Bug#1002681: transition: ocaml
Le 19/01/2022 à 09:34, Sebastian Ramacher a écrit : > The libguestfs build for the php8.1 transition migrated, so this > transition can proceed. Please go ahead. 5 days later, most of packages have been rebuilt with the new OCaml. The remaining outliers are: - hol-light (#1002983): the fix is not trivial and upstream doesn't seem interested in supporting a modern toolchain, should be removed from testing for the time being - otags (#1002940): seems dead upstream, should be removed from testing for the time being - ppx-tools-versioned (#1002941), ppxfind (#1002942): they seem deprecated, should be removed from testing - sks (#1002657): a patch is available - llvm-toolchain-11 (#1002607), llvm-toolchain-12 (#1002608): the fix is trivial - eliom: a new upstream release is available, but it needs ocsipersist which is sitting in NEW... can be removed temporarily from testing if needed - nurpawiki: depends on eliom, can be removed temporarily from testing if needed - llvm-toolchain-9: not in testing... as far as I understand, should be removed from Debian altogether - why3, frama-c: not in testing... FTBFS at the moment, but should be fixed in the future Cheers, -- Stéphane
Bug#1004268: buster-pu: package libextractor/1:1.8-2+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Daniel Baumann ,
t...@security.debian.org
* CVE-2019-15531: Invalid read for malformed DVI files.
(Closes: #935553)
diff -Nru libextractor-1.8/debian/changelog libextractor-1.8/debian/changelog
--- libextractor-1.8/debian/changelog 2018-12-27 20:45:49.0 +0200
+++ libextractor-1.8/debian/changelog 2022-01-23 23:10:06.0 +0200
@@ -1,3 +1,11 @@
+libextractor (1:1.8-2+deb10u1) buster; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2019-15531: Invalid read for malformed DVI files.
+(Closes: #935553)
+
+ -- Adrian Bunk Sun, 23 Jan 2022 23:10:06 +0200
+
libextractor (1:1.8-2) unstable; urgency=high
* Fix out-of-bounds read vulnerability in common/convert.c (Closes: #917214,
diff -Nru libextractor-1.8/debian/patches/0001-fix-5846.patch
libextractor-1.8/debian/patches/0001-fix-5846.patch
--- libextractor-1.8/debian/patches/0001-fix-5846.patch 1970-01-01
02:00:00.0 +0200
+++ libextractor-1.8/debian/patches/0001-fix-5846.patch 2022-01-23
23:09:09.0 +0200
@@ -0,0 +1,181 @@
+From aad7a7857b815175e70e2270115a3c8cb0445765 Mon Sep 17 00:00:00 2001
+From: Christian Grothoff
+Date: Fri, 23 Aug 2019 09:35:53 +0200
+Subject: fix #5846
+
+---
+ src/plugins/dvi_extractor.c | 88 +++--
+ 1 file changed, 45 insertions(+), 43 deletions(-)
+
+diff --git a/src/plugins/dvi_extractor.c b/src/plugins/dvi_extractor.c
+index 268b48c..e3aa450 100644
+--- a/src/plugins/dvi_extractor.c
b/src/plugins/dvi_extractor.c
+@@ -1,6 +1,6 @@
+ /*
+ This file is part of libextractor.
+- Copyright (C) 2002, 2003, 2004, 2012, 2017 Vidyut Samanta and Christian
Grothoff
++ Copyright (C) 2002, 2003, 2004, 2012, 2017, 2019 Vidyut Samanta and
Christian Grothoff
+
+ libextractor is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published
+@@ -182,6 +182,8 @@ EXTRACTOR_dvi_extract_method (struct
EXTRACTOR_ExtractContext *ec)
+ size = ec->get_size (ec->cls);
+ if (size > 16 * 1024 * 1024)
+ return; /* too large */
++ if (klen + 15 > size)
++return; /* malformed klen */
+ if (NULL == (data = malloc ((size_t) size)))
+ return; /* out of memory */
+ memcpy (data, buf, iret);
+@@ -189,16 +191,16 @@ EXTRACTOR_dvi_extract_method (struct
EXTRACTOR_ExtractContext *ec)
+ while (off < size)
+ {
+ if (0 >= (iret = ec->read (ec->cls, , 16 * 1024)))
+- {
+-free (data);
+-return;
+- }
++{
++ free (data);
++ return;
++}
+ memcpy ([off], buf, iret);
+ off += iret;
+ }
+ pos = size - 1;
+ while ( (223 == data[pos]) &&
+-(pos > 0) )
++ (pos > 0) )
+ pos--;
+ if ( (2 != data[pos]) ||
+(pos < 40) )
+@@ -225,9 +227,9 @@ EXTRACTOR_dvi_extract_method (struct
EXTRACTOR_ExtractContext *ec)
+ break;
+ if ( (pos + 45 > size) ||
+ (pos + 45 < pos) )
+- goto CLEANUP;
++goto CLEANUP;
+ if (data[pos] != 139) /* expect 'bop' */
+- goto CLEANUP;
++goto CLEANUP;
+ pageCount++;
+ opos = pos;
+ pos = getIntAt ([opos + 41]);
+@@ -238,24 +240,24 @@ EXTRACTOR_dvi_extract_method (struct
EXTRACTOR_ExtractContext *ec)
+ }
+ /* ok, now we believe it's a dvi... */
+ snprintf (pages,
+- sizeof (pages),
+- "%u",
+- pageCount);
++sizeof (pages),
++"%u",
++pageCount);
+ if (0 != ec->proc (ec->cls,
+- "dvi",
+- EXTRACTOR_METATYPE_PAGE_COUNT,
+- EXTRACTOR_METAFORMAT_UTF8,
+- "text/plain",
+- pages,
+- strlen (pages) + 1))
++ "dvi",
++ EXTRACTOR_METATYPE_PAGE_COUNT,
++ EXTRACTOR_METAFORMAT_UTF8,
++ "text/plain",
++ pages,
++ strlen (pages) + 1))
+ goto CLEANUP;
+ if (0 != ec->proc (ec->cls,
+- "dvi",
+- EXTRACTOR_METATYPE_MIMETYPE,
+- EXTRACTOR_METAFORMAT_UTF8,
+- "text/plain",
+- "application/x-dvi",
+- strlen ("application/x-dvi") + 1))
++ "dvi",
++ EXTRACTOR_METATYPE_MIMETYPE,
++ EXTRACTOR_METAFORMAT_UTF8,
++ "text/plain",
++ "application/x-dvi",
++ strlen ("application/x-dvi") + 1))
+ goto CLEANUP;
+ {
+ char comment[klen + 1];
+@@ -263,18 +265,18 @@ EXTRACTOR_dvi_extract_method (struct
EXTRACTOR_ExtractContext *ec)
+ comment[klen] = '\0';
+ memcpy (comment, [15], klen);
+ if (0 != ec->proc (ec->cls,
+-
Bug#1004267: buster-pu: package libpcap/1.8.1-6+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Romain Francoise , t...@security.debian.org
* CVE-2019-15165: Improper PHB header length validation.
(Closes: #941697)
diff -Nru libpcap-1.8.1/debian/changelog libpcap-1.8.1/debian/changelog
--- libpcap-1.8.1/debian/changelog 2017-12-31 17:56:33.0 +0200
+++ libpcap-1.8.1/debian/changelog 2022-01-23 23:00:19.0 +0200
@@ -1,3 +1,11 @@
+libpcap (1.8.1-6+deb10u1) buster; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2019-15165: Improper PHB header length validation.
+(Closes: #941697)
+
+ -- Adrian Bunk Sun, 23 Jan 2022 23:00:19 +0200
+
libpcap (1.8.1-6) unstable; urgency=medium
* debian/watch: add pgpsigurlmangle option.
diff -Nru
libpcap-1.8.1/debian/patches/0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch
libpcap-1.8.1/debian/patches/0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch
---
libpcap-1.8.1/debian/patches/0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch
1970-01-01 02:00:00.0 +0200
+++
libpcap-1.8.1/debian/patches/0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch
2022-01-23 23:00:07.0 +0200
@@ -0,0 +1,53 @@
+From 7ef51510ab5b337cb8b34e1dbe9c9a64fc2c20b9 Mon Sep 17 00:00:00 2001
+From: Michael Richardson
+Date: Fri, 20 Sep 2019 11:02:00 -0400
+Subject: do sanity checks on PHB header length before allocating memory. There
+ was no fault; but doing the check results in a more consistent error
+
+---
+ sf-pcap-ng.c | 13 -
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/sf-pcap-ng.c b/sf-pcap-ng.c
+index 0c02829e..860487b7 100644
+--- a/sf-pcap-ng.c
b/sf-pcap-ng.c
+@@ -102,7 +102,7 @@ struct option_header {
+ * Section Header Block.
+ */
+ #define BT_SHB0x0A0D0D0A
+-
++#define BT_SHB_INSANE_MAX 1024U*1024U*1U /* 1MB should be enough */
+ struct section_header_block {
+ bpf_u_int32 byte_order_magic;
+ u_short major_version;
+@@ -247,7 +247,7 @@ read_bytes(FILE *fp, void *buf, size_t bytes_to_read, int
fail_on_eof,
+ if (amt_read == 0 && !fail_on_eof)
+ return (0); /* EOF */
+ pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
+- "truncated dump file; tried to read %lu bytes, only
got %lu",
++ "truncated pcap-ng dump file; tried to read %lu
bytes, only got %lu",
+ (unsigned long)bytes_to_read,
+ (unsigned long)amt_read);
+ }
+@@ -798,11 +798,14 @@ pcap_ng_check_header(bpf_u_int32 magic, FILE *fp, u_int
precision, char *errbuf,
+ /*
+* Check the sanity of the total length.
+*/
+- if (total_length < sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct
block_trailer)) {
++ if (total_length < sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct
block_trailer) ||
++(total_length > BT_SHB_INSANE_MAX)) {
+ pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
+- "Section Header Block in pcap-ng dump file has a length of
%u < %lu",
++ "Section Header Block in pcap-ng dump file has invalid
length %lu < _%u_ < %u (BT_SHB_INSANE_MAX)",
++ (unsigned long)(sizeof(*bhdrp) + sizeof(*shbp) +
sizeof(struct block_trailer)),
+ total_length,
+- (unsigned long)(sizeof(*bhdrp) + sizeof(*shbp) +
sizeof(struct block_trailer)));
++ BT_SHB_INSANE_MAX);
++
+ *err = 1;
+ return (NULL);
+ }
+--
+2.20.1
+
diff -Nru libpcap-1.8.1/debian/patches/series
libpcap-1.8.1/debian/patches/series
--- libpcap-1.8.1/debian/patches/series 2017-12-31 17:31:01.0 +0200
+++ libpcap-1.8.1/debian/patches/series 2022-01-23 23:00:17.0 +0200
@@ -8,3 +8,4 @@
disable-remote.diff
man-errors.diff
pcap-config.diff
+0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch
Bug#1004265: buster-pu: package rsyslog/8.1901.0-1+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Michael Biebl , t...@security.debian.org
* CVE-2019-17041: Heap overflow in the AIX message parser.
(Closes: #942067)
* CVE-2019-17042: Heap overflow in the Cisco log message parser.
(Closes: #942065)
diff -Nru rsyslog-8.1901.0/debian/changelog rsyslog-8.1901.0/debian/changelog
--- rsyslog-8.1901.0/debian/changelog 2019-02-26 19:43:39.0 +0200
+++ rsyslog-8.1901.0/debian/changelog 2022-01-23 20:27:01.0 +0200
@@ -1,3 +1,13 @@
+rsyslog (8.1901.0-1+deb10u1) buster; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2019-17041: Heap overflow in the AIX message parser.
+(Closes: #942067)
+ * CVE-2019-17042: Heap overflow in the Cisco log message parser.
+(Closes: #942065)
+
+ -- Adrian Bunk Sun, 23 Jan 2022 20:27:01 +0200
+
rsyslog (8.1901.0-1) unstable; urgency=medium
* New upstream version 8.1901.0
diff -Nru
rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
---
rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
1970-01-01 02:00:00.0 +0200
+++
rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch
2022-01-23 20:26:28.0 +0200
@@ -0,0 +1,39 @@
+From de51d602532835caafa401401424b61354f404fc Mon Sep 17 00:00:00 2001
+From: Rainer Gerhards
+Date: Fri, 27 Sep 2019 13:36:02 +0200
+Subject: pmaixforwardedfrom bugfix: potential misadressing
+
+---
+ contrib/pmaixforwardedfrom/pmaixforwardedfrom.c | 9 +
+ 1 file changed, 9 insertions(+)
+
+diff --git a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
+index 37157c7d4..ebf12ebbe 100644
+--- a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
+@@ -109,6 +109,10 @@ CODESTARTparse
+ /* bump the message portion up by skipLen(23 or 5) characters to
overwrite the "Message forwarded from
+ " or "From " with the hostname */
+ lenMsg -=skipLen;
++ if(lenMsg < 2) {
++ dbgprintf("not a AIX message forwarded from message has nothing
after header\n");
++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++ }
+ memmove(p2parse, p2parse + skipLen, lenMsg);
+ *(p2parse + lenMsg) = '\n';
+ *(p2parse + lenMsg + 1) = '\0';
+@@ -120,6 +124,11 @@ really an AIX log, but has a similar preamble */
+ --lenMsg;
+ ++p2parse;
+ }
++ if (lenMsg < 1) {
++ dbgprintf("not a AIX message forwarded from message has nothing
after colon "
++ "or no colon at all\n");
++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++ }
+ if (lenMsg && *p2parse != ':') {
+ DBGPRINTF("not a AIX message forwarded from mangled log but similar
enough that the preamble has "
+ "been removed\n");
+--
+2.20.1
+
diff -Nru
rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch
rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch
---
rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch
1970-01-01 02:00:00.0 +0200
+++
rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch
2022-01-23 20:26:28.0 +0200
@@ -0,0 +1,37 @@
+From d53b97e5dc3cc1e7464967f7ace2c2bcda6bc938 Mon Sep 17 00:00:00 2001
+From: Rainer Gerhards
+Date: Fri, 27 Sep 2019 15:02:52 +0200
+Subject: pmcisconames bugfix: potential misadressing
+
+---
+ contrib/pmcisconames/pmcisconames.c | 7 ++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/contrib/pmcisconames/pmcisconames.c
b/contrib/pmcisconames/pmcisconames.c
+index 7f376ad17..39506ce59 100644
+--- a/contrib/pmcisconames/pmcisconames.c
b/contrib/pmcisconames/pmcisconames.c
+@@ -119,6 +119,11 @@ CODESTARTparse
+ --lenMsg;
+ ++p2parse;
+ }
++ /* Note: we deliberately count the 0-byte below because we need to go
chars+1! */
++ if(lenMsg < (int) sizeof(OpeningText)) {
++ dbgprintf("pmcisconames: too short for being cisco messages\n");
++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++ }
+ /* skip the space after the hostname */
+ lenMsg -=1;
+ p2parse +=1;
+@@ -126,7 +131,7 @@ CODESTARTparse
+ log and fix it */
+ if(strncasecmp((char*) p2parse, OpeningText, sizeof(OpeningText)-1) !=
0) {
+ /* wrong opening text */
+- DBGPRINTF("not a cisco name mangled log!\n");
++ DBGPRINTF("not a cisco name mangled log!\n");
+ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
+ }
+ /* bump the message portion up by
Bug#1004261: buster-pu: package opensc/0.19.0-1+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Debian OpenSC Maintainers
, t...@security.debian.org
* CVE-2019-15945: Out-of-bounds access of an ASN.1 Bitstring.
(Closes: #939668)
* CVE-2019-15946: Out-of-bounds access of an ASN.1 Octet string.
(Closes: #939669)
* CVE-2019-19479: Incorrect read operation in the Setec driver.
(Closes: #947383)
* CVE-2019-20792: Double free in the Coolkey driver.
* CVE-2020-26570: Heap-based buffer overflow in the Oberthur driver.
(Closes: #972037)
* CVE-2020-26571: Stack-based buffer overflow in the GPK driver.
(Closes: #972036)
* CVE-2020-26572: Stack-based buffer overflow in the TCOS driver.
(Closes: #972035)
diff -Nru opensc-0.19.0/debian/changelog opensc-0.19.0/debian/changelog
--- opensc-0.19.0/debian/changelog 2018-09-30 23:26:03.0 +0300
+++ opensc-0.19.0/debian/changelog 2022-01-23 19:32:38.0 +0200
@@ -1,3 +1,22 @@
+opensc (0.19.0-1+deb10u1) buster; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2019-15945: Out-of-bounds access of an ASN.1 Bitstring.
+(Closes: #939668)
+ * CVE-2019-15946: Out-of-bounds access of an ASN.1 Octet string.
+(Closes: #939669)
+ * CVE-2019-19479: Incorrect read operation in the Setec driver.
+(Closes: #947383)
+ * CVE-2019-20792: Double free in the Coolkey driver.
+ * CVE-2020-26570: Heap-based buffer overflow in the Oberthur driver.
+(Closes: #972037)
+ * CVE-2020-26571: Stack-based buffer overflow in the GPK driver.
+(Closes: #972036)
+ * CVE-2020-26572: Stack-based buffer overflow in the TCOS driver.
+(Closes: #972035)
+
+ -- Adrian Bunk Sun, 23 Jan 2022 19:32:38 +0200
+
opensc (0.19.0-1) unstable; urgency=medium
* New upstream release (Closes: 908363, 909444)
diff -Nru
opensc-0.19.0/debian/patches/0001-fixed-out-of-bounds-access-of-ASN.1-Bitstring.patch
opensc-0.19.0/debian/patches/0001-fixed-out-of-bounds-access-of-ASN.1-Bitstring.patch
---
opensc-0.19.0/debian/patches/0001-fixed-out-of-bounds-access-of-ASN.1-Bitstring.patch
1970-01-01 02:00:00.0 +0200
+++
opensc-0.19.0/debian/patches/0001-fixed-out-of-bounds-access-of-ASN.1-Bitstring.patch
2022-01-23 19:32:38.0 +0200
@@ -0,0 +1,42 @@
+From 0509b2f61ca948312a15d18712a130f7bffd512e Mon Sep 17 00:00:00 2001
+From: Frank Morgner
+Date: Tue, 27 Aug 2019 15:17:17 +0200
+Subject: fixed out of bounds access of ASN.1 Bitstring
+
+Credit to OSS-Fuzz
+---
+ src/libopensc/asn1.c | 12
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/src/libopensc/asn1.c b/src/libopensc/asn1.c
+index 3262ed80..fd972238 100644
+--- a/src/libopensc/asn1.c
b/src/libopensc/asn1.c
+@@ -570,16 +570,20 @@ static int decode_bit_string(const u8 * inbuf, size_t
inlen, void *outbuf,
+ {
+ const u8 *in = inbuf;
+ u8 *out = (u8 *) outbuf;
+- int zero_bits = *in & 0x07;
+- size_t octets_left = inlen - 1;
+ int i, count = 0;
++ int zero_bits;
++ size_t octets_left;
+
+- memset(outbuf, 0, outlen);
+- in++;
+ if (outlen < octets_left)
+ return SC_ERROR_BUFFER_TOO_SMALL;
+ if (inlen < 1)
+ return SC_ERROR_INVALID_ASN1_OBJECT;
++
++ zero_bits = *in & 0x07;
++ octets_left = inlen - 1;
++ in++;
++ memset(outbuf, 0, outlen);
++
+ while (octets_left) {
+ /* 1st octet of input: ABCDEFGH, where A is the MSB */
+ /* 1st octet of output: HGFEDCBA, where A is the LSB */
+--
+2.20.1
+
diff -Nru opensc-0.19.0/debian/patches/0002-fixed-compiler-warning.patch
opensc-0.19.0/debian/patches/0002-fixed-compiler-warning.patch
--- opensc-0.19.0/debian/patches/0002-fixed-compiler-warning.patch
1970-01-01 02:00:00.0 +0200
+++ opensc-0.19.0/debian/patches/0002-fixed-compiler-warning.patch
2022-01-23 19:32:38.0 +0200
@@ -0,0 +1,36 @@
+From 28869a7bd4fd928b498638fff27b76b56e58f4d6 Mon Sep 17 00:00:00 2001
+From: Frank Morgner
+Date: Tue, 27 Aug 2019 15:27:15 +0200
+Subject: fixed compiler warning
+
+---
+ src/libopensc/asn1.c | 9 -
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/src/libopensc/asn1.c b/src/libopensc/asn1.c
+index fd972238..10572292 100644
+--- a/src/libopensc/asn1.c
b/src/libopensc/asn1.c
+@@ -574,15 +574,14 @@ static int decode_bit_string(const u8 * inbuf, size_t
inlen, void *outbuf,
+ int zero_bits;
+ size_t octets_left;
+
+- if (outlen < octets_left)
+- return SC_ERROR_BUFFER_TOO_SMALL;
+ if (inlen < 1)
+ return SC_ERROR_INVALID_ASN1_OBJECT;
+-
++ memset(outbuf, 0, outlen);
+ zero_bits = *in & 0x07;
+- octets_left = inlen - 1;
+ in++;
+- memset(outbuf, 0, outlen);
++ octets_left = inlen - 1;
++ if (outlen < octets_left)
++ return SC_ERROR_BUFFER_TOO_SMALL;
+
+ while
Bug#1004121: nmu: libgsf_1.14.47-1+b1
Control: tags -1 moreinfo
On 2022-01-21 10:33:22 +0100, Laurent Bigonville wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: binnmu
>
> Hello,
>
> Apparently libgsf-1-dev in the archive is not co-installable due to the
> documentation (see #814502)
Are you sue that this bug is still present? The binaries from the last
binNMU (1.14.47-1+) only differ in /usr/lib/${DEB_HOST_MULTIARCH} which
is to be expected.
Cheers
>
> I quickly tried to rebuild the package in amd64 and i386 and it seems
> that the documentation in the -dev package is now identical, so
> something has been fixed somewhere else.
>
> Could you please schedule a binNMU so the package is co-installable?
>
> Kind regards,
> Laurent Bigonville
>
> nmu libgsf_1.14.47-1+b1 . ANY . unstable . -m "Rebuild to fix multi-arch
> co-installation"
--
Sebastian Ramacher
signature.asc
Description: PGP signature
Processed: Re: Bug#1004121: nmu: libgsf_1.14.47-1+b1
Processing control commands: > tags -1 moreinfo Bug #1004121 [release.debian.org] nmu: libgsf_1.14.47-1+b1 Added tag(s) moreinfo. -- 1004121: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004121 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1004056: buster-pu: package libsdl1.2/1.2.15+dfsg2-4+deb10u1
On Wed, Jan 19, 2022 at 10:53:23PM +, Thorsten Alteholz wrote:
>...
> +libsdl1.2 (1.2.15+dfsg2-4+deb10u1) buster; urgency=medium
> +
> + * Non-maintainer upload by the LTS Team.
> + * CVE-2019-7572: Buffer over-read in IMA_ADPCM_nibble
> +in audio/SDL_wave.c.
> + * CVE-2019-7573: Heap-based buffer over-read in InitMS_ADPCM
> +in audio/SDL_wave.c.
> + * CVE-2019-7574: Heap-based buffer over-read in IMA_ADPCM_decode
> +in audio/SDL_wave.c.
> + * CVE-2019-7575: Heap-based buffer overflow in MS_ADPCM_decode
> +in audio/SDL_wave.c.
> + * CVE-2019-7576: Heap-based buffer over-read in InitMS_ADPCM
> +in audio/SDL_wave.c.
> + * CVE-2019-7577: Buffer over-read in SDL_LoadWAV_RW
> +in audio/SDL_wave.c.
> + * CVE-2019-7578: Heap-based buffer over-read in InitIMA_ADPCM
> +in audio/SDL_wave.c.
> + * CVE-2019-7635: Heap-based buffer over-read in Blit1to4
> +in video/SDL_blit_1.c.
> + * CVE-2019-7636: Heap-based buffer over-read in SDL_GetRGB
> +in video/SDL_pixels.c.
> + * CVE-2019-7637: Heap-based buffer overflow in SDL_FillRect
> +in video/SDL_surface.c.
> + * CVE-2019-7638: Heap-based buffer over-read in Map1toN
> +in video/SDL_pixels.c.
> + * CVE-2019-13616: Heap-based buffer over-read in BlitNtoN
> +in video/SDL_blit_N.c.
> +(patches prepared for LTS by Adrian Bunk)
> +
> + -- Thorsten Alteholz Wed, 19 Jan 2022 23:03:02 +0100
>...
I'd suggest backporting the bullseye/bookworm/sid version instead.
Additional changes are:
* One patch has a different name.
[ Debian Janitor ]
* Trim trailing whitespace.
* Re-export upstream signing key without extra signatures.
[ Maximilian Engelhardt ]
* SDL_x11events.c: properly handle input focus events (Closes: #980253)
#980253 is a regression due to a change in the X server in buster,
so desirable to include.
Everything else is just harmless noise.
The only open bug in the BTS against a post-buster version is #981204
("drop unused Build-Depends").
diffstat compared to buster:
changelog | 26 ++
control|2
patches/CVE-2019-13616.patch | 22 ++
patches/CVE-2019-7572_CVE-2019-7574.patch | 105 ++
patches/CVE-2019-7573.patch| 66 ++
patches/CVE-2019-7575_7577.patch | 78 +++
patches/CVE-2019-7577-1_2.patch| 32 +++
patches/CVE-2019-7578.patch| 53 +
patches/CVE-2019-7635_636_638.patch| 81
patches/CVE-2019-7637-2.patch | 46
patches/CVE-2019-7637.patch| 207 +
patches/properly_handle_focus_events.patch | 44
patches/series | 10 +
upstream/signing-key.asc | 57 +
14 files changed, 781 insertions(+), 48 deletions(-)
diffstat compared to your proposed update:
changelog | 51 --
control|2
patches/CVE-2019-7637-2.patch | 46
patches/CVE-2019-7637-followup.patch | 37 -
patches/properly_handle_focus_events.patch | 44
patches/series |5 -
upstream/signing-key.asc | 57 +++--
7 files changed, 126 insertions(+), 116 deletions(-)
Both debdiffs are attached.
cu
Adrian
diff -Nru libsdl1.2-1.2.15+dfsg2/debian/changelog
libsdl1.2-1.2.15+dfsg2/debian/changelog
--- libsdl1.2-1.2.15+dfsg2/debian/changelog 2022-01-20 00:03:02.0
+0200
+++ libsdl1.2-1.2.15+dfsg2/debian/changelog 2021-02-18 09:52:57.0
+0200
@@ -1,33 +1,28 @@
-libsdl1.2 (1.2.15+dfsg2-4+deb10u1) buster; urgency=medium
+libsdl1.2 (1.2.15+dfsg2-6) unstable; urgency=medium
- * Non-maintainer upload by the LTS Team.
- * CVE-2019-7572: Buffer over-read in IMA_ADPCM_nibble
-in audio/SDL_wave.c.
- * CVE-2019-7573: Heap-based buffer over-read in InitMS_ADPCM
-in audio/SDL_wave.c.
- * CVE-2019-7574: Heap-based buffer over-read in IMA_ADPCM_decode
-in audio/SDL_wave.c.
- * CVE-2019-7575: Heap-based buffer overflow in MS_ADPCM_decode
-in audio/SDL_wave.c.
- * CVE-2019-7576: Heap-based buffer over-read in InitMS_ADPCM
-in audio/SDL_wave.c.
- * CVE-2019-7577: Buffer over-read in SDL_LoadWAV_RW
-in audio/SDL_wave.c.
- * CVE-2019-7578: Heap-based buffer over-read in InitIMA_ADPCM
-in audio/SDL_wave.c.
- * CVE-2019-7635: Heap-based buffer over-read in Blit1to4
-in video/SDL_blit_1.c.
- * CVE-2019-7636: Heap-based buffer over-read in SDL_GetRGB
-in video/SDL_pixels.c.
- * CVE-2019-7637: Heap-based buffer overflow in SDL_FillRect
-in video/SDL_surface.c.
- * CVE-2019-7638: Heap-based buffer over-read in Map1toN
-in video/SDL_pixels.c.
- * CVE-2019-13616: Heap-based buffer over-read in BlitNtoN
-in video/SDL_blit_N.c.
-(patches
Bug#1004249: buster-pu: package weechat/2.3-1+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Emmanuel Bouthenot , t...@security.debian.org
* CVE-2020-8955: A crafted irc message 324 (channel mode) could
result in a crash. (Closes: #951289)
* CVE-2020-9759: A crafted irc message 352 (who) could result
in a crash.
* CVE-2020-9760: A crafted irc message 005 (setting a new mode
for a nick) could result in a crash.
* CVE-2021-40516: A crafted WebSocket frame could result in a crash
in the Relay plugin. (Closes: #993803)
diff -Nru weechat-2.3/debian/changelog weechat-2.3/debian/changelog
--- weechat-2.3/debian/changelog2019-01-04 18:06:44.0 +0200
+++ weechat-2.3/debian/changelog2022-01-23 16:02:29.0 +0200
@@ -1,3 +1,17 @@
+weechat (2.3-1+deb10u1) buster; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2020-8955: A crafted irc message 324 (channel mode) could
+result in a crash. (Closes: #951289)
+ * CVE-2020-9759: A crafted irc message 352 (who) could result
+in a crash.
+ * CVE-2020-9760: A crafted irc message 005 (setting a new mode
+for a nick) could result in a crash.
+ * CVE-2021-40516: A crafted WebSocket frame could result in a crash
+in the Relay plugin. (Closes: #993803)
+
+ -- Adrian Bunk Sun, 23 Jan 2022 16:02:29 +0200
+
weechat (2.3-1) unstable; urgency=medium
* New upstream release
diff -Nru
weechat-2.3/debian/patches/0001-irc-fix-crash-when-receiving-a-malformed-message-324.patch
weechat-2.3/debian/patches/0001-irc-fix-crash-when-receiving-a-malformed-message-324.patch
---
weechat-2.3/debian/patches/0001-irc-fix-crash-when-receiving-a-malformed-message-324.patch
1970-01-01 02:00:00.0 +0200
+++
weechat-2.3/debian/patches/0001-irc-fix-crash-when-receiving-a-malformed-message-324.patch
2022-01-23 16:00:54.0 +0200
@@ -0,0 +1,47 @@
+From db4ffe7ccf4b0654cca6993ecaecd5b86070c658 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=A9bastien=20Helleu?=
+Date: Sat, 8 Feb 2020 20:24:50 +0100
+Subject: irc: fix crash when receiving a malformed message 324 (channel mode)
+
+Thanks to Stuart Nevans Locke for reporting the issue.
+---
+ src/plugins/irc/irc-mode.c | 21 -
+ 1 file changed, 12 insertions(+), 9 deletions(-)
+
+diff --git a/src/plugins/irc/irc-mode.c b/src/plugins/irc/irc-mode.c
+index b5d525c6c..5381bfda6 100644
+--- a/src/plugins/irc/irc-mode.c
b/src/plugins/irc/irc-mode.c
+@@ -177,17 +177,20 @@ irc_mode_channel_update (struct t_irc_server *server,
+ current_arg++;
+ if (pos[0] == chanmode)
+ {
+-chanmode_found = 1;
+-if (set_flag == '+')
++if (!chanmode_found)
+ {
+-str_mode[0] = pos[0];
+-str_mode[1] = '\0';
+-strcat (new_modes, str_mode);
+-if (argument)
++chanmode_found = 1;
++if (set_flag == '+')
+ {
+-if (new_args[0])
+-strcat (new_args, " ");
+-strcat (new_args, argument);
++str_mode[0] = pos[0];
++str_mode[1] = '\0';
++strcat (new_modes, str_mode);
++if (argument)
++{
++if (new_args[0])
++strcat (new_args, " ");
++strcat (new_args, argument);
++}
+ }
+ }
+ }
+--
+2.20.1
+
diff -Nru
weechat-2.3/debian/patches/0002-irc-fix-crash-when-receiving-a-malformed-message-352.patch
weechat-2.3/debian/patches/0002-irc-fix-crash-when-receiving-a-malformed-message-352.patch
---
weechat-2.3/debian/patches/0002-irc-fix-crash-when-receiving-a-malformed-message-352.patch
1970-01-01 02:00:00.0 +0200
+++
weechat-2.3/debian/patches/0002-irc-fix-crash-when-receiving-a-malformed-message-352.patch
2022-01-23 16:00:54.0 +0200
@@ -0,0 +1,26 @@
+From 43a8cb9a3b9d8202465fc2b91ff36e7fe51f0a74 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=A9bastien=20Helleu?=
+Date: Fri, 14 Feb 2020 08:14:31 +0100
+Subject: irc: fix crash when receiving a malformed message 352 (who)
+
+Thanks to Stuart Nevans Locke for reporting the issue.
+---
+ src/plugins/irc/irc-protocol.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/plugins/irc/irc-protocol.c b/src/plugins/irc/irc-protocol.c
+index fb7ba870a..6bfbd5240 100644
+--- a/src/plugins/irc/irc-protocol.c
b/src/plugins/irc/irc-protocol.c
+@@ -4521,7 +4521,7 @@ IRC_PROTOCOL_CALLBACK(352)
+
+ if (argc > 8)
+ {
+-arg_start = (strcmp (argv[8],
Bug#1004247: bullseye-pu: package weechat/3.0-1+deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Emmanuel Bouthenot , t...@security.debian.org
* CVE-2021-40516: A crafted WebSocket frame could result in a crash
in the Relay plugin. (Closes: #993803)
diff -Nru weechat-3.0/debian/changelog weechat-3.0/debian/changelog
--- weechat-3.0/debian/changelog2020-11-21 09:34:12.0 +0200
+++ weechat-3.0/debian/changelog2022-01-23 16:29:14.0 +0200
@@ -1,3 +1,11 @@
+weechat (3.0-1+deb11u1) bullseye; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2021-40516: A crafted WebSocket frame could result in a crash
+in the Relay plugin. (Closes: #993803)
+
+ -- Adrian Bunk Sun, 23 Jan 2022 16:29:14 +0200
+
weechat (3.0-1) unstable; urgency=medium
* New upstream release
diff -Nru
weechat-3.0/debian/patches/0001-relay-fix-crash-when-decoding-a-malformed-websocket-.patch
weechat-3.0/debian/patches/0001-relay-fix-crash-when-decoding-a-malformed-websocket-.patch
---
weechat-3.0/debian/patches/0001-relay-fix-crash-when-decoding-a-malformed-websocket-.patch
1970-01-01 02:00:00.0 +0200
+++
weechat-3.0/debian/patches/0001-relay-fix-crash-when-decoding-a-malformed-websocket-.patch
2022-01-23 16:29:14.0 +0200
@@ -0,0 +1,64 @@
+From ede4582879f31cc29be54fdcdf8bc168dc7ea6e3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=A9bastien=20Helleu?=
+Date: Sat, 4 Sep 2021 23:09:19 +0200
+Subject: relay: fix crash when decoding a malformed websocket frame
+
+---
+ src/plugins/relay/relay-websocket.c | 16 +++-
+ 1 file changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/src/plugins/relay/relay-websocket.c
b/src/plugins/relay/relay-websocket.c
+index e3b768d0a..789f67e20 100644
+--- a/src/plugins/relay/relay-websocket.c
b/src/plugins/relay/relay-websocket.c
+@@ -278,7 +278,7 @@ relay_websocket_decode_frame (const unsigned char *buffer,
+ index_buffer = 0;
+
+ /* loop to decode all frames in message */
+-while (index_buffer + 2 <= buffer_length)
++while (index_buffer + 1 < buffer_length)
+ {
+ opcode = buffer[index_buffer] & 15;
+
+@@ -293,10 +293,12 @@ relay_websocket_decode_frame (const unsigned char
*buffer,
+ length_frame_size = 1;
+ length_frame = buffer[index_buffer + 1] & 127;
+ index_buffer += 2;
++if (index_buffer >= buffer_length)
++return 0;
+ if ((length_frame == 126) || (length_frame == 127))
+ {
+ length_frame_size = (length_frame == 126) ? 2 : 8;
+-if (buffer_length < 1 + length_frame_size)
++if (index_buffer + length_frame_size > buffer_length)
+ return 0;
+ length_frame = 0;
+ for (i = 0; i < length_frame_size; i++)
+@@ -306,10 +308,9 @@ relay_websocket_decode_frame (const unsigned char *buffer,
+ index_buffer += length_frame_size;
+ }
+
+-if (buffer_length < 1 + length_frame_size + 4 + length_frame)
+-return 0;
+-
+ /* read masks (4 bytes) */
++if (index_buffer + 4 > buffer_length)
++return 0;
+ int masks[4];
+ for (i = 0; i < 4; i++)
+ {
+@@ -333,6 +334,11 @@ relay_websocket_decode_frame (const unsigned char *buffer,
+ *decoded_length += 1;
+
+ /* decode data using masks */
++if ((length_frame > buffer_length)
++|| (index_buffer + length_frame > buffer_length))
++{
++return 0;
++}
+ for (i = 0; i < length_frame; i++)
+ {
+ decoded[*decoded_length + i] = (int)((unsigned
char)buffer[index_buffer + i]) ^ masks[i % 4];
+--
+2.20.1
+
diff -Nru weechat-3.0/debian/patches/series weechat-3.0/debian/patches/series
--- weechat-3.0/debian/patches/series 2020-04-04 12:31:17.0 +0300
+++ weechat-3.0/debian/patches/series 2022-01-23 16:29:14.0 +0200
@@ -1 +1,2 @@
01_fix_asciidoctor_options.patch
+0001-relay-fix-crash-when-decoding-a-malformed-websocket-.patch
Bug#1004144: transition: mbedtls
Control: forwarded -1 https://release.debian.org/transitions/html/auto-mbedtls.html Control: tags -1 confirmed On 2022-01-21 18:09:32 +0100, Andrea Pappacoda wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > > Hi, I'm trying to transition the MbedTLS library to the latest supported LTS > version, bumping the version from 2.16 to 2.28. All the libraries received a > SONAME bump, and only some really minor API incompatibilities were introduced. > I tested all the reverse dependencies of the library and all the ones that > built fine before still build fine now. Some of them fail to build, but they > also failed before upgrading MbedTLS; here's the list of currently failing > packages: > > bctoolbox, #983985 > charybdis, #978782 > dolphin-emu, #976530 > haxe, unsatisfiable build dependencies > srslte, #993701 > julia, segmentation fault during tests (happens also when not using MbedTLS > 2.28, maybe it's an issue of my computer) > > My sponsor, Wookey, is going to take a look at the failing packages to see if > MbedTLS 2.28 introduces additional build issues for the already failing > packages (e.g. building bctoolbox with gcc-10). > > This is the first time I do something like this, I hope I have not messed up > anything :) Please go ahead Cheers > > Ben file: > > title = "mbedtls"; > is_affected = .depends ~ "libmbedcrypto3" | .depends ~ "libmbedtls12" | > .depends ~ "libmbedx509-0" | .depends ~ "libmbedcrypto7" | .depends ~ > "libmbedtls14" | .depends ~ "libmbedx509-1"; > is_good = .depends ~ "libmbedcrypto7" | .depends ~ "libmbedtls14" | .depends ~ > "libmbedx509-1"; > is_bad = .depends ~ "libmbedcrypto3" | .depends ~ "libmbedtls12" | .depends ~ > "libmbedx509-0"; > > > -- Sebastian Ramacher signature.asc Description: PGP signature
Processed: Re: Bug#1004144: transition: mbedtls
Processing control commands: > forwarded -1 https://release.debian.org/transitions/html/auto-mbedtls.html Bug #1004144 [release.debian.org] transition: mbedtls Set Bug forwarded-to-address to 'https://release.debian.org/transitions/html/auto-mbedtls.html'. > tags -1 confirmed Bug #1004144 [release.debian.org] transition: mbedtls Added tag(s) confirmed. -- 1004144: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004144 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1003176: transition: perl 5.34
Control: block -1 by 1002681 Control: forwarded -1 https://release.debian.org/transitions/html/perl-5.34.html On 2022-01-05 17:00:54 +, Niko Tyni wrote: > Package: release.debian.org > User: release.debian@packages.debian.org > Usertags: transition > X-Debbugs-Cc: debian-p...@lists.debian.org, p...@packages.debian.org > Control: block -1 with 1002093 997267 997189 > > Hi, > > we'd like a transition slot for Perl 5.34. > > Should have done this months ago, but real life has interfered. Sorry > about that. > > Perl 5.36 is scheluded for May or so, and I expect that will be our target > for bookworm. Nevertheless, it's probably best to do this incrementally > and have a 5.34 transition now in case 5.36 turns out to be difficult > for some reason. > > The changes in 5.34 are quite small, as upstream spent most of that > release cycle planning Perl 7 (which did not quite work out.) This > reflects in the very low number regressions we found in our test > rebuilds, visible at > > > https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=perl-5.34-transition;users=debian-p...@lists.debian.org > > with just one bug open (openscap, not in testing). > > I did a full archive test rebuild back in May, and partial test rebuilds > in August. Coming back to this now, I've done another round of test > rebuilds for those packages that will need binNMUs. I don't think another > full round is necessary: it seems unlikely that the other packages might > have introduced any Perl 5.34 related regressions in the meantime. > > There's a few packages that have unrelated build failures in current sid. > I'm marking the ones in testing as blockers for this. Some packages are also involved in the ongoing ocaml transition. So let's wait for ocaml to be done. Cheers > > Not sure if this Ben file is correct but hope it helps a bit: > > title = "perl"; > is_affected = .depends ~ "libperl5.32|perlapi-5.32" | .pre-depends ~ > "libperl5.32|perlapi-5.32"; > is_good = .depends ~ "libperl5.34|perlapi-5.34" | .pre-depends ~ > "libperl5.34|perlapi-5.34"; > is_bad = .depends ~ "libperl5.32|perlapi-5.32" | .pre-depends ~ > "libperl5.32|perlapi-5.32"; > > Thanks for your work, > -- > Niko Tyni nt...@debian.org > -- Sebastian Ramacher signature.asc Description: PGP signature
Processed: Re: Bug#1003176: transition: perl 5.34
Processing control commands: > block -1 by 1002681 Bug #1003176 [release.debian.org] transition: perl 5.34 1003176 was blocked by: 1002093 997189 997267 1003176 was not blocking any bugs. Added blocking bug(s) of 1003176: 1002681 > forwarded -1 https://release.debian.org/transitions/html/perl-5.34.html Bug #1003176 [release.debian.org] transition: perl 5.34 Set Bug forwarded-to-address to 'https://release.debian.org/transitions/html/perl-5.34.html'. -- 1003176: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003176 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
