Bug#770207: wheezy-pu: package gnustep-base/1.22.1-4+deb7u1
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu
I would like to update the gnustep-base package in wheezy to fix
CVE-2014-2980 (user security hole, medium severity, no DSA) and
probably more importantly RC bug #753603.
Both patches are from upstream, and I've been testing them on a wheezy
system for a few weeks with no ill effects.
Proposed debdiff against the version in stable attached.
diff --git a/debian/changelog b/debian/changelog
index 598d7bc..b0513e0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+gnustep-base (1.22.1-4+deb7u1) wheezy; urgency=medium
+
+ * debian/patches/CVE-2014-2980.patch: New; fixes user security hole in
+ gdomap (Closes: #745470).
+ * debian/patches/performSelector-forwarding.patch: New; fixes regression
+ in -performSelector: with message forwarding (Closes: #753603).
+ * debian/patches/series: Update.
+
+ -- Yavor Doganov <yavor@gnu.org> Wed, 19 Nov 2014 19:25:07 +0200
+
gnustep-base (1.22.1-4) unstable; urgency=low
* debian/rules (build-arch): Depend on the patch target to ensure that
diff --git a/debian/patches/CVE-2014-2980.patch b/debian/patches/CVE-2014-2980.patch
new file mode 100644
index 0000000..579ded4
--- /dev/null
+++ b/debian/patches/CVE-2014-2980.patch
@@ -0,0 +1,72 @@
+Description: Fix user security hole in gdomap (CVE-2014-2980).
+Bug: https://savannah.gnu.org/bugs/?41751
+Bug-Debian: https://bugs.debian.org/745470
+Origin: upstream, commit: r37756
+Last-Update: 2014-11-19
+---
+
+--- gnustep-base.orig/Tools/gdomap.c
++++ gnustep-base/Tools/gdomap.c
+@@ -279,7 +279,7 @@
+
+ #if defined(HAVE_SYSLOG)
+
+-static int log_priority;
++static int log_priority = 0;
+
+ static void
+ gdomap_log (int prio)
+@@ -4417,16 +4417,7 @@
+ const char *machine = 0;
+ const char *lookupf = 0;
+ int donamesf = 0;
+-
+-#if defined(HAVE_SYSLOG)
+- /* Initially, gdomap_log errors to stderr as well as to syslogd. */
+-#if defined(SYSLOG_4_2)
+- openlog ("gdomap", LOG_NDELAY);
+- log_priority = LOG_DAEMON;
+-#else
+- openlog ("gdomap", LOG_NDELAY, LOG_DAEMON);
+-#endif
+-#endif
++ int forked = 0;
+
+ #if defined(__MINGW__)
+ WORD wVersionRequested;
+@@ -4778,7 +4769,6 @@
+ #else
+ if (nofork == 0)
+ {
+- is_daemon = 1;
+ /*
+ * Now fork off child process to run in background.
+ */
+@@ -4792,6 +4782,7 @@
+ /*
+ * Try to run in background.
+ */
++ forked = 1;
+ #if defined(NeXT)
+ setpgrp(0, getpid());
+ #else
+@@ -4851,6 +4842,19 @@
+
+ #endif /* !__MINGW__ */
+
++ if (forked)
++ {
++ is_daemon = 1;
++#if defined(HAVE_SYSLOG)
++#if defined(SYSLOG_4_2)
++ openlog ("gdomap", LOG_NDELAY);
++ log_priority = LOG_DAEMON;
++#else
++ openlog ("gdomap", LOG_NDELAY, LOG_DAEMON);
++#endif
++#endif
++ }
++
+ init_my_port(); /* Determine port to listen on. */
+ init_ports(); /* Create ports to handle requests. */
+
diff --git a/debian/patches/performSelector-forwarding.patch b/debian/patches/performSelector-forwarding.patch
new file mode 100644
index 0000000..3b4be34
--- /dev/null
+++ b/debian/patches/performSelector-forwarding.patch
@@ -0,0 +1,99 @@
+Description: Fix regression in -performSelector: with message forwarding.
+Bug: https://savannah.gnu.org/bugs/?36706
+Bug-Debian: https://bugs.debian.org/753603
+Origin: upstream, commit: r35278, r35279
+Last-Update: 2014-11-19
+---
+
+--- gnustep-base.orig/Source/GSFFIInvocation.m
++++ gnustep-base/Source/GSFFIInvocation.m
+@@ -185,6 +185,14 @@
+ }
+ if (nil == sig)
+ {
++ if (nil == receiver)
++ {
++ /* If we have a nil receiver, so the runtime is probably trying
++ * to check for forwarding ... return NULL to let it fall back
++ * on the standard forwarding mechanism.
++ */
++ return NULL;
++ }
+ [NSException raise: NSInvalidArgumentException
+ format: @"%c[%s %s]: unrecognized selector sent to instance %p",
+ (class_isMetaClass(c) ? '+' : '-'),
+--- gnustep-base.orig/Source/NSObject.m
++++ gnustep-base/Source/NSObject.m
+@@ -1448,13 +1448,15 @@
+ if (aSelector == 0)
+ [NSException raise: NSInvalidArgumentException
+ format: @"%@ null selector given", NSStringFromSelector(_cmd)];
+- /*
+- * If 'self' is an instance, object_getClass() will get the class,
+- * and class_getMethodImplementation() will get the instance method.
+- * If 'self' is a class, object_getClass() will get the meta-class,
+- * and class_getMethodImplementation() will get the class method.
++ /* The Apple runtime API would do:
++ * return class_getMethodImplementation(object_getClass(self), aSelector);
++ * but this cannot ask self for information about any method reached by
++ * forwarding, so the returned forwarding function would ge a generic one
++ * rather than one aware of hardware issues with returning structures
++ * and floating points. We therefore prefer the GNU API which is able to
++ * use forwarding callbacks to get better type information.
+ */
+- return class_getMethodImplementation(object_getClass(self), aSelector);
++ return objc_msg_lookup(self, aSelector);
+ }
+
+ /**
+@@ -1837,7 +1839,15 @@
+ [NSException raise: NSInvalidArgumentException
+ format: @"%@ null selector given", NSStringFromSelector(_cmd)];
+
+- msg = class_getMethodImplementation(object_getClass(self), aSelector);
++ /* The Apple runtime API would do:
++ * msg = class_getMethodImplementation(object_getClass(self), aSelector);
++ * but this cannot ask self for information about any method reached by
++ * forwarding, so the returned forwarding function would ge a generic one
++ * rather than one aware of hardware issues with returning structures
++ * and floating points. We therefore prefer the GNU API which is able to
++ * use forwarding callbacks to get better type information.
++ */
++ msg = objc_msg_lookup(self, aSelector);
+ if (!msg)
+ {
+ [NSException raise: NSGenericException
+@@ -1862,7 +1872,15 @@
+ [NSException raise: NSInvalidArgumentException
+ format: @"%@ null selector given", NSStringFromSelector(_cmd)];
+
+- msg = class_getMethodImplementation(object_getClass(self), aSelector);
++ /* The Apple runtime API would do:
++ * msg = class_getMethodImplementation(object_getClass(self), aSelector);
++ * but this cannot ask self for information about any method reached by
++ * forwarding, so the returned forwarding function would ge a generic one
++ * rather than one aware of hardware issues with returning structures
++ * and floating points. We therefore prefer the GNU API which is able to
++ * use forwarding callbacks to get better type information.
++ */
++ msg = objc_msg_lookup(self, aSelector);
+ if (!msg)
+ {
+ [NSException raise: NSGenericException
+@@ -1890,7 +1908,15 @@
+ [NSException raise: NSInvalidArgumentException
+ format: @"%@ null selector given", NSStringFromSelector(_cmd)];
+
+- msg = class_getMethodImplementation(object_getClass(self), aSelector);
++ /* The Apple runtime API would do:
++ * msg = class_getMethodImplementation(object_getClass(self), aSelector);
++ * but this cannot ask self for information about any method reached by
++ * forwarding, so the returned forwarding function would ge a generic one
++ * rather than one aware of hardware issues with returning structures
++ * and floating points. We therefore prefer the GNU API which is able to
++ * use forwarding callbacks to get better type information.
++ */
++ msg = objc_msg_lookup(self, aSelector);
+ if (!msg)
+ {
+ [NSException raise: NSGenericException
diff --git a/debian/patches/series b/debian/patches/series
index 40b23aa..a4818ee 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,5 @@
+performSelector-forwarding.patch
+CVE-2014-2980.patch
libobjc4.patch
kfreebsd-fake-main.patch
gnutls-deprecated.patch
Reply to: