Bug#778475: marked as done (unblock: librcsb-core-wrapper/1.005-3)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sun, 15 Feb 2015 15:54:56 +0000
with message-id <1424015696.3384.9.camel@adam-barratt.org.uk>
and subject line Re: Bug#778475: unblock: librcsb-core-wrapper/1.005-3
has caused the Debian Bug report #778475,
regarding unblock: librcsb-core-wrapper/1.005-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
778475: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778475
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: librcsb-core-wrapper/1.005-3
• From: Andreas Tille <tille@debian.org>
• Date: Sun, 15 Feb 2015 16:31:40 +0100
• Message-id: <[🔎] 20150215153140.4690.84254.reportbug@mail.an3as.eu>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package librcsb-core-wrapper

A security problem was reported (#778397) against this package which is
fixed by this upload (see debdiff).

Thanks for your work on the Debian release

     Andreas.


unblock librcsb-core-wrapper/1.005-3

-- System Information:
Debian Release: 7.8
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru librcsb-core-wrapper-1.005/debian/changelog librcsb-core-wrapper-1.005/debian/changelog
--- librcsb-core-wrapper-1.005/debian/changelog	2014-09-18 21:53:44.000000000 +0200
+++ librcsb-core-wrapper-1.005/debian/changelog	2015-02-14 18:08:44.000000000 +0100
@@ -1,3 +1,11 @@
+librcsb-core-wrapper (1.005-3) unstable; urgency=medium
+
+  * Patch for Henry Spencer regular expressions (regex) library contains
+    a heap overflow vulnerability
+    Closes: #778397
+
+ -- Andreas Tille <tille@debian.org>  Sat, 14 Feb 2015 17:56:49 +0100
+
 librcsb-core-wrapper (1.005-2) unstable; urgency=medium
 
   * Added libtool-bin as a build-dep (Closes: #761768).
diff -Nru librcsb-core-wrapper-1.005/debian/patches/regcomp_cert_fix.patch librcsb-core-wrapper-1.005/debian/patches/regcomp_cert_fix.patch
--- librcsb-core-wrapper-1.005/debian/patches/regcomp_cert_fix.patch	1970-01-01 01:00:00.000000000 +0100
+++ librcsb-core-wrapper-1.005/debian/patches/regcomp_cert_fix.patch	2015-02-14 18:07:41.000000000 +0100
@@ -0,0 +1,43 @@
+Author: Andreas Tille <tille@debian.org>
+Last-Update: Sat, 14 Feb 2015 17:51:06 +0100
+Origin: https://gitweb.dragonflybsd.org/dragonfly.git/blobdiff_plain/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c
+Bug-Debian: http://bugs.debian.org/778397
+Forwarded: sw-help@rcsb.rutgers.edu, Vladimir Guranovic <vladimir@rcsb.rutgers.edu>
+Description: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
+ This patch adapts the patch found at Origin (see above) to the
+ regex code found in librcsb-core-wrapper.
+
+--- librcsb-core-wrapper-1.005.orig/regex/src/regcomp.c
++++ librcsb-core-wrapper-1.005/regex/src/regcomp.c
+@@ -93,6 +93,7 @@ int cflags;
+ 	register struct parse *p = &pa;
+ 	register int i;
+ 	register size_t len;
++	register size_t maxlen;
+ #ifdef REDEBUG
+ #	define	GOODFLAGS(f)	(f)
+ #else
+@@ -115,7 +116,23 @@ int cflags;
+ 							(NC-1)*sizeof(cat_t));
+ 	if (g == NULL)
+ 		return(REG_ESPACE);
++	/*
++	 * Limit the pattern space to avoid a 32-bit overflow on buffer
++	 * extension.  Also avoid any signed overflow in case of conversion
++	 * so make the real limit based on a 31-bit overflow.
++	 *
++	 * Likely not applicable on 64-bit systems but handle the case
++	 * generically (who are we to stop people from using ~715MB+
++	 * patterns?).
++	 */
++	maxlen = ((size_t)-1 >> 1) / sizeof(sop) * 2 / 3;
++	if (len >= maxlen) {
++		free((char *)g);
++		return(REG_ESPACE);
++	}
+ 	p->ssize = len/(size_t)2*(size_t)3 + (size_t)1;	/* ugh */
++	assert(p->ssize >= len);
++
+ 	p->strip = (sop *)malloc(p->ssize * sizeof(sop));
+ 	p->slen = 0;
+ 	if (p->strip == NULL) {
diff -Nru librcsb-core-wrapper-1.005/debian/patches/series librcsb-core-wrapper-1.005/debian/patches/series
--- librcsb-core-wrapper-1.005/debian/patches/series	2014-09-18 21:11:53.000000000 +0200
+++ librcsb-core-wrapper-1.005/debian/patches/series	2015-02-14 17:44:47.000000000 +0100
@@ -11,3 +11,4 @@
 spelling
 exit-in-shlib
 make_test_target
+regcomp_cert_fix.patch

--- End Message ---

--- Begin Message ---

• To: Andreas Tille <tille@debian.org>, 778475-done@bugs.debian.org
• Subject: Re: Bug#778475: unblock: librcsb-core-wrapper/1.005-3
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Sun, 15 Feb 2015 15:54:56 +0000
• Message-id: <1424015696.3384.9.camel@adam-barratt.org.uk>
• In-reply-to: <[🔎] 20150215153140.4690.84254.reportbug@mail.an3as.eu>
• References: <[🔎] 20150215153140.4690.84254.reportbug@mail.an3as.eu>

On Sun, 2015-02-15 at 16:31 +0100, Andreas Tille wrote:
> Please unblock package librcsb-core-wrapper
> 
> A security problem was reported (#778397) against this package which is
> fixed by this upload (see debdiff).

Unblocked.

Regards,

Adam

--- End Message ---