Bug#926734: unblock: libcaca/0.99.beta19-2.1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package libcaca
The new packages fixes 6 CVE's. (Bug #917807)
Thanks!
unblock libcaca/0.99.beta19-2.1
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru libcaca-0.99.beta19/debian/changelog libcaca-0.99.beta19/debian/changelog
--- libcaca-0.99.beta19/debian/changelog 2014-06-02 22:39:11.000000000 +0200
+++ libcaca-0.99.beta19/debian/changelog 2019-04-06 22:18:41.000000000 +0200
@@ -1,3 +1,12 @@
+libcaca (0.99.beta19-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Cherry-Pick fixes from upstream git repository:
+ - CVE-2018-20545, CVE-2018-20546, CVE-2018-20547,CVE-2018-20548 and
+ CVE-2018-20549 (Closes: #917807)
+
+ -- Tobias Frost <tobi@debian.org> Sat, 06 Apr 2019 22:18:41 +0200
+
libcaca (0.99.beta19-2) unstable; urgency=medium
* debian/patches/100_doxygen.diff: remove deprecated Doxygen variables.
diff -Nru libcaca-0.99.beta19/debian/patches/CVE-2018-20544.patch libcaca-0.99.beta19/debian/patches/CVE-2018-20544.patch
--- libcaca-0.99.beta19/debian/patches/CVE-2018-20544.patch 1970-01-01 01:00:00.000000000 +0100
+++ libcaca-0.99.beta19/debian/patches/CVE-2018-20544.patch 2019-04-06 21:36:52.000000000 +0200
@@ -0,0 +1,45 @@
+From 84bd155087b93ab2d8d7cb5b1ac94ecd4cf4f93c Mon Sep 17 00:00:00 2001
+From: Sam Hocevar <sam@hocevar.net>
+Date: Sat, 29 Dec 2018 22:13:56 +0100
+Subject: [PATCH] dither: fix integer overflows that were causing a division by
+ zero.
+
+Fixes: #36 (CVE-2018-20544)
+---
+ caca/dither.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/caca/dither.c b/caca/dither.c
+index 04b678e0..c6ebab1b 100644
+--- a/caca/dither.c
++++ b/caca/dither.c
+@@ -991,10 +991,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int y, int w, int h,
+ /* First get RGB */
+ if(d->antialias)
+ {
+- fromx = (x - x1) * w / deltax;
+- fromy = (y - y1) * h / deltay;
+- tox = (x - x1 + 1) * w / deltax;
+- toy = (y - y1 + 1) * h / deltay;
++ fromx = (uint64_t)(x - x1) * w / deltax;
++ fromy = (uint64_t)(y - y1) * h / deltay;
++ tox = (uint64_t)(x - x1 + 1) * w / deltax;
++ toy = (uint64_t)(y - y1 + 1) * h / deltay;
+
+ /* We want at least one pixel */
+ if(tox == fromx) tox++;
+@@ -1017,10 +1017,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int y, int w, int h,
+ }
+ else
+ {
+- fromx = (x - x1) * w / deltax;
+- fromy = (y - y1) * h / deltay;
+- tox = (x - x1 + 1) * w / deltax;
+- toy = (y - y1 + 1) * h / deltay;
++ fromx = (uint64_t)(x - x1) * w / deltax;
++ fromy = (uint64_t)(y - y1) * h / deltay;
++ tox = (uint64_t)(x - x1 + 1) * w / deltax;
++ toy = (uint64_t)(y - y1 + 1) * h / deltay;
+
+ /* tox and toy can overflow the canvas, but they cannot overflow
+ * when averaged with fromx and fromy because these are guaranteed
diff -Nru libcaca-0.99.beta19/debian/patches/CVE-2018-20545+20547+20549.patch libcaca-0.99.beta19/debian/patches/CVE-2018-20545+20547+20549.patch
--- libcaca-0.99.beta19/debian/patches/CVE-2018-20545+20547+20549.patch 1970-01-01 01:00:00.000000000 +0100
+++ libcaca-0.99.beta19/debian/patches/CVE-2018-20545+20547+20549.patch 2019-04-06 22:08:34.000000000 +0200
@@ -0,0 +1,34 @@
+Description: img2txt: fix an integer overflow in the BMP loader.
+Origin: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
+Forwarded: not-needed
+Applied-Upstream: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
+Last-Update: 2019-04-06
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/common-image.h
++++ b/src/common-image.h
+@@ -1,19 +1,19 @@
+ /*
+ * Imaging tools for cacaview and img2irc
+- * Copyright (c) 2003-2012 Sam Hocevar <sam@hocevar.net>
+- * All Rights Reserved
++ * Copyright (c) 2003-2018 Sam Hocevar <sam@hocevar.net>
++ * All Rights Reserved
+ *
+ * This program is free software. It comes without any warranty, to
+ * the extent permitted by applicable law. You can redistribute it
+ * and/or modify it under the terms of the Do What the Fuck You Want
+- * to Public License, Version 2, as published by Sam Hocevar. See
+- * http://www.wtfpl.net/ for more details.
++ * to Public License, Version 2, as published by the WTFPL Task Force.
++ * See http://www.wtfpl.net/ for more details.
+ */
+
+ struct image
+ {
+ char *pixels;
+- unsigned int w, h;
++ size_t w, h;
+ struct caca_dither *dither;
+ void *priv;
+ };
diff -Nru libcaca-0.99.beta19/debian/patches/CVE-2018-20546+20547.patch libcaca-0.99.beta19/debian/patches/CVE-2018-20546+20547.patch
--- libcaca-0.99.beta19/debian/patches/CVE-2018-20546+20547.patch 1970-01-01 01:00:00.000000000 +0100
+++ libcaca-0.99.beta19/debian/patches/CVE-2018-20546+20547.patch 2019-04-06 21:39:32.000000000 +0200
@@ -0,0 +1,36 @@
+From 02a09ec9e5ed8981e7a810bfb6a0172dc24f0790 Mon Sep 17 00:00:00 2001
+From: Sam Hocevar <sam@hocevar.net>
+Date: Sun, 30 Dec 2018 13:18:27 +0100
+Subject: [PATCH] dither: fix integer multiplication overflow that caused
+ crashes.
+
+Fixes: #38 (CVE-2018-20546)
+Fixes: #39 (CVE-2018-20547)
+---
+ caca/dither.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/caca/dither.c b/caca/dither.c
+index c6ebab1b..b2e24e55 100644
+--- a/caca/dither.c
++++ b/caca/dither.c
+@@ -6,8 +6,8 @@
+ * This library is free software. It comes without any warranty, to
+ * the extent permitted by applicable law. You can redistribute it
+ * and/or modify it under the terms of the Do What the Fuck You Want
+- * to Public License, Version 2, as published by Sam Hocevar. See
+- * http://www.wtfpl.net/ for more details.
++ * to Public License, Version 2, as published by the WTFPL Task Force.
++ * See http://www.wtfpl.net/ for more details.
+ */
+
+ /*
+@@ -116,7 +116,7 @@ enum color_mode
+ struct caca_dither
+ {
+ int bpp, has_palette, has_alpha;
+- int w, h, pitch;
++ size_t w, h, pitch;
+ int rmask, gmask, bmask, amask;
+ int rright, gright, bright, aright;
+ int rleft, gleft, bleft, aleft;
diff -Nru libcaca-0.99.beta19/debian/patches/series libcaca-0.99.beta19/debian/patches/series
--- libcaca-0.99.beta19/debian/patches/series 2014-05-16 21:30:34.000000000 +0200
+++ libcaca-0.99.beta19/debian/patches/series 2019-04-06 21:46:52.000000000 +0200
@@ -1,2 +1,5 @@
100_doxygen.diff
200_glut_header.diff
+CVE-2018-20544.patch
+CVE-2018-20545+20547+20549.patch
+CVE-2018-20546+20547.patch
Reply to: