Bug#877043: stretch-pu: package weechat/1.6-1+deb9u2
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
Hi
weechat in stretch is affected by CVE-2017-14727, tracked as #876553.
> * logger: call strftime before replacing buffer local variables
> (CVE-2017-14727) (Closes: #876553)
https://weechat.org/news/98/20170923-Version-1.9.1-security-release/
Attached proposed debdiff for the stretch point release.
Regards,
Salvatore
diff -Nru weechat-1.6/debian/changelog weechat-1.6/debian/changelog
--- weechat-1.6/debian/changelog 2017-04-29 16:31:58.000000000 +0200
+++ weechat-1.6/debian/changelog 2017-09-27 20:53:31.000000000 +0200
@@ -1,3 +1,11 @@
+weechat (1.6-1+deb9u2) stretch; urgency=medium
+
+ * Non-maintainer upload.
+ * logger: call strftime before replacing buffer local variables
+ (CVE-2017-14727) (Closes: #876553)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Wed, 27 Sep 2017 20:53:31 +0200
+
weechat (1.6-1+deb9u1) stretch; urgency=medium
* Non-maintainer upload.
diff -Nru weechat-1.6/debian/patches/03_logger-call-strftime-before-replacing-buffer-local-v.patch weechat-1.6/debian/patches/03_logger-call-strftime-before-replacing-buffer-local-v.patch
--- weechat-1.6/debian/patches/03_logger-call-strftime-before-replacing-buffer-local-v.patch 1970-01-01 01:00:00.000000000 +0100
+++ weechat-1.6/debian/patches/03_logger-call-strftime-before-replacing-buffer-local-v.patch 2017-09-27 20:53:31.000000000 +0200
@@ -0,0 +1,158 @@
+From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashcode@flashtux.org>
+Date: Sat, 23 Sep 2017 09:36:09 +0200
+Subject: logger: call strftime before replacing buffer local variables
+Origin: https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
+Bug-Debian: https://bugs.debian.org/876553
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14727
+
+---
+ src/plugins/logger/logger.c | 88 ++++++++++++++++++++++-----------------------
+ 2 files changed, 51 insertions(+), 44 deletions(-)
+
+
+diff --git a/src/plugins/logger/logger.c b/src/plugins/logger/logger.c
+index 1abc3efc7..347f1d5a6 100644
+--- a/src/plugins/logger/logger.c
++++ b/src/plugins/logger/logger.c
+@@ -295,71 +295,71 @@ logger_get_mask_for_buffer (struct t_gui_buffer *buffer)
+ char *
+ logger_get_mask_expanded (struct t_gui_buffer *buffer, const char *mask)
+ {
+- char *mask2, *mask_decoded, *mask_decoded2, *mask_decoded3, *mask_decoded4;
+- char *mask_decoded5;
++ char *mask2, *mask3, *mask4, *mask5, *mask6, *mask7;
+ const char *dir_separator;
+ int length;
+ time_t seconds;
+ struct tm *date_tmp;
+
+ mask2 = NULL;
+- mask_decoded = NULL;
+- mask_decoded2 = NULL;
+- mask_decoded3 = NULL;
+- mask_decoded4 = NULL;
+- mask_decoded5 = NULL;
++ mask3 = NULL;
++ mask4 = NULL;
++ mask5 = NULL;
++ mask6 = NULL;
++ mask7 = NULL;
+
+ dir_separator = weechat_info_get ("dir_separator", "");
+ if (!dir_separator)
+ return NULL;
+
++ /* replace date/time specifiers in mask */
++ length = strlen (mask) + 256 + 1;
++ mask2 = malloc (length);
++ if (!mask2)
++ goto end;
++ seconds = time (NULL);
++ date_tmp = localtime (&seconds);
++ mask2[0] = '\0';
++ if (strftime (mask2, length - 1, mask, date_tmp) == 0)
++ mask2[0] = '\0';
++
+ /*
+ * we first replace directory separator (commonly '/') by \01 because
+ * buffer mask can contain this char, and will be replaced by replacement
+ * char ('_' by default)
+ */
+- mask2 = weechat_string_replace (mask, dir_separator, "\01");
+- if (!mask2)
++ mask3 = weechat_string_replace (mask2, dir_separator, "\01");
++ if (!mask3)
+ goto end;
+
+- mask_decoded = weechat_buffer_string_replace_local_var (buffer, mask2);
+- if (!mask_decoded)
++ mask4 = weechat_buffer_string_replace_local_var (buffer, mask3);
++ if (!mask4)
+ goto end;
+
+- mask_decoded2 = weechat_string_replace (mask_decoded,
+- dir_separator,
+- weechat_config_string (logger_config_file_replacement_char));
+- if (!mask_decoded2)
++ mask5 = weechat_string_replace (mask4,
++ dir_separator,
++ weechat_config_string (logger_config_file_replacement_char));
++ if (!mask5)
+ goto end;
+
+ #ifdef __CYGWIN__
+- mask_decoded3 = weechat_string_replace (mask_decoded2, "\\",
+- weechat_config_string (logger_config_file_replacement_char));
++ mask6 = weechat_string_replace (mask5, "\\",
++ weechat_config_string (logger_config_file_replacement_char));
+ #else
+- mask_decoded3 = strdup (mask_decoded2);
++ mask6 = strdup (mask5);
+ #endif /* __CYGWIN__ */
+- if (!mask_decoded3)
++ if (!mask6)
+ goto end;
+
+ /* restore directory separator */
+- mask_decoded4 = weechat_string_replace (mask_decoded3,
+- "\01", dir_separator);
+- if (!mask_decoded4)
+- goto end;
+-
+- /* replace date/time specifiers in mask */
+- length = strlen (mask_decoded4) + 256 + 1;
+- mask_decoded5 = malloc (length);
+- if (!mask_decoded5)
++ mask7 = weechat_string_replace (mask6,
++ "\01", dir_separator);
++ if (!mask7)
+ goto end;
+- seconds = time (NULL);
+- date_tmp = localtime (&seconds);
+- mask_decoded5[0] = '\0';
+- strftime (mask_decoded5, length - 1, mask_decoded4, date_tmp);
+
+ /* convert to lower case? */
+ if (weechat_config_boolean (logger_config_file_name_lower_case))
+- weechat_string_tolower (mask_decoded5);
++ weechat_string_tolower (mask7);
+
+ if (weechat_logger_plugin->debug)
+ {
+@@ -368,22 +368,22 @@ logger_get_mask_expanded (struct t_gui_buffer *buffer, const char *mask)
+ "decoded mask = \"%s\"",
+ LOGGER_PLUGIN_NAME,
+ weechat_buffer_get_string (buffer, "name"),
+- mask, mask_decoded5);
++ mask, mask7);
+ }
+
+ end:
+ if (mask2)
+ free (mask2);
+- if (mask_decoded)
+- free (mask_decoded);
+- if (mask_decoded2)
+- free (mask_decoded2);
+- if (mask_decoded3)
+- free (mask_decoded3);
+- if (mask_decoded4)
+- free (mask_decoded4);
+-
+- return mask_decoded5;
++ if (mask3)
++ free (mask3);
++ if (mask4)
++ free (mask4);
++ if (mask5)
++ free (mask5);
++ if (mask6)
++ free (mask6);
++
++ return mask7;
+ }
+
+ /*
+--
+2.14.2
+
diff -Nru weechat-1.6/debian/patches/series weechat-1.6/debian/patches/series
--- weechat-1.6/debian/patches/series 2017-04-29 16:31:58.000000000 +0200
+++ weechat-1.6/debian/patches/series 2017-09-27 20:53:31.000000000 +0200
@@ -1,2 +1,3 @@
01_fix_asciidoctor_options.patch
02_CVE-2017-8073.patch
+03_logger-call-strftime-before-replacing-buffer-local-v.patch
Reply to: