[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#877043: stretch-pu: package weechat/1.6-1+deb9u2

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

Hi

weechat in stretch is affected by CVE-2017-14727, tracked as #876553.

>  * logger: call strftime before replacing buffer local variables
>    (CVE-2017-14727) (Closes: #876553)

https://weechat.org/news/98/20170923-Version-1.9.1-security-release/

Attached proposed debdiff for the stretch point release.

Regards,
Salvatore

diff -Nru weechat-1.6/debian/changelog weechat-1.6/debian/changelog
--- weechat-1.6/debian/changelog	2017-04-29 16:31:58.000000000 +0200
+++ weechat-1.6/debian/changelog	2017-09-27 20:53:31.000000000 +0200
@@ -1,3 +1,11 @@
+weechat (1.6-1+deb9u2) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * logger: call strftime before replacing buffer local variables
+    (CVE-2017-14727) (Closes: #876553)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Wed, 27 Sep 2017 20:53:31 +0200
+
 weechat (1.6-1+deb9u1) stretch; urgency=medium
 
   * Non-maintainer upload.
diff -Nru weechat-1.6/debian/patches/03_logger-call-strftime-before-replacing-buffer-local-v.patch weechat-1.6/debian/patches/03_logger-call-strftime-before-replacing-buffer-local-v.patch
--- weechat-1.6/debian/patches/03_logger-call-strftime-before-replacing-buffer-local-v.patch	1970-01-01 01:00:00.000000000 +0100
+++ weechat-1.6/debian/patches/03_logger-call-strftime-before-replacing-buffer-local-v.patch	2017-09-27 20:53:31.000000000 +0200
@@ -0,0 +1,158 @@
+From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashcode@flashtux.org>
+Date: Sat, 23 Sep 2017 09:36:09 +0200
+Subject: logger: call strftime before replacing buffer local variables
+Origin: https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
+Bug-Debian: https://bugs.debian.org/876553
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14727
+
+---
+ src/plugins/logger/logger.c | 88 ++++++++++++++++++++++-----------------------
+ 2 files changed, 51 insertions(+), 44 deletions(-)
+
+
+diff --git a/src/plugins/logger/logger.c b/src/plugins/logger/logger.c
+index 1abc3efc7..347f1d5a6 100644
+--- a/src/plugins/logger/logger.c
++++ b/src/plugins/logger/logger.c
+@@ -295,71 +295,71 @@ logger_get_mask_for_buffer (struct t_gui_buffer *buffer)
+ char *
+ logger_get_mask_expanded (struct t_gui_buffer *buffer, const char *mask)
+ {
+-    char *mask2, *mask_decoded, *mask_decoded2, *mask_decoded3, *mask_decoded4;
+-    char *mask_decoded5;
++    char *mask2, *mask3, *mask4, *mask5, *mask6, *mask7;
+     const char *dir_separator;
+     int length;
+     time_t seconds;
+     struct tm *date_tmp;
+ 
+     mask2 = NULL;
+-    mask_decoded = NULL;
+-    mask_decoded2 = NULL;
+-    mask_decoded3 = NULL;
+-    mask_decoded4 = NULL;
+-    mask_decoded5 = NULL;
++    mask3 = NULL;
++    mask4 = NULL;
++    mask5 = NULL;
++    mask6 = NULL;
++    mask7 = NULL;
+ 
+     dir_separator = weechat_info_get ("dir_separator", "");
+     if (!dir_separator)
+         return NULL;
+ 
++    /* replace date/time specifiers in mask */
++    length = strlen (mask) + 256 + 1;
++    mask2 = malloc (length);
++    if (!mask2)
++        goto end;
++    seconds = time (NULL);
++    date_tmp = localtime (&seconds);
++    mask2[0] = '\0';
++    if (strftime (mask2, length - 1, mask, date_tmp) == 0)
++        mask2[0] = '\0';
++
+     /*
+      * we first replace directory separator (commonly '/') by \01 because
+      * buffer mask can contain this char, and will be replaced by replacement
+      * char ('_' by default)
+      */
+-    mask2 = weechat_string_replace (mask, dir_separator, "\01");
+-    if (!mask2)
++    mask3 = weechat_string_replace (mask2, dir_separator, "\01");
++    if (!mask3)
+         goto end;
+ 
+-    mask_decoded = weechat_buffer_string_replace_local_var (buffer, mask2);
+-    if (!mask_decoded)
++    mask4 = weechat_buffer_string_replace_local_var (buffer, mask3);
++    if (!mask4)
+         goto end;
+ 
+-    mask_decoded2 = weechat_string_replace (mask_decoded,
+-                                            dir_separator,
+-                                            weechat_config_string (logger_config_file_replacement_char));
+-    if (!mask_decoded2)
++    mask5 = weechat_string_replace (mask4,
++                                    dir_separator,
++                                    weechat_config_string (logger_config_file_replacement_char));
++    if (!mask5)
+         goto end;
+ 
+ #ifdef __CYGWIN__
+-    mask_decoded3 = weechat_string_replace (mask_decoded2, "\\",
+-                                            weechat_config_string (logger_config_file_replacement_char));
++    mask6 = weechat_string_replace (mask5, "\\",
++                                    weechat_config_string (logger_config_file_replacement_char));
+ #else
+-    mask_decoded3 = strdup (mask_decoded2);
++    mask6 = strdup (mask5);
+ #endif /* __CYGWIN__ */
+-    if (!mask_decoded3)
++    if (!mask6)
+         goto end;
+ 
+     /* restore directory separator */
+-    mask_decoded4 = weechat_string_replace (mask_decoded3,
+-                                            "\01", dir_separator);
+-    if (!mask_decoded4)
+-        goto end;
+-
+-    /* replace date/time specifiers in mask */
+-    length = strlen (mask_decoded4) + 256 + 1;
+-    mask_decoded5 = malloc (length);
+-    if (!mask_decoded5)
++    mask7 = weechat_string_replace (mask6,
++                                    "\01", dir_separator);
++    if (!mask7)
+         goto end;
+-    seconds = time (NULL);
+-    date_tmp = localtime (&seconds);
+-    mask_decoded5[0] = '\0';
+-    strftime (mask_decoded5, length - 1, mask_decoded4, date_tmp);
+ 
+     /* convert to lower case? */
+     if (weechat_config_boolean (logger_config_file_name_lower_case))
+-        weechat_string_tolower (mask_decoded5);
++        weechat_string_tolower (mask7);
+ 
+     if (weechat_logger_plugin->debug)
+     {
+@@ -368,22 +368,22 @@ logger_get_mask_expanded (struct t_gui_buffer *buffer, const char *mask)
+                                   "decoded mask = \"%s\"",
+                                   LOGGER_PLUGIN_NAME,
+                                   weechat_buffer_get_string (buffer, "name"),
+-                                  mask, mask_decoded5);
++                                  mask, mask7);
+     }
+ 
+ end:
+     if (mask2)
+         free (mask2);
+-    if (mask_decoded)
+-        free (mask_decoded);
+-    if (mask_decoded2)
+-        free (mask_decoded2);
+-    if (mask_decoded3)
+-        free (mask_decoded3);
+-    if (mask_decoded4)
+-        free (mask_decoded4);
+-
+-    return mask_decoded5;
++    if (mask3)
++        free (mask3);
++    if (mask4)
++        free (mask4);
++    if (mask5)
++        free (mask5);
++    if (mask6)
++        free (mask6);
++
++    return mask7;
+ }
+ 
+ /*
+-- 
+2.14.2
+
diff -Nru weechat-1.6/debian/patches/series weechat-1.6/debian/patches/series
--- weechat-1.6/debian/patches/series	2017-04-29 16:31:58.000000000 +0200
+++ weechat-1.6/debian/patches/series	2017-09-27 20:53:31.000000000 +0200
@@ -1,2 +1,3 @@
 01_fix_asciidoctor_options.patch
 02_CVE-2017-8073.patch
+03_logger-call-strftime-before-replacing-buffer-local-v.patch
Reply to: