpleSAMLphp package in buster suffers from an incompatibility with PHP 7.3 (also shipped in buster) that can be fixed with a one character change. The bug report is at https://bugs.debian.org/944820 This was missed during the release cycle because the already existing and working simplesamlphp package was not fully re-tested when PHP 7.3 was introduced into buster. Please see attached debdiff for a proposed fix for buster. Thanks, Thijs diff -Nru simplesamlphp-1.16.3/debian/changelog simplesamlphp-1.16.3/debian/changelog --- simplesamlphp-1.16.3/debian/changelog 2019-11-03 06:46:13.0 +0100 +++ simplesamlphp-1.16.3/debian/changelog 2019-12-16 14:15:00.0 +0100 @@ -1,3 +1,9 @@ +simplesamlphp (1.16.3-1+deb10u2) buster; urgency=medium + + * Fix incompatibility with PHP 7.3 (closes: #944820). + + -- Thijs Kinkhorst Mon, 16 Dec 2019 14:15:00 +0100 + simplesamlphp (1.16.3-1+deb10u1) buster-security; urgency=high * Fix security issue CVE-2019-3465. diff -Nru simplesamlphp-1.16.3/debian/patches/fix-xmlseclibs-php73.patch simplesamlphp-1.16.3/debian/patches/fix-xmlseclibs-php73.patch --- simplesamlphp-1.16.3/debian/patches/fix-xmlseclibs-php73.patch 1970-01-01 01:00:00.0 +0100 +++ simplesamlphp-1.16.3/debian/patches/fix-xmlseclibs-php73.patch 2019-12-16 14:15:00.0 +0100 @@ -0,0 +1,24 @@ +From: Stefan Winter +Date: Thu, 18 Oct 2018 07:24:07 +0200 +Subject: [PATCH] make regex PCRE2 compliant + +PHP7.3 makes a hard switch from PCRE to PCRE2, where the hyphen needs to be escaped. I've tested and confirmed that with PHP 7.3rc3 +- the code as was before this PR breaks with a PHP error about unable to compile the regex +- the code with this one-character PR applied works just fine +--- + src/Utils/XPath.php | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/Utils/XPath.php b/src/Utils/XPath.php +index 11e51fb..8cdc48e 100644 +--- a/vendor/robrichards/xmlseclibs/src/Utils/XPath.php b/vendor/robrichards/xmlseclibs/src/Utils/XPath.php +@@ -7,7 +7,7 @@ class XPath + const ALPHANUMERIC = '\w\d'; + const NUMERIC = '\d'; + const LETTERS = '\w'; +-const EXTENDED_ALPHANUMERIC = '\w\d\s-_:\.'; ++const EXTENDED_ALPHANUMERIC = '\w\d\s\-_:\.'; + + const SINGLE_QUOTE = '\''; + const DOUBLE_QUOTE = '"'; diff -Nru simplesamlphp-1.16.3/debian/patches/series simplesamlphp-1.16.3/debian/patches/series --- simplesamlphp-1.16.3/debian/patches/series 2019-11-03 06:44:18.0 +0100 +++ simplesamlphp-1.16.3/debian/patches/series 2019-12-16 14:15:00.0 +0100 @@ -1,2 +1,3 @@ debian_config.patch CVE-2019-3465.patch +fix-xmlseclibs-php73.patch
Bug#946831: buster-pu: package freerdp2/2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Dear Release Team, I have just uploaded freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1 to buster with the following change: + * debian/patches: ++ Add 0001_CVE-2019-17177.patch. Fix realloc return handling. + (CVE-2019-17177). + -> Fixes a security issue. Greets, Mike -- System Information: Debian Release: 10.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -Nru freerdp2-2.0.0~git20190204.1.2693389a+dfsg1/debian/changelog freerdp2-2.0.0~git20190204.1.2693389a+dfsg1/debian/changelog --- freerdp2-2.0.0~git20190204.1.2693389a+dfsg1/debian/changelog 2019-02-04 10:04:45.0 +0100 +++ freerdp2-2.0.0~git20190204.1.2693389a+dfsg1/debian/changelog 2019-12-16 11:36:02.0 +0100 @@ -1,3 +1,11 @@ +freerdp2 (2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1) buster; urgency=medium + + * debian/patches: ++ Add 0001_CVE-2019-17177.patch. Fix realloc return handling. + (CVE-2019-17177). + + -- Mike Gabriel Mon, 16 Dec 2019 11:36:02 +0100 + freerdp2 (2.0.0~git20190204.1.2693389a+dfsg1-1) unstable; urgency=medium * Import Git snapshot for 2.0.0-2693389a (post ~rc4) from upstream: diff -Nru freerdp2-2.0.0~git20190204.1.2693389a+dfsg1/debian/patches/0001_CVE-2019-17177.patch freerdp2-2.0.0~git20190204.1.2693389a+dfsg1/debian/patches/0001_CVE-2019-17177.patch --- freerdp2-2.0.0~git20190204.1.2693389a+dfsg1/debian/patches/0001_CVE-2019-17177.patch 1970-01-01 01:00:00.0 +0100 +++ freerdp2-2.0.0~git20190204.1.2693389a+dfsg1/debian/patches/0001_CVE-2019-17177.patch 2019-12-16 11:35:50.0 +0100 @@ -0,0 +1,171 @@ +From fc80ab45621bd966f70594c0b7393ec005a94007 Mon Sep 17 00:00:00 2001 +From: Armin Novak +Date: Fri, 4 Oct 2019 14:49:30 +0200 +Subject: [PATCH] Fixed #5645: realloc return handling + +--- + client/X11/generate_argument_docbook.c | 33 +- + libfreerdp/codec/region.c | 20 + winpr/libwinpr/utils/lodepng/lodepng.c | 6 - + 3 files changed, 48 insertions(+), 11 deletions(-) + +--- a/client/X11/generate_argument_docbook.c b/client/X11/generate_argument_docbook.c +@@ -9,6 +9,7 @@ + LPSTR tr_esc_str(LPCSTR arg, bool format) + { + LPSTR tmp = NULL; ++ LPSTR tmp2 = NULL; + size_t cs = 0, x, ds, len; + size_t s; + +@@ -25,7 +26,12 @@ + ds = s + 1; + + if (s) +- tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); ++ { ++ tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); ++ if (!tmp2) ++ free(tmp); ++ tmp = tmp2; ++ } + + if (NULL == tmp) + { +@@ -43,7 +49,10 @@ + case '<': + len = format ? 13 : 4; + ds += len - 1; +- tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); ++ tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); ++ if (!tmp2) ++ free(tmp); ++ tmp = tmp2; + + if (NULL == tmp) + { +@@ -64,7 +73,10 @@ + case '>': + len = format ? 14 : 4; + ds += len - 1; +- tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); ++ tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); ++ if (!tmp2) ++ free(tmp); ++ tmp = tmp2; + + if (NULL == tmp) + { +@@ -84,7 +96,10 @@ + + case '\'': + ds += 5; +- tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); ++ tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); ++ if (!tmp2) ++ free(tmp); ++ tmp = tmp2; + + if (NULL == tmp) + { +@@ -102,7 +117,10 @@ + + case '"': + ds += 5; +- tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); ++ tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); ++
Bug#946824: buster-pu: package libvncserver/0.9.11+dfsg-1.3~deb9u2
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Dear Release Team, I have just uploaded 0.99.11+dfsg-1.3~deb9u2 of src:libvncserver, bringing the following changes to stretch: + * CVE-2019-15681: rfbserver: don't leak stack memory to the remote. (Closes: +#943793). Declared a issue by the secteam. + * debian/patches: ++ Trivial patch rebasing. ++ Add 3 use-after-free patches. Resolve a freeze during connection closure and a + segmentation fault on multi-threaded VNC servers. (Closes: #905786). Resolves freezes during connection closure. Cherry-picked from upstream. ++ Add 0002-set-true-color-flag-to-1.patch. Fix connecting to VMware servers. + (Closes: #880531). Resolves connecting to VMware servers. Unfortunately, the two bug submitters of #880531 and #905786 were unavailable for confirming their issues being fixed with the new version of libvncserver. Neither was I presented with a test recipe for verifying the bugs being fixed for buster myself. Please note that this version for stretch is nearly identical with a just uploaded similar update version for buster. (See: #946822). Greets, Mike -- System Information: Debian Release: 10.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -Nru libvncserver-0.9.11+dfsg/debian/changelog libvncserver-0.9.11+dfsg/debian/changelog --- libvncserver-0.9.11+dfsg/debian/changelog 2019-02-02 22:41:23.0 +0100 +++ libvncserver-0.9.11+dfsg/debian/changelog 2019-12-16 11:08:42.0 +0100 @@ -1,3 +1,17 @@ +libvncserver (0.9.11+dfsg-1.3~deb9u2) stretch; urgency=medium + + * CVE-2019-15681: ++ rfbserver: don't leak stack memory to the remote. (Closes: #943793). + * debian/patches: ++ Trivial patch rebasing. ++ Add 3 use-after-free patches. Resolve a freeze during connection + closure and a segmentation fault on multi-threaded VNC servers. (Closes: + #905786). ++ Add 0002-set-true-color-flag-to-1.patch. Fix connecting to VMware servers. + (Closes: #880531). + + -- Mike Gabriel Mon, 16 Dec 2019 11:08:42 +0100 + libvncserver (0.9.11+dfsg-1.3~deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. diff -Nru libvncserver-0.9.11+dfsg/debian/patches/0001-ignore_webclients.patch libvncserver-0.9.11+dfsg/debian/patches/0001-ignore_webclients.patch --- libvncserver-0.9.11+dfsg/debian/patches/0001-ignore_webclients.patch 2019-02-02 22:41:23.0 +0100 +++ libvncserver-0.9.11+dfsg/debian/patches/0001-ignore_webclients.patch 2019-12-16 10:57:16.0 +0100 @@ -21,7 +21,7 @@ bin_SCRIPTS = libvncserver-config --- a/configure.ac +++ b/configure.ac -@@ -594,9 +594,6 @@ +@@ -583,9 +583,6 @@ libvncserver/Makefile examples/Makefile examples/android/Makefile diff -Nru libvncserver-0.9.11+dfsg/debian/patches/0002-set-true-color-flag-to-1.patch libvncserver-0.9.11+dfsg/debian/patches/0002-set-true-color-flag-to-1.patch --- libvncserver-0.9.11+dfsg/debian/patches/0002-set-true-color-flag-to-1.patch 1970-01-01 01:00:00.0 +0100 +++ libvncserver-0.9.11+dfsg/debian/patches/0002-set-true-color-flag-to-1.patch 2019-12-16 11:08:18.0 +0100 @@ -0,0 +1,20 @@ +From 7c54f07ca55046c6f9b5859c44781a1f22002982 Mon Sep 17 00:00:00 2001 +From: dborth +Date: Mon, 3 Apr 2017 09:43:44 -0600 +Subject: [PATCH] Issue #141: Set trueColour flag to 1 instead of 255 + +--- + libvncclient/vncviewer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/libvncclient/vncviewer.c b/libvncclient/vncviewer.c +@@ -161,7 +161,7 @@ + client->format.depth = bitsPerSample*samplesPerPixel; + client->appData.requestedDepth=client->format.depth; + client->format.bigEndian = *(char *)&client->endianTest?FALSE:TRUE; +- client->format.trueColour = TRUE; ++ client->format.trueColour = 1; + + if (client->format.bitsPerPixel == 8) { + client->format.redMax = 7; diff -Nru libvncserver-0.9.11+dfsg/debian/patches/CVE-2018-15126/0001-tightvnc-filetransfer-tie-the-download-thread-to-the.patch libvncserver-0.9.11+dfsg/debian/patches/CVE-2018-15126/0001-tightvnc-filetransfer-tie-the-download-thread-to-the.patch --- libvncserver-0.9.11+dfsg/debian/patches/CVE-2018-15126/0001-tightvnc-filetransfer-tie-the-download-thread-to-the.patch 2019-02-02 22:41:23.0 +0100 +++ libvncserver-0.9.11+dfsg/debian/patches/CVE-2018-15126/0001-tightvnc-filetransfer-tie-the-download-thread-to-the.patch 2019-12-16 10:57:16.0 +0100 @@ -13,11 +13
Bug#946822: buster-pu: package libvncserver/0.9.11+dfsg-1.3+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Dear Release Team, I have just uploaded 0.99.11+dfsg-1.3+deb10u1 of src:libvncserver, bringing the following changes to buster: + * CVE-2019-15681: rfbserver: don't leak stack memory to the remote. (Closes: +#943793). Declared a issue by the secteam. + * debian/patches: ++ Trivial patch rebasing. ++ Add 3 use-after-free patches. Resolve a freeze during connection closure and a + segmentation fault on multi-threaded VNC servers. (Closes: #905786). Resolves freezes during connection closure. Cherry-picked from upstream. ++ Add 0002-set-true-color-flag-to-1.patch. Fix connecting to VMware servers. + (Closes: #880531). Resolves connecting to VMware servers. Unfortunately, the two bug submitters of #880531 and #905786 were unavailable for confirming their issues being fixed with the new version of libvncserver. Neither was I presented with a test recipe for verifying the bugs being fixed for buster myself. Greets, Mike -- System Information: Debian Release: 10.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -Nru libvncserver-0.9.11+dfsg/debian/changelog libvncserver-0.9.11+dfsg/debian/changelog --- libvncserver-0.9.11+dfsg/debian/changelog 2019-01-30 22:39:15.0 +0100 +++ libvncserver-0.9.11+dfsg/debian/changelog 2019-12-03 09:18:57.0 +0100 @@ -1,3 +1,16 @@ +libvncserver (0.9.11+dfsg-1.3+deb10u1) buster; urgency=medium + + * CVE-2019-15681: rfbserver: don't leak stack memory to the remote. (Closes: +#943793). + * debian/patches: ++ Trivial patch rebasing. ++ Add 3 use-after-free patches. Resolve a freeze during connection closure and a + segmentation fault on multi-threaded VNC servers. (Closes: #905786). ++ Add 0002-set-true-color-flag-to-1.patch. Fix connecting to VMware servers. + (Closes: #880531). + + -- Mike Gabriel Tue, 03 Dec 2019 09:18:57 +0100 + libvncserver (0.9.11+dfsg-1.3) unstable; urgency=medium * Non-maintainer upload. diff -Nru libvncserver-0.9.11+dfsg/debian/patches/0001-ignore_webclients.patch libvncserver-0.9.11+dfsg/debian/patches/0001-ignore_webclients.patch --- libvncserver-0.9.11+dfsg/debian/patches/0001-ignore_webclients.patch 2019-01-30 22:39:15.0 +0100 +++ libvncserver-0.9.11+dfsg/debian/patches/0001-ignore_webclients.patch 2019-12-03 09:18:57.0 +0100 @@ -21,7 +21,7 @@ bin_SCRIPTS = libvncserver-config --- a/configure.ac +++ b/configure.ac -@@ -594,9 +594,6 @@ +@@ -583,9 +583,6 @@ libvncserver/Makefile examples/Makefile examples/android/Makefile diff -Nru libvncserver-0.9.11+dfsg/debian/patches/0002-set-true-color-flag-to-1.patch libvncserver-0.9.11+dfsg/debian/patches/0002-set-true-color-flag-to-1.patch --- libvncserver-0.9.11+dfsg/debian/patches/0002-set-true-color-flag-to-1.patch 1970-01-01 01:00:00.0 +0100 +++ libvncserver-0.9.11+dfsg/debian/patches/0002-set-true-color-flag-to-1.patch 2019-12-03 09:18:57.0 +0100 @@ -0,0 +1,20 @@ +From 7c54f07ca55046c6f9b5859c44781a1f22002982 Mon Sep 17 00:00:00 2001 +From: dborth +Date: Mon, 3 Apr 2017 09:43:44 -0600 +Subject: [PATCH] Issue #141: Set trueColour flag to 1 instead of 255 + +--- + libvncclient/vncviewer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/libvncclient/vncviewer.c b/libvncclient/vncviewer.c +@@ -161,7 +161,7 @@ + client->format.depth = bitsPerSample*samplesPerPixel; + client->appData.requestedDepth=client->format.depth; + client->format.bigEndian = *(char *)&client->endianTest?FALSE:TRUE; +- client->format.trueColour = TRUE; ++ client->format.trueColour = 1; + + if (client->format.bitsPerPixel == 8) { + client->format.redMax = 7; diff -Nru libvncserver-0.9.11+dfsg/debian/patches/CVE-2018-15126/0001-tightvnc-filetransfer-tie-the-download-thread-to-the.patch libvncserver-0.9.11+dfsg/debian/patches/CVE-2018-15126/0001-tightvnc-filetransfer-tie-the-download-thread-to-the.patch --- libvncserver-0.9.11+dfsg/debian/patches/CVE-2018-15126/0001-tightvnc-filetransfer-tie-the-download-thread-to-the.patch 2019-01-30 22:39:15.0 +0100 +++ libvncserver-0.9.11+dfsg/debian/patches/CVE-2018-15126/0001-tightvnc-filetransfer-tie-the-download-thread-to-the.patch 2019-12-03 09:18:57.0 +0100 @@ -13,11 +13,9 @@ libvncserver/tightvnc-filetransfer/rfbtightproto.h | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) -diff --git a/libvncserver/tightvnc-filetransfer
Bug#946819: buster-pu: package atril/1.20.3-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Dear Release Team, I have just uploaded atril 1.20.3-1+deb10u1 to Debian buster with the following changes: + [ Martin Wimpress ] + * debian/patches: ++ Add 0001_prevent_no_doc_segfault.patch. Prevent segfaults when no document + is loaded. See upstream issue: https://github.com/mate-desktop/atril/issues/357 When one loaded atril with no document and started playing with the application settings, atril would segfault. ++ Add 0002_CVE-2019-1010006.patch. Fix buffer overflow. (CVE-2019-1010006) This is a low security issue, but not tagged as no-dsa on the security tracker. However, getting the other two patches into buster had prio and thus I took the buster-pu upload path for this. + [ Mike Gabriel ] + * debian/patches: ++ Add CVE-2019-11459.patch. tiff: Handle failure from + TIFFReadRGBAImageOriented. (Closes: #927821). ++ Rebase 0001_prevent_no_doc_segfault.patch. Security issue marked as unimportant, still something that deserves a fix via buster-pu. light+love, Mike -- System Information: Debian Release: 10.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled diff -Nru atril-1.20.3/debian/changelog atril-1.20.3/debian/changelog --- atril-1.20.3/debian/changelog 2018-12-22 22:24:46.0 +0100 +++ atril-1.20.3/debian/changelog 2019-12-16 10:33:35.0 +0100 @@ -1,3 +1,19 @@ +atril (1.20.3-1+deb10u1) buster; urgency=medium + + [ Martin Wimpress ] + * debian/patches: ++ Add 0001_prevent_no_doc_segfault.patch. Prevent segfaults when no document + is loaded. ++ Add 0002_CVE-2019-1010006.patch. Fix buffer overflow. (CVE-2019-1010006) + + [ Mike Gabriel ] + * debian/patches: ++ Add CVE-2019-11459.patch. tiff: Handle failure from + TIFFReadRGBAImageOriented. (Closes: #927821). ++ Rebase 0001_prevent_no_doc_segfault.patch. + + -- Mike Gabriel Mon, 16 Dec 2019 10:33:35 +0100 + atril (1.20.3-1) unstable; urgency=medium * New upstream release. diff -Nru atril-1.20.3/debian/patches/0001_prevent_no_doc_segfault.patch atril-1.20.3/debian/patches/0001_prevent_no_doc_segfault.patch --- atril-1.20.3/debian/patches/0001_prevent_no_doc_segfault.patch 1970-01-01 01:00:00.0 +0100 +++ atril-1.20.3/debian/patches/0001_prevent_no_doc_segfault.patch 2019-12-16 10:31:57.0 +0100 @@ -0,0 +1,286 @@ +From 807e54f51919de389c2824df6ccef41947c57911 Mon Sep 17 00:00:00 2001 +From: Reuben Green +Date: Sat, 3 Aug 2019 22:54:44 +0100 +Subject: [PATCH] prevent segfaults when no document loaded + +See the issue report for a description of the bug. The root cause is +dereferencing of NULL pointers, specifically the priv->document member of +EvWindow structures when no document is loaded. This commit adds checks +for a NULL value of priv->document at all the points in the file +shell/ev-window.c where this pointer was previously dereferenced without +being checked. + +Fixes 357 (https://github.com/mate-desktop/atril/issues/357) +--- + shell/ev-window.c | 63 --- + 1 file changed, 32 insertions(+), 31 deletions(-) + +--- a/shell/ev-window.c b/shell/ev-window.c +@@ -1448,7 +1448,7 @@ + /* Presentation */ + if (ev_metadata_get_boolean (window->priv->metadata, "presentation", &presentation)) { + if (presentation) { +- if (window->priv->document->iswebdocument == TRUE ) { ++ if (window->priv->document && window->priv->document->iswebdocument == TRUE ) { + return; + } + else { +@@ -1850,7 +1850,7 @@ + ev_window_handle_link (EvWindow *ev_window, + EvLinkDest *dest) + { +- if (ev_window->priv->document->iswebdocument == TRUE ) { ++ if (ev_window->priv->document && ev_window->priv->document->iswebdocument == TRUE ) { + return; + } + if (dest) { +@@ -4117,7 +4117,7 @@ +*/ + if (ev_window->priv->chrome & EV_CHROME_FINDBAR) { + egg_find_bar_grab_focus(ev_window->priv->find_bar); +- } else if (ev_window->priv->document->iswebdocument == FALSE ) { ++ } else if (ev_window->priv->document && ev_window->priv->document->iswebdocument == FALSE ) { + ev_view_select_all (EV_VIEW (ev_window->priv->view)); + } + #if ENABLE_EPUB +@@ -4152,7 +4152,7 @@ + update_chrome_flag (ev_window, EV_CHROME_FINDBAR, TRUE); + upda