[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2016-8685 in potrace

Hi,

I have prepared the potrace update fixing CVE-2016-8685 and would like
to upload it. However, I had to modify debian/rules slightly more than
excepted because in its current state, the CFLAGS variable defined by
debian/rules isn't passed properly to the configure script. Actually
CFLAGS is neither exported, nor passed to ./configure as argument...

I don't understand that such a mistake is present in this rules file.

Could somebody take a look at the debdiff and confirm me that these
changes to debian/rules are pertinent ?

Cheers,
 Hugo

-- 
             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

diff -Nru potrace-1.10/debian/changelog potrace-1.10/debian/changelog
--- potrace-1.10/debian/changelog	2016-10-25 10:52:48.000000000 +0200
+++ potrace-1.10/debian/changelog	2017-04-08 23:10:22.000000000 +0200
@@ -1,3 +1,14 @@
+potrace (1.10-1+deb7u2) wheezy-security; urgency=high
+
+  * Non-maintainer upload by the LTS Team.
+  * Fix CVE-2016-8685 (Closes: #843861). 
+  * Add -fwrapv to build flags in debian/rules to avoid
+    segfaults caused by optimization of code relying on
+    two's-complement wrapping behaviour on signed arithmetic.
+  * export CFLAGS variable in debian/rules.
+
+ -- Hugo Lefeuvre <hle@debian.org>  Sat, 08 Apr 2017 23:10:22 +0200
+
 potrace (1.10-1+deb7u1) wheezy-security; urgency=medium
 
   * Non-maintainer upload by the LTS Team.
diff -Nru potrace-1.10/debian/patches/CVE-2016-8685.patch potrace-1.10/debian/patches/CVE-2016-8685.patch
--- potrace-1.10/debian/patches/CVE-2016-8685.patch	1970-01-01 01:00:00.000000000 +0100
+++ potrace-1.10/debian/patches/CVE-2016-8685.patch	2017-04-08 23:10:22.000000000 +0200
@@ -0,0 +1,23 @@
+From: Hugo Lefeuvre <hle@debian.org>
+Subject: Fix integer overflow causing segfault in findnext
+ For large enough bm->w in findnext, x+=BM_WORDBITS can result in
+ an integer overflow causing a segmentation fault when executing
+ *bm_index(bm, x, y).
+ .
+ We add a check that avoids entering into the loop if passed bm->w
+ is too large.
+Bug-Debian: http://bugs.debian.org/843861
+--- a/src/decompose.c	2017-04-04 10:58:37.436084109 +0200
++++ b/src/decompose.c	2017-04-04 11:22:02.957825883 +0200
+@@ -428,6 +428,11 @@
+ 
+   x0 = (*xp) & ~(BM_WORDBITS-1);
+ 
++  /* check value of bm->w to avoid integer overflow of x in the loop. */
++  if( bm->w >= INT_MAX - BM_WORDBITS ) {
++    return 1;
++  }
++
+   for (y=*yp; y>=0; y--) {
+     for (x=x0; x<bm->w; x+=BM_WORDBITS) {
+       if (*bm_index(bm, x, y)) {
diff -Nru potrace-1.10/debian/patches/series potrace-1.10/debian/patches/series
--- potrace-1.10/debian/patches/series	2016-10-25 10:46:55.000000000 +0200
+++ potrace-1.10/debian/patches/series	2017-04-08 23:09:16.000000000 +0200
@@ -1,2 +1,3 @@
 CVE-2013-7437.patch
 CVE-2016-8694.patch
+CVE-2016-8685.patch
diff -Nru potrace-1.10/debian/rules potrace-1.10/debian/rules
--- potrace-1.10/debian/rules	2011-03-29 11:08:52.000000000 +0200
+++ potrace-1.10/debian/rules	2017-04-08 23:10:22.000000000 +0200
@@ -10,7 +10,7 @@
 DEB_BUILD_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
 
 
-CFLAGS = -Wall -g
+CFLAGS = -Wall -g -fwrapv
 
 ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
 	CFLAGS += -O0
@@ -21,6 +21,8 @@
 	INSTALL_PROGRAM += -s
 endif
 
+export CFLAGS
+
 config.status: configure ${QUILT_STAMPFN}
 	dh_testdir
 ifneq "$(wildcard /usr/share/misc/config.sub)" ""

Attachment: signature.asc
Description: PGP signature

Reply to: