[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#770207: wheezy-pu: package gnustep-base/1.22.1-4+deb7u1



Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu

I would like to update the gnustep-base package in wheezy to fix
CVE-2014-2980 (user security hole, medium severity, no DSA) and
probably more importantly RC bug #753603.

Both patches are from upstream, and I've been testing them on a wheezy
system for a few weeks with no ill effects. 

Proposed debdiff against the version in stable attached.
diff --git a/debian/changelog b/debian/changelog
index 598d7bc..b0513e0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+gnustep-base (1.22.1-4+deb7u1) wheezy; urgency=medium
+
+  * debian/patches/CVE-2014-2980.patch: New; fixes user security hole in
+    gdomap (Closes: #745470).
+  * debian/patches/performSelector-forwarding.patch: New; fixes regression
+    in -performSelector: with message forwarding (Closes: #753603).
+  * debian/patches/series: Update.
+
+ -- Yavor Doganov <yavor@gnu.org>  Wed, 19 Nov 2014 19:25:07 +0200
+
 gnustep-base (1.22.1-4) unstable; urgency=low
 
   * debian/rules (build-arch): Depend on the patch target to ensure that
diff --git a/debian/patches/CVE-2014-2980.patch b/debian/patches/CVE-2014-2980.patch
new file mode 100644
index 0000000..579ded4
--- /dev/null
+++ b/debian/patches/CVE-2014-2980.patch
@@ -0,0 +1,72 @@
+Description: Fix user security hole in gdomap (CVE-2014-2980).
+Bug: https://savannah.gnu.org/bugs/?41751
+Bug-Debian: https://bugs.debian.org/745470
+Origin: upstream, commit: r37756
+Last-Update: 2014-11-19
+---
+
+--- gnustep-base.orig/Tools/gdomap.c
++++ gnustep-base/Tools/gdomap.c
+@@ -279,7 +279,7 @@
+ 
+ #if	defined(HAVE_SYSLOG)
+ 
+-static int	log_priority;
++static int	log_priority = 0;
+ 
+ static void
+ gdomap_log (int prio)
+@@ -4417,16 +4417,7 @@
+   const char	*machine = 0;
+   const char	*lookupf = 0;
+   int		donamesf = 0;
+-
+-#if	defined(HAVE_SYSLOG)
+-  /* Initially, gdomap_log errors to stderr as well as to syslogd. */
+-#if	defined(SYSLOG_4_2)
+-  openlog ("gdomap", LOG_NDELAY);
+-  log_priority = LOG_DAEMON;
+-#else
+-  openlog ("gdomap", LOG_NDELAY, LOG_DAEMON);
+-#endif
+-#endif
++  int           forked = 0;
+ 
+ #if	defined(__MINGW__)
+   WORD wVersionRequested;
+@@ -4778,7 +4769,6 @@
+ #else
+   if (nofork == 0)
+     {
+-      is_daemon = 1;
+       /*
+        *	Now fork off child process to run in background.
+        */
+@@ -4792,6 +4782,7 @@
+ 	    /*
+ 	     *	Try to run in background.
+ 	     */
++          forked = 1;
+ #if	defined(NeXT)
+ 	    setpgrp(0, getpid());
+ #else
+@@ -4851,6 +4842,19 @@
+ 
+ #endif /* !__MINGW__ */
+ 
++  if (forked)
++    {
++      is_daemon = 1;
++#if	defined(HAVE_SYSLOG)
++#if	defined(SYSLOG_4_2)
++      openlog ("gdomap", LOG_NDELAY);
++      log_priority = LOG_DAEMON;
++#else
++      openlog ("gdomap", LOG_NDELAY, LOG_DAEMON);
++#endif
++#endif
++    }
++
+   init_my_port();	/* Determine port to listen on.		*/
+   init_ports();		/* Create ports to handle requests.	*/
+ 
diff --git a/debian/patches/performSelector-forwarding.patch b/debian/patches/performSelector-forwarding.patch
new file mode 100644
index 0000000..3b4be34
--- /dev/null
+++ b/debian/patches/performSelector-forwarding.patch
@@ -0,0 +1,99 @@
+Description: Fix regression in -performSelector: with message forwarding.
+Bug: https://savannah.gnu.org/bugs/?36706
+Bug-Debian: https://bugs.debian.org/753603
+Origin: upstream, commit: r35278, r35279
+Last-Update: 2014-11-19
+---
+
+--- gnustep-base.orig/Source/GSFFIInvocation.m
++++ gnustep-base/Source/GSFFIInvocation.m
+@@ -185,6 +185,14 @@
+ 	}
+       if (nil == sig)
+ 	{
++          if (nil == receiver)
++            {
++              /* If we have a nil receiver, so the runtime is probably trying
++               * to check for forwarding ... return NULL to let it fall back
++               * on the standard forwarding mechanism.
++               */
++              return NULL;
++            }
+ 	  [NSException raise: NSInvalidArgumentException
+ 	    format: @"%c[%s %s]: unrecognized selector sent to instance %p",
+ 	    (class_isMetaClass(c) ? '+' : '-'),
+--- gnustep-base.orig/Source/NSObject.m
++++ gnustep-base/Source/NSObject.m
+@@ -1448,13 +1448,15 @@
+   if (aSelector == 0)
+     [NSException raise: NSInvalidArgumentException
+ 		format: @"%@ null selector given", NSStringFromSelector(_cmd)];
+-  /*
+-   *	If 'self' is an instance, object_getClass() will get the class,
+-   *	and class_getMethodImplementation() will get the instance method.
+-   *	If 'self' is a class, object_getClass() will get the meta-class,
+-   *	and class_getMethodImplementation() will get the class method.
++  /* The Apple runtime API would do:
++   * return class_getMethodImplementation(object_getClass(self), aSelector);
++   * but this cannot ask self for information about any method reached by
++   * forwarding, so the returned forwarding function would ge a generic one
++   * rather than one aware of hardware issues with returning structures
++   * and floating points.  We therefore prefer the GNU API which is able to
++   * use forwarding callbacks to get better type information.
+    */
+-  return class_getMethodImplementation(object_getClass(self), aSelector);
++  return objc_msg_lookup(self, aSelector);
+ }
+ 
+ /**
+@@ -1837,7 +1839,15 @@
+     [NSException raise: NSInvalidArgumentException
+ 		format: @"%@ null selector given", NSStringFromSelector(_cmd)];
+ 
+-  msg = class_getMethodImplementation(object_getClass(self), aSelector);
++  /* The Apple runtime API would do:
++   * msg = class_getMethodImplementation(object_getClass(self), aSelector);
++   * but this cannot ask self for information about any method reached by
++   * forwarding, so the returned forwarding function would ge a generic one
++   * rather than one aware of hardware issues with returning structures
++   * and floating points.  We therefore prefer the GNU API which is able to
++   * use forwarding callbacks to get better type information.
++   */
++  msg = objc_msg_lookup(self, aSelector);
+   if (!msg)
+     {
+       [NSException raise: NSGenericException
+@@ -1862,7 +1872,15 @@
+     [NSException raise: NSInvalidArgumentException
+ 		format: @"%@ null selector given", NSStringFromSelector(_cmd)];
+ 
+-  msg = class_getMethodImplementation(object_getClass(self), aSelector);
++  /* The Apple runtime API would do:
++   * msg = class_getMethodImplementation(object_getClass(self), aSelector);
++   * but this cannot ask self for information about any method reached by
++   * forwarding, so the returned forwarding function would ge a generic one
++   * rather than one aware of hardware issues with returning structures
++   * and floating points.  We therefore prefer the GNU API which is able to
++   * use forwarding callbacks to get better type information.
++   */
++  msg = objc_msg_lookup(self, aSelector);
+   if (!msg)
+     {
+       [NSException raise: NSGenericException
+@@ -1890,7 +1908,15 @@
+     [NSException raise: NSInvalidArgumentException
+ 		format: @"%@ null selector given", NSStringFromSelector(_cmd)];
+ 
+-  msg = class_getMethodImplementation(object_getClass(self), aSelector);
++  /* The Apple runtime API would do:
++   * msg = class_getMethodImplementation(object_getClass(self), aSelector);
++   * but this cannot ask self for information about any method reached by
++   * forwarding, so the returned forwarding function would ge a generic one
++   * rather than one aware of hardware issues with returning structures
++   * and floating points.  We therefore prefer the GNU API which is able to
++   * use forwarding callbacks to get better type information.
++   */
++  msg = objc_msg_lookup(self, aSelector);
+   if (!msg)
+     {
+       [NSException raise: NSGenericException
diff --git a/debian/patches/series b/debian/patches/series
index 40b23aa..a4818ee 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,5 @@
+performSelector-forwarding.patch
+CVE-2014-2980.patch
 libobjc4.patch
 kfreebsd-fake-main.patch
 gnutls-deprecated.patch

Reply to: