Bug#1002681: transition: ocaml
Le 19/01/2022 à 09:34, Sebastian Ramacher a écrit : > The libguestfs build for the php8.1 transition migrated, so this > transition can proceed. Please go ahead. 5 days later, most of packages have been rebuilt with the new OCaml. The remaining outliers are: - hol-light (#1002983): the fix is not trivial and upstream doesn't seem interested in supporting a modern toolchain, should be removed from testing for the time being - otags (#1002940): seems dead upstream, should be removed from testing for the time being - ppx-tools-versioned (#1002941), ppxfind (#1002942): they seem deprecated, should be removed from testing - sks (#1002657): a patch is available - llvm-toolchain-11 (#1002607), llvm-toolchain-12 (#1002608): the fix is trivial - eliom: a new upstream release is available, but it needs ocsipersist which is sitting in NEW... can be removed temporarily from testing if needed - nurpawiki: depends on eliom, can be removed temporarily from testing if needed - llvm-toolchain-9: not in testing... as far as I understand, should be removed from Debian altogether - why3, frama-c: not in testing... FTBFS at the moment, but should be fixed in the future Cheers, -- Stéphane
Bug#1004268: buster-pu: package libextractor/1:1.8-2+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: Daniel Baumann , t...@security.debian.org * CVE-2019-15531: Invalid read for malformed DVI files. (Closes: #935553) diff -Nru libextractor-1.8/debian/changelog libextractor-1.8/debian/changelog --- libextractor-1.8/debian/changelog 2018-12-27 20:45:49.0 +0200 +++ libextractor-1.8/debian/changelog 2022-01-23 23:10:06.0 +0200 @@ -1,3 +1,11 @@ +libextractor (1:1.8-2+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * CVE-2019-15531: Invalid read for malformed DVI files. +(Closes: #935553) + + -- Adrian Bunk Sun, 23 Jan 2022 23:10:06 +0200 + libextractor (1:1.8-2) unstable; urgency=high * Fix out-of-bounds read vulnerability in common/convert.c (Closes: #917214, diff -Nru libextractor-1.8/debian/patches/0001-fix-5846.patch libextractor-1.8/debian/patches/0001-fix-5846.patch --- libextractor-1.8/debian/patches/0001-fix-5846.patch 1970-01-01 02:00:00.0 +0200 +++ libextractor-1.8/debian/patches/0001-fix-5846.patch 2022-01-23 23:09:09.0 +0200 @@ -0,0 +1,181 @@ +From aad7a7857b815175e70e2270115a3c8cb0445765 Mon Sep 17 00:00:00 2001 +From: Christian Grothoff +Date: Fri, 23 Aug 2019 09:35:53 +0200 +Subject: fix #5846 + +--- + src/plugins/dvi_extractor.c | 88 +++-- + 1 file changed, 45 insertions(+), 43 deletions(-) + +diff --git a/src/plugins/dvi_extractor.c b/src/plugins/dvi_extractor.c +index 268b48c..e3aa450 100644 +--- a/src/plugins/dvi_extractor.c b/src/plugins/dvi_extractor.c +@@ -1,6 +1,6 @@ + /* + This file is part of libextractor. +- Copyright (C) 2002, 2003, 2004, 2012, 2017 Vidyut Samanta and Christian Grothoff ++ Copyright (C) 2002, 2003, 2004, 2012, 2017, 2019 Vidyut Samanta and Christian Grothoff + + libextractor is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published +@@ -182,6 +182,8 @@ EXTRACTOR_dvi_extract_method (struct EXTRACTOR_ExtractContext *ec) + size = ec->get_size (ec->cls); + if (size > 16 * 1024 * 1024) + return; /* too large */ ++ if (klen + 15 > size) ++return; /* malformed klen */ + if (NULL == (data = malloc ((size_t) size))) + return; /* out of memory */ + memcpy (data, buf, iret); +@@ -189,16 +191,16 @@ EXTRACTOR_dvi_extract_method (struct EXTRACTOR_ExtractContext *ec) + while (off < size) + { + if (0 >= (iret = ec->read (ec->cls, , 16 * 1024))) +- { +-free (data); +-return; +- } ++{ ++ free (data); ++ return; ++} + memcpy ([off], buf, iret); + off += iret; + } + pos = size - 1; + while ( (223 == data[pos]) && +-(pos > 0) ) ++ (pos > 0) ) + pos--; + if ( (2 != data[pos]) || +(pos < 40) ) +@@ -225,9 +227,9 @@ EXTRACTOR_dvi_extract_method (struct EXTRACTOR_ExtractContext *ec) + break; + if ( (pos + 45 > size) || + (pos + 45 < pos) ) +- goto CLEANUP; ++goto CLEANUP; + if (data[pos] != 139) /* expect 'bop' */ +- goto CLEANUP; ++goto CLEANUP; + pageCount++; + opos = pos; + pos = getIntAt ([opos + 41]); +@@ -238,24 +240,24 @@ EXTRACTOR_dvi_extract_method (struct EXTRACTOR_ExtractContext *ec) + } + /* ok, now we believe it's a dvi... */ + snprintf (pages, +- sizeof (pages), +- "%u", +- pageCount); ++sizeof (pages), ++"%u", ++pageCount); + if (0 != ec->proc (ec->cls, +- "dvi", +- EXTRACTOR_METATYPE_PAGE_COUNT, +- EXTRACTOR_METAFORMAT_UTF8, +- "text/plain", +- pages, +- strlen (pages) + 1)) ++ "dvi", ++ EXTRACTOR_METATYPE_PAGE_COUNT, ++ EXTRACTOR_METAFORMAT_UTF8, ++ "text/plain", ++ pages, ++ strlen (pages) + 1)) + goto CLEANUP; + if (0 != ec->proc (ec->cls, +- "dvi", +- EXTRACTOR_METATYPE_MIMETYPE, +- EXTRACTOR_METAFORMAT_UTF8, +- "text/plain", +- "application/x-dvi", +- strlen ("application/x-dvi") + 1)) ++ "dvi", ++ EXTRACTOR_METATYPE_MIMETYPE, ++ EXTRACTOR_METAFORMAT_UTF8, ++ "text/plain", ++ "application/x-dvi", ++ strlen ("application/x-dvi") + 1)) + goto CLEANUP; + { + char comment[klen + 1]; +@@ -263,18 +265,18 @@ EXTRACTOR_dvi_extract_method (struct EXTRACTOR_ExtractContext *ec) + comment[klen] = '\0'; + memcpy (comment, [15], klen); + if (0 != ec->proc (ec->cls, +-
Bug#1004267: buster-pu: package libpcap/1.8.1-6+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: Romain Francoise , t...@security.debian.org * CVE-2019-15165: Improper PHB header length validation. (Closes: #941697) diff -Nru libpcap-1.8.1/debian/changelog libpcap-1.8.1/debian/changelog --- libpcap-1.8.1/debian/changelog 2017-12-31 17:56:33.0 +0200 +++ libpcap-1.8.1/debian/changelog 2022-01-23 23:00:19.0 +0200 @@ -1,3 +1,11 @@ +libpcap (1.8.1-6+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * CVE-2019-15165: Improper PHB header length validation. +(Closes: #941697) + + -- Adrian Bunk Sun, 23 Jan 2022 23:00:19 +0200 + libpcap (1.8.1-6) unstable; urgency=medium * debian/watch: add pgpsigurlmangle option. diff -Nru libpcap-1.8.1/debian/patches/0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch libpcap-1.8.1/debian/patches/0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch --- libpcap-1.8.1/debian/patches/0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch 1970-01-01 02:00:00.0 +0200 +++ libpcap-1.8.1/debian/patches/0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch 2022-01-23 23:00:07.0 +0200 @@ -0,0 +1,53 @@ +From 7ef51510ab5b337cb8b34e1dbe9c9a64fc2c20b9 Mon Sep 17 00:00:00 2001 +From: Michael Richardson +Date: Fri, 20 Sep 2019 11:02:00 -0400 +Subject: do sanity checks on PHB header length before allocating memory. There + was no fault; but doing the check results in a more consistent error + +--- + sf-pcap-ng.c | 13 - + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/sf-pcap-ng.c b/sf-pcap-ng.c +index 0c02829e..860487b7 100644 +--- a/sf-pcap-ng.c b/sf-pcap-ng.c +@@ -102,7 +102,7 @@ struct option_header { + * Section Header Block. + */ + #define BT_SHB0x0A0D0D0A +- ++#define BT_SHB_INSANE_MAX 1024U*1024U*1U /* 1MB should be enough */ + struct section_header_block { + bpf_u_int32 byte_order_magic; + u_short major_version; +@@ -247,7 +247,7 @@ read_bytes(FILE *fp, void *buf, size_t bytes_to_read, int fail_on_eof, + if (amt_read == 0 && !fail_on_eof) + return (0); /* EOF */ + pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, +- "truncated dump file; tried to read %lu bytes, only got %lu", ++ "truncated pcap-ng dump file; tried to read %lu bytes, only got %lu", + (unsigned long)bytes_to_read, + (unsigned long)amt_read); + } +@@ -798,11 +798,14 @@ pcap_ng_check_header(bpf_u_int32 magic, FILE *fp, u_int precision, char *errbuf, + /* +* Check the sanity of the total length. +*/ +- if (total_length < sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer)) { ++ if (total_length < sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer) || ++(total_length > BT_SHB_INSANE_MAX)) { + pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, +- "Section Header Block in pcap-ng dump file has a length of %u < %lu", ++ "Section Header Block in pcap-ng dump file has invalid length %lu < _%u_ < %u (BT_SHB_INSANE_MAX)", ++ (unsigned long)(sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer)), + total_length, +- (unsigned long)(sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer))); ++ BT_SHB_INSANE_MAX); ++ + *err = 1; + return (NULL); + } +-- +2.20.1 + diff -Nru libpcap-1.8.1/debian/patches/series libpcap-1.8.1/debian/patches/series --- libpcap-1.8.1/debian/patches/series 2017-12-31 17:31:01.0 +0200 +++ libpcap-1.8.1/debian/patches/series 2022-01-23 23:00:17.0 +0200 @@ -8,3 +8,4 @@ disable-remote.diff man-errors.diff pcap-config.diff +0001-do-sanity-checks-on-PHB-header-length-before-allocat.patch
Bug#1004265: buster-pu: package rsyslog/8.1901.0-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: Michael Biebl , t...@security.debian.org * CVE-2019-17041: Heap overflow in the AIX message parser. (Closes: #942067) * CVE-2019-17042: Heap overflow in the Cisco log message parser. (Closes: #942065) diff -Nru rsyslog-8.1901.0/debian/changelog rsyslog-8.1901.0/debian/changelog --- rsyslog-8.1901.0/debian/changelog 2019-02-26 19:43:39.0 +0200 +++ rsyslog-8.1901.0/debian/changelog 2022-01-23 20:27:01.0 +0200 @@ -1,3 +1,13 @@ +rsyslog (8.1901.0-1+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * CVE-2019-17041: Heap overflow in the AIX message parser. +(Closes: #942067) + * CVE-2019-17042: Heap overflow in the Cisco log message parser. +(Closes: #942065) + + -- Adrian Bunk Sun, 23 Jan 2022 20:27:01 +0200 + rsyslog (8.1901.0-1) unstable; urgency=medium * New upstream version 8.1901.0 diff -Nru rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch --- rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch 1970-01-01 02:00:00.0 +0200 +++ rsyslog-8.1901.0/debian/patches/0001-pmaixforwardedfrom-bugfix-potential-misadressing.patch 2022-01-23 20:26:28.0 +0200 @@ -0,0 +1,39 @@ +From de51d602532835caafa401401424b61354f404fc Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards +Date: Fri, 27 Sep 2019 13:36:02 +0200 +Subject: pmaixforwardedfrom bugfix: potential misadressing + +--- + contrib/pmaixforwardedfrom/pmaixforwardedfrom.c | 9 + + 1 file changed, 9 insertions(+) + +diff --git a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c +index 37157c7d4..ebf12ebbe 100644 +--- a/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c b/contrib/pmaixforwardedfrom/pmaixforwardedfrom.c +@@ -109,6 +109,10 @@ CODESTARTparse + /* bump the message portion up by skipLen(23 or 5) characters to overwrite the "Message forwarded from + " or "From " with the hostname */ + lenMsg -=skipLen; ++ if(lenMsg < 2) { ++ dbgprintf("not a AIX message forwarded from message has nothing after header\n"); ++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE); ++ } + memmove(p2parse, p2parse + skipLen, lenMsg); + *(p2parse + lenMsg) = '\n'; + *(p2parse + lenMsg + 1) = '\0'; +@@ -120,6 +124,11 @@ really an AIX log, but has a similar preamble */ + --lenMsg; + ++p2parse; + } ++ if (lenMsg < 1) { ++ dbgprintf("not a AIX message forwarded from message has nothing after colon " ++ "or no colon at all\n"); ++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE); ++ } + if (lenMsg && *p2parse != ':') { + DBGPRINTF("not a AIX message forwarded from mangled log but similar enough that the preamble has " + "been removed\n"); +-- +2.20.1 + diff -Nru rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch --- rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch 1970-01-01 02:00:00.0 +0200 +++ rsyslog-8.1901.0/debian/patches/0002-pmcisconames-bugfix-potential-misadressing.patch 2022-01-23 20:26:28.0 +0200 @@ -0,0 +1,37 @@ +From d53b97e5dc3cc1e7464967f7ace2c2bcda6bc938 Mon Sep 17 00:00:00 2001 +From: Rainer Gerhards +Date: Fri, 27 Sep 2019 15:02:52 +0200 +Subject: pmcisconames bugfix: potential misadressing + +--- + contrib/pmcisconames/pmcisconames.c | 7 ++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/contrib/pmcisconames/pmcisconames.c b/contrib/pmcisconames/pmcisconames.c +index 7f376ad17..39506ce59 100644 +--- a/contrib/pmcisconames/pmcisconames.c b/contrib/pmcisconames/pmcisconames.c +@@ -119,6 +119,11 @@ CODESTARTparse + --lenMsg; + ++p2parse; + } ++ /* Note: we deliberately count the 0-byte below because we need to go chars+1! */ ++ if(lenMsg < (int) sizeof(OpeningText)) { ++ dbgprintf("pmcisconames: too short for being cisco messages\n"); ++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE); ++ } + /* skip the space after the hostname */ + lenMsg -=1; + p2parse +=1; +@@ -126,7 +131,7 @@ CODESTARTparse + log and fix it */ + if(strncasecmp((char*) p2parse, OpeningText, sizeof(OpeningText)-1) != 0) { + /* wrong opening text */ +- DBGPRINTF("not a cisco name mangled log!\n"); ++ DBGPRINTF("not a cisco name mangled log!\n"); + ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE); + } + /* bump the message portion up by
Bug#1004261: buster-pu: package opensc/0.19.0-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: Debian OpenSC Maintainers , t...@security.debian.org * CVE-2019-15945: Out-of-bounds access of an ASN.1 Bitstring. (Closes: #939668) * CVE-2019-15946: Out-of-bounds access of an ASN.1 Octet string. (Closes: #939669) * CVE-2019-19479: Incorrect read operation in the Setec driver. (Closes: #947383) * CVE-2019-20792: Double free in the Coolkey driver. * CVE-2020-26570: Heap-based buffer overflow in the Oberthur driver. (Closes: #972037) * CVE-2020-26571: Stack-based buffer overflow in the GPK driver. (Closes: #972036) * CVE-2020-26572: Stack-based buffer overflow in the TCOS driver. (Closes: #972035) diff -Nru opensc-0.19.0/debian/changelog opensc-0.19.0/debian/changelog --- opensc-0.19.0/debian/changelog 2018-09-30 23:26:03.0 +0300 +++ opensc-0.19.0/debian/changelog 2022-01-23 19:32:38.0 +0200 @@ -1,3 +1,22 @@ +opensc (0.19.0-1+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * CVE-2019-15945: Out-of-bounds access of an ASN.1 Bitstring. +(Closes: #939668) + * CVE-2019-15946: Out-of-bounds access of an ASN.1 Octet string. +(Closes: #939669) + * CVE-2019-19479: Incorrect read operation in the Setec driver. +(Closes: #947383) + * CVE-2019-20792: Double free in the Coolkey driver. + * CVE-2020-26570: Heap-based buffer overflow in the Oberthur driver. +(Closes: #972037) + * CVE-2020-26571: Stack-based buffer overflow in the GPK driver. +(Closes: #972036) + * CVE-2020-26572: Stack-based buffer overflow in the TCOS driver. +(Closes: #972035) + + -- Adrian Bunk Sun, 23 Jan 2022 19:32:38 +0200 + opensc (0.19.0-1) unstable; urgency=medium * New upstream release (Closes: 908363, 909444) diff -Nru opensc-0.19.0/debian/patches/0001-fixed-out-of-bounds-access-of-ASN.1-Bitstring.patch opensc-0.19.0/debian/patches/0001-fixed-out-of-bounds-access-of-ASN.1-Bitstring.patch --- opensc-0.19.0/debian/patches/0001-fixed-out-of-bounds-access-of-ASN.1-Bitstring.patch 1970-01-01 02:00:00.0 +0200 +++ opensc-0.19.0/debian/patches/0001-fixed-out-of-bounds-access-of-ASN.1-Bitstring.patch 2022-01-23 19:32:38.0 +0200 @@ -0,0 +1,42 @@ +From 0509b2f61ca948312a15d18712a130f7bffd512e Mon Sep 17 00:00:00 2001 +From: Frank Morgner +Date: Tue, 27 Aug 2019 15:17:17 +0200 +Subject: fixed out of bounds access of ASN.1 Bitstring + +Credit to OSS-Fuzz +--- + src/libopensc/asn1.c | 12 + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/libopensc/asn1.c b/src/libopensc/asn1.c +index 3262ed80..fd972238 100644 +--- a/src/libopensc/asn1.c b/src/libopensc/asn1.c +@@ -570,16 +570,20 @@ static int decode_bit_string(const u8 * inbuf, size_t inlen, void *outbuf, + { + const u8 *in = inbuf; + u8 *out = (u8 *) outbuf; +- int zero_bits = *in & 0x07; +- size_t octets_left = inlen - 1; + int i, count = 0; ++ int zero_bits; ++ size_t octets_left; + +- memset(outbuf, 0, outlen); +- in++; + if (outlen < octets_left) + return SC_ERROR_BUFFER_TOO_SMALL; + if (inlen < 1) + return SC_ERROR_INVALID_ASN1_OBJECT; ++ ++ zero_bits = *in & 0x07; ++ octets_left = inlen - 1; ++ in++; ++ memset(outbuf, 0, outlen); ++ + while (octets_left) { + /* 1st octet of input: ABCDEFGH, where A is the MSB */ + /* 1st octet of output: HGFEDCBA, where A is the LSB */ +-- +2.20.1 + diff -Nru opensc-0.19.0/debian/patches/0002-fixed-compiler-warning.patch opensc-0.19.0/debian/patches/0002-fixed-compiler-warning.patch --- opensc-0.19.0/debian/patches/0002-fixed-compiler-warning.patch 1970-01-01 02:00:00.0 +0200 +++ opensc-0.19.0/debian/patches/0002-fixed-compiler-warning.patch 2022-01-23 19:32:38.0 +0200 @@ -0,0 +1,36 @@ +From 28869a7bd4fd928b498638fff27b76b56e58f4d6 Mon Sep 17 00:00:00 2001 +From: Frank Morgner +Date: Tue, 27 Aug 2019 15:27:15 +0200 +Subject: fixed compiler warning + +--- + src/libopensc/asn1.c | 9 - + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/src/libopensc/asn1.c b/src/libopensc/asn1.c +index fd972238..10572292 100644 +--- a/src/libopensc/asn1.c b/src/libopensc/asn1.c +@@ -574,15 +574,14 @@ static int decode_bit_string(const u8 * inbuf, size_t inlen, void *outbuf, + int zero_bits; + size_t octets_left; + +- if (outlen < octets_left) +- return SC_ERROR_BUFFER_TOO_SMALL; + if (inlen < 1) + return SC_ERROR_INVALID_ASN1_OBJECT; +- ++ memset(outbuf, 0, outlen); + zero_bits = *in & 0x07; +- octets_left = inlen - 1; + in++; +- memset(outbuf, 0, outlen); ++ octets_left = inlen - 1; ++ if (outlen < octets_left) ++ return SC_ERROR_BUFFER_TOO_SMALL; + + while
Bug#1004121: nmu: libgsf_1.14.47-1+b1
Control: tags -1 moreinfo On 2022-01-21 10:33:22 +0100, Laurent Bigonville wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: binnmu > > Hello, > > Apparently libgsf-1-dev in the archive is not co-installable due to the > documentation (see #814502) Are you sue that this bug is still present? The binaries from the last binNMU (1.14.47-1+) only differ in /usr/lib/${DEB_HOST_MULTIARCH} which is to be expected. Cheers > > I quickly tried to rebuild the package in amd64 and i386 and it seems > that the documentation in the -dev package is now identical, so > something has been fixed somewhere else. > > Could you please schedule a binNMU so the package is co-installable? > > Kind regards, > Laurent Bigonville > > nmu libgsf_1.14.47-1+b1 . ANY . unstable . -m "Rebuild to fix multi-arch > co-installation" -- Sebastian Ramacher signature.asc Description: PGP signature
Processed: Re: Bug#1004121: nmu: libgsf_1.14.47-1+b1
Processing control commands: > tags -1 moreinfo Bug #1004121 [release.debian.org] nmu: libgsf_1.14.47-1+b1 Added tag(s) moreinfo. -- 1004121: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004121 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1004056: buster-pu: package libsdl1.2/1.2.15+dfsg2-4+deb10u1
On Wed, Jan 19, 2022 at 10:53:23PM +, Thorsten Alteholz wrote: >... > +libsdl1.2 (1.2.15+dfsg2-4+deb10u1) buster; urgency=medium > + > + * Non-maintainer upload by the LTS Team. > + * CVE-2019-7572: Buffer over-read in IMA_ADPCM_nibble > +in audio/SDL_wave.c. > + * CVE-2019-7573: Heap-based buffer over-read in InitMS_ADPCM > +in audio/SDL_wave.c. > + * CVE-2019-7574: Heap-based buffer over-read in IMA_ADPCM_decode > +in audio/SDL_wave.c. > + * CVE-2019-7575: Heap-based buffer overflow in MS_ADPCM_decode > +in audio/SDL_wave.c. > + * CVE-2019-7576: Heap-based buffer over-read in InitMS_ADPCM > +in audio/SDL_wave.c. > + * CVE-2019-7577: Buffer over-read in SDL_LoadWAV_RW > +in audio/SDL_wave.c. > + * CVE-2019-7578: Heap-based buffer over-read in InitIMA_ADPCM > +in audio/SDL_wave.c. > + * CVE-2019-7635: Heap-based buffer over-read in Blit1to4 > +in video/SDL_blit_1.c. > + * CVE-2019-7636: Heap-based buffer over-read in SDL_GetRGB > +in video/SDL_pixels.c. > + * CVE-2019-7637: Heap-based buffer overflow in SDL_FillRect > +in video/SDL_surface.c. > + * CVE-2019-7638: Heap-based buffer over-read in Map1toN > +in video/SDL_pixels.c. > + * CVE-2019-13616: Heap-based buffer over-read in BlitNtoN > +in video/SDL_blit_N.c. > +(patches prepared for LTS by Adrian Bunk) > + > + -- Thorsten Alteholz Wed, 19 Jan 2022 23:03:02 +0100 >... I'd suggest backporting the bullseye/bookworm/sid version instead. Additional changes are: * One patch has a different name. [ Debian Janitor ] * Trim trailing whitespace. * Re-export upstream signing key without extra signatures. [ Maximilian Engelhardt ] * SDL_x11events.c: properly handle input focus events (Closes: #980253) #980253 is a regression due to a change in the X server in buster, so desirable to include. Everything else is just harmless noise. The only open bug in the BTS against a post-buster version is #981204 ("drop unused Build-Depends"). diffstat compared to buster: changelog | 26 ++ control|2 patches/CVE-2019-13616.patch | 22 ++ patches/CVE-2019-7572_CVE-2019-7574.patch | 105 ++ patches/CVE-2019-7573.patch| 66 ++ patches/CVE-2019-7575_7577.patch | 78 +++ patches/CVE-2019-7577-1_2.patch| 32 +++ patches/CVE-2019-7578.patch| 53 + patches/CVE-2019-7635_636_638.patch| 81 patches/CVE-2019-7637-2.patch | 46 patches/CVE-2019-7637.patch| 207 + patches/properly_handle_focus_events.patch | 44 patches/series | 10 + upstream/signing-key.asc | 57 + 14 files changed, 781 insertions(+), 48 deletions(-) diffstat compared to your proposed update: changelog | 51 -- control|2 patches/CVE-2019-7637-2.patch | 46 patches/CVE-2019-7637-followup.patch | 37 - patches/properly_handle_focus_events.patch | 44 patches/series |5 - upstream/signing-key.asc | 57 +++-- 7 files changed, 126 insertions(+), 116 deletions(-) Both debdiffs are attached. cu Adrian diff -Nru libsdl1.2-1.2.15+dfsg2/debian/changelog libsdl1.2-1.2.15+dfsg2/debian/changelog --- libsdl1.2-1.2.15+dfsg2/debian/changelog 2022-01-20 00:03:02.0 +0200 +++ libsdl1.2-1.2.15+dfsg2/debian/changelog 2021-02-18 09:52:57.0 +0200 @@ -1,33 +1,28 @@ -libsdl1.2 (1.2.15+dfsg2-4+deb10u1) buster; urgency=medium +libsdl1.2 (1.2.15+dfsg2-6) unstable; urgency=medium - * Non-maintainer upload by the LTS Team. - * CVE-2019-7572: Buffer over-read in IMA_ADPCM_nibble -in audio/SDL_wave.c. - * CVE-2019-7573: Heap-based buffer over-read in InitMS_ADPCM -in audio/SDL_wave.c. - * CVE-2019-7574: Heap-based buffer over-read in IMA_ADPCM_decode -in audio/SDL_wave.c. - * CVE-2019-7575: Heap-based buffer overflow in MS_ADPCM_decode -in audio/SDL_wave.c. - * CVE-2019-7576: Heap-based buffer over-read in InitMS_ADPCM -in audio/SDL_wave.c. - * CVE-2019-7577: Buffer over-read in SDL_LoadWAV_RW -in audio/SDL_wave.c. - * CVE-2019-7578: Heap-based buffer over-read in InitIMA_ADPCM -in audio/SDL_wave.c. - * CVE-2019-7635: Heap-based buffer over-read in Blit1to4 -in video/SDL_blit_1.c. - * CVE-2019-7636: Heap-based buffer over-read in SDL_GetRGB -in video/SDL_pixels.c. - * CVE-2019-7637: Heap-based buffer overflow in SDL_FillRect -in video/SDL_surface.c. - * CVE-2019-7638: Heap-based buffer over-read in Map1toN -in video/SDL_pixels.c. - * CVE-2019-13616: Heap-based buffer over-read in BlitNtoN -in video/SDL_blit_N.c. -(patches
Bug#1004249: buster-pu: package weechat/2.3-1+deb10u1
Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: Emmanuel Bouthenot , t...@security.debian.org * CVE-2020-8955: A crafted irc message 324 (channel mode) could result in a crash. (Closes: #951289) * CVE-2020-9759: A crafted irc message 352 (who) could result in a crash. * CVE-2020-9760: A crafted irc message 005 (setting a new mode for a nick) could result in a crash. * CVE-2021-40516: A crafted WebSocket frame could result in a crash in the Relay plugin. (Closes: #993803) diff -Nru weechat-2.3/debian/changelog weechat-2.3/debian/changelog --- weechat-2.3/debian/changelog2019-01-04 18:06:44.0 +0200 +++ weechat-2.3/debian/changelog2022-01-23 16:02:29.0 +0200 @@ -1,3 +1,17 @@ +weechat (2.3-1+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * CVE-2020-8955: A crafted irc message 324 (channel mode) could +result in a crash. (Closes: #951289) + * CVE-2020-9759: A crafted irc message 352 (who) could result +in a crash. + * CVE-2020-9760: A crafted irc message 005 (setting a new mode +for a nick) could result in a crash. + * CVE-2021-40516: A crafted WebSocket frame could result in a crash +in the Relay plugin. (Closes: #993803) + + -- Adrian Bunk Sun, 23 Jan 2022 16:02:29 +0200 + weechat (2.3-1) unstable; urgency=medium * New upstream release diff -Nru weechat-2.3/debian/patches/0001-irc-fix-crash-when-receiving-a-malformed-message-324.patch weechat-2.3/debian/patches/0001-irc-fix-crash-when-receiving-a-malformed-message-324.patch --- weechat-2.3/debian/patches/0001-irc-fix-crash-when-receiving-a-malformed-message-324.patch 1970-01-01 02:00:00.0 +0200 +++ weechat-2.3/debian/patches/0001-irc-fix-crash-when-receiving-a-malformed-message-324.patch 2022-01-23 16:00:54.0 +0200 @@ -0,0 +1,47 @@ +From db4ffe7ccf4b0654cca6993ecaecd5b86070c658 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= +Date: Sat, 8 Feb 2020 20:24:50 +0100 +Subject: irc: fix crash when receiving a malformed message 324 (channel mode) + +Thanks to Stuart Nevans Locke for reporting the issue. +--- + src/plugins/irc/irc-mode.c | 21 - + 1 file changed, 12 insertions(+), 9 deletions(-) + +diff --git a/src/plugins/irc/irc-mode.c b/src/plugins/irc/irc-mode.c +index b5d525c6c..5381bfda6 100644 +--- a/src/plugins/irc/irc-mode.c b/src/plugins/irc/irc-mode.c +@@ -177,17 +177,20 @@ irc_mode_channel_update (struct t_irc_server *server, + current_arg++; + if (pos[0] == chanmode) + { +-chanmode_found = 1; +-if (set_flag == '+') ++if (!chanmode_found) + { +-str_mode[0] = pos[0]; +-str_mode[1] = '\0'; +-strcat (new_modes, str_mode); +-if (argument) ++chanmode_found = 1; ++if (set_flag == '+') + { +-if (new_args[0]) +-strcat (new_args, " "); +-strcat (new_args, argument); ++str_mode[0] = pos[0]; ++str_mode[1] = '\0'; ++strcat (new_modes, str_mode); ++if (argument) ++{ ++if (new_args[0]) ++strcat (new_args, " "); ++strcat (new_args, argument); ++} + } + } + } +-- +2.20.1 + diff -Nru weechat-2.3/debian/patches/0002-irc-fix-crash-when-receiving-a-malformed-message-352.patch weechat-2.3/debian/patches/0002-irc-fix-crash-when-receiving-a-malformed-message-352.patch --- weechat-2.3/debian/patches/0002-irc-fix-crash-when-receiving-a-malformed-message-352.patch 1970-01-01 02:00:00.0 +0200 +++ weechat-2.3/debian/patches/0002-irc-fix-crash-when-receiving-a-malformed-message-352.patch 2022-01-23 16:00:54.0 +0200 @@ -0,0 +1,26 @@ +From 43a8cb9a3b9d8202465fc2b91ff36e7fe51f0a74 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= +Date: Fri, 14 Feb 2020 08:14:31 +0100 +Subject: irc: fix crash when receiving a malformed message 352 (who) + +Thanks to Stuart Nevans Locke for reporting the issue. +--- + src/plugins/irc/irc-protocol.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/plugins/irc/irc-protocol.c b/src/plugins/irc/irc-protocol.c +index fb7ba870a..6bfbd5240 100644 +--- a/src/plugins/irc/irc-protocol.c b/src/plugins/irc/irc-protocol.c +@@ -4521,7 +4521,7 @@ IRC_PROTOCOL_CALLBACK(352) + + if (argc > 8) + { +-arg_start = (strcmp (argv[8],
Bug#1004247: bullseye-pu: package weechat/3.0-1+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: Emmanuel Bouthenot , t...@security.debian.org * CVE-2021-40516: A crafted WebSocket frame could result in a crash in the Relay plugin. (Closes: #993803) diff -Nru weechat-3.0/debian/changelog weechat-3.0/debian/changelog --- weechat-3.0/debian/changelog2020-11-21 09:34:12.0 +0200 +++ weechat-3.0/debian/changelog2022-01-23 16:29:14.0 +0200 @@ -1,3 +1,11 @@ +weechat (3.0-1+deb11u1) bullseye; urgency=medium + + * Non-maintainer upload. + * CVE-2021-40516: A crafted WebSocket frame could result in a crash +in the Relay plugin. (Closes: #993803) + + -- Adrian Bunk Sun, 23 Jan 2022 16:29:14 +0200 + weechat (3.0-1) unstable; urgency=medium * New upstream release diff -Nru weechat-3.0/debian/patches/0001-relay-fix-crash-when-decoding-a-malformed-websocket-.patch weechat-3.0/debian/patches/0001-relay-fix-crash-when-decoding-a-malformed-websocket-.patch --- weechat-3.0/debian/patches/0001-relay-fix-crash-when-decoding-a-malformed-websocket-.patch 1970-01-01 02:00:00.0 +0200 +++ weechat-3.0/debian/patches/0001-relay-fix-crash-when-decoding-a-malformed-websocket-.patch 2022-01-23 16:29:14.0 +0200 @@ -0,0 +1,64 @@ +From ede4582879f31cc29be54fdcdf8bc168dc7ea6e3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= +Date: Sat, 4 Sep 2021 23:09:19 +0200 +Subject: relay: fix crash when decoding a malformed websocket frame + +--- + src/plugins/relay/relay-websocket.c | 16 +++- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/src/plugins/relay/relay-websocket.c b/src/plugins/relay/relay-websocket.c +index e3b768d0a..789f67e20 100644 +--- a/src/plugins/relay/relay-websocket.c b/src/plugins/relay/relay-websocket.c +@@ -278,7 +278,7 @@ relay_websocket_decode_frame (const unsigned char *buffer, + index_buffer = 0; + + /* loop to decode all frames in message */ +-while (index_buffer + 2 <= buffer_length) ++while (index_buffer + 1 < buffer_length) + { + opcode = buffer[index_buffer] & 15; + +@@ -293,10 +293,12 @@ relay_websocket_decode_frame (const unsigned char *buffer, + length_frame_size = 1; + length_frame = buffer[index_buffer + 1] & 127; + index_buffer += 2; ++if (index_buffer >= buffer_length) ++return 0; + if ((length_frame == 126) || (length_frame == 127)) + { + length_frame_size = (length_frame == 126) ? 2 : 8; +-if (buffer_length < 1 + length_frame_size) ++if (index_buffer + length_frame_size > buffer_length) + return 0; + length_frame = 0; + for (i = 0; i < length_frame_size; i++) +@@ -306,10 +308,9 @@ relay_websocket_decode_frame (const unsigned char *buffer, + index_buffer += length_frame_size; + } + +-if (buffer_length < 1 + length_frame_size + 4 + length_frame) +-return 0; +- + /* read masks (4 bytes) */ ++if (index_buffer + 4 > buffer_length) ++return 0; + int masks[4]; + for (i = 0; i < 4; i++) + { +@@ -333,6 +334,11 @@ relay_websocket_decode_frame (const unsigned char *buffer, + *decoded_length += 1; + + /* decode data using masks */ ++if ((length_frame > buffer_length) ++|| (index_buffer + length_frame > buffer_length)) ++{ ++return 0; ++} + for (i = 0; i < length_frame; i++) + { + decoded[*decoded_length + i] = (int)((unsigned char)buffer[index_buffer + i]) ^ masks[i % 4]; +-- +2.20.1 + diff -Nru weechat-3.0/debian/patches/series weechat-3.0/debian/patches/series --- weechat-3.0/debian/patches/series 2020-04-04 12:31:17.0 +0300 +++ weechat-3.0/debian/patches/series 2022-01-23 16:29:14.0 +0200 @@ -1 +1,2 @@ 01_fix_asciidoctor_options.patch +0001-relay-fix-crash-when-decoding-a-malformed-websocket-.patch
Bug#1004144: transition: mbedtls
Control: forwarded -1 https://release.debian.org/transitions/html/auto-mbedtls.html Control: tags -1 confirmed On 2022-01-21 18:09:32 +0100, Andrea Pappacoda wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > > Hi, I'm trying to transition the MbedTLS library to the latest supported LTS > version, bumping the version from 2.16 to 2.28. All the libraries received a > SONAME bump, and only some really minor API incompatibilities were introduced. > I tested all the reverse dependencies of the library and all the ones that > built fine before still build fine now. Some of them fail to build, but they > also failed before upgrading MbedTLS; here's the list of currently failing > packages: > > bctoolbox, #983985 > charybdis, #978782 > dolphin-emu, #976530 > haxe, unsatisfiable build dependencies > srslte, #993701 > julia, segmentation fault during tests (happens also when not using MbedTLS > 2.28, maybe it's an issue of my computer) > > My sponsor, Wookey, is going to take a look at the failing packages to see if > MbedTLS 2.28 introduces additional build issues for the already failing > packages (e.g. building bctoolbox with gcc-10). > > This is the first time I do something like this, I hope I have not messed up > anything :) Please go ahead Cheers > > Ben file: > > title = "mbedtls"; > is_affected = .depends ~ "libmbedcrypto3" | .depends ~ "libmbedtls12" | > .depends ~ "libmbedx509-0" | .depends ~ "libmbedcrypto7" | .depends ~ > "libmbedtls14" | .depends ~ "libmbedx509-1"; > is_good = .depends ~ "libmbedcrypto7" | .depends ~ "libmbedtls14" | .depends ~ > "libmbedx509-1"; > is_bad = .depends ~ "libmbedcrypto3" | .depends ~ "libmbedtls12" | .depends ~ > "libmbedx509-0"; > > > -- Sebastian Ramacher signature.asc Description: PGP signature
Processed: Re: Bug#1004144: transition: mbedtls
Processing control commands: > forwarded -1 https://release.debian.org/transitions/html/auto-mbedtls.html Bug #1004144 [release.debian.org] transition: mbedtls Set Bug forwarded-to-address to 'https://release.debian.org/transitions/html/auto-mbedtls.html'. > tags -1 confirmed Bug #1004144 [release.debian.org] transition: mbedtls Added tag(s) confirmed. -- 1004144: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004144 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1003176: transition: perl 5.34
Control: block -1 by 1002681 Control: forwarded -1 https://release.debian.org/transitions/html/perl-5.34.html On 2022-01-05 17:00:54 +, Niko Tyni wrote: > Package: release.debian.org > User: release.debian@packages.debian.org > Usertags: transition > X-Debbugs-Cc: debian-p...@lists.debian.org, p...@packages.debian.org > Control: block -1 with 1002093 997267 997189 > > Hi, > > we'd like a transition slot for Perl 5.34. > > Should have done this months ago, but real life has interfered. Sorry > about that. > > Perl 5.36 is scheluded for May or so, and I expect that will be our target > for bookworm. Nevertheless, it's probably best to do this incrementally > and have a 5.34 transition now in case 5.36 turns out to be difficult > for some reason. > > The changes in 5.34 are quite small, as upstream spent most of that > release cycle planning Perl 7 (which did not quite work out.) This > reflects in the very low number regressions we found in our test > rebuilds, visible at > > > https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=perl-5.34-transition;users=debian-p...@lists.debian.org > > with just one bug open (openscap, not in testing). > > I did a full archive test rebuild back in May, and partial test rebuilds > in August. Coming back to this now, I've done another round of test > rebuilds for those packages that will need binNMUs. I don't think another > full round is necessary: it seems unlikely that the other packages might > have introduced any Perl 5.34 related regressions in the meantime. > > There's a few packages that have unrelated build failures in current sid. > I'm marking the ones in testing as blockers for this. Some packages are also involved in the ongoing ocaml transition. So let's wait for ocaml to be done. Cheers > > Not sure if this Ben file is correct but hope it helps a bit: > > title = "perl"; > is_affected = .depends ~ "libperl5.32|perlapi-5.32" | .pre-depends ~ > "libperl5.32|perlapi-5.32"; > is_good = .depends ~ "libperl5.34|perlapi-5.34" | .pre-depends ~ > "libperl5.34|perlapi-5.34"; > is_bad = .depends ~ "libperl5.32|perlapi-5.32" | .pre-depends ~ > "libperl5.32|perlapi-5.32"; > > Thanks for your work, > -- > Niko Tyni nt...@debian.org > -- Sebastian Ramacher signature.asc Description: PGP signature
Processed: Re: Bug#1003176: transition: perl 5.34
Processing control commands: > block -1 by 1002681 Bug #1003176 [release.debian.org] transition: perl 5.34 1003176 was blocked by: 1002093 997189 997267 1003176 was not blocking any bugs. Added blocking bug(s) of 1003176: 1002681 > forwarded -1 https://release.debian.org/transitions/html/perl-5.34.html Bug #1003176 [release.debian.org] transition: perl 5.34 Set Bug forwarded-to-address to 'https://release.debian.org/transitions/html/perl-5.34.html'. -- 1003176: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003176 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems