[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#926734: marked as done (unblock: libcaca/0.99.beta19-2.1)

Your message dated Tue, 09 Apr 2019 20:40:53 +0200
with message-id <c7abe33bd746ad2304ae9b42ac844c3db1bfcc18.camel@debian.org>
and subject line Re: unblock: libcaca/0.99.beta19-2.1
has caused the Debian Bug report #926734,
regarding unblock: libcaca/0.99.beta19-2.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
926734: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926734
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package libcaca

The new packages fixes 6 CVE's. (Bug #917807)

Thanks!

unblock libcaca/0.99.beta19-2.1

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru libcaca-0.99.beta19/debian/changelog libcaca-0.99.beta19/debian/changelog
--- libcaca-0.99.beta19/debian/changelog	2014-06-02 22:39:11.000000000 +0200
+++ libcaca-0.99.beta19/debian/changelog	2019-04-06 22:18:41.000000000 +0200
@@ -1,3 +1,12 @@
+libcaca (0.99.beta19-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Cherry-Pick fixes from upstream git repository:
+    - CVE-2018-20545, CVE-2018-20546, CVE-2018-20547,CVE-2018-20548 and
+      CVE-2018-20549 (Closes: #917807)
+
+ -- Tobias Frost <tobi@debian.org>  Sat, 06 Apr 2019 22:18:41 +0200
+
 libcaca (0.99.beta19-2) unstable; urgency=medium
 
   * debian/patches/100_doxygen.diff: remove deprecated Doxygen variables.
diff -Nru libcaca-0.99.beta19/debian/patches/CVE-2018-20544.patch libcaca-0.99.beta19/debian/patches/CVE-2018-20544.patch
--- libcaca-0.99.beta19/debian/patches/CVE-2018-20544.patch	1970-01-01 01:00:00.000000000 +0100
+++ libcaca-0.99.beta19/debian/patches/CVE-2018-20544.patch	2019-04-06 21:36:52.000000000 +0200
@@ -0,0 +1,45 @@
+From 84bd155087b93ab2d8d7cb5b1ac94ecd4cf4f93c Mon Sep 17 00:00:00 2001
+From: Sam Hocevar <sam@hocevar.net>
+Date: Sat, 29 Dec 2018 22:13:56 +0100
+Subject: [PATCH] dither: fix integer overflows that were causing a division by
+ zero.
+
+Fixes: #36 (CVE-2018-20544)
+---
+ caca/dither.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/caca/dither.c b/caca/dither.c
+index 04b678e0..c6ebab1b 100644
+--- a/caca/dither.c
++++ b/caca/dither.c
+@@ -991,10 +991,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int y, int w, int h,
+         /* First get RGB */
+         if(d->antialias)
+         {
+-            fromx = (x - x1) * w / deltax;
+-            fromy = (y - y1) * h / deltay;
+-            tox = (x - x1 + 1) * w / deltax;
+-            toy = (y - y1 + 1) * h / deltay;
++            fromx = (uint64_t)(x - x1) * w / deltax;
++            fromy = (uint64_t)(y - y1) * h / deltay;
++            tox = (uint64_t)(x - x1 + 1) * w / deltax;
++            toy = (uint64_t)(y - y1 + 1) * h / deltay;
+ 
+             /* We want at least one pixel */
+             if(tox == fromx) tox++;
+@@ -1017,10 +1017,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int y, int w, int h,
+         }
+         else
+         {
+-            fromx = (x - x1) * w / deltax;
+-            fromy = (y - y1) * h / deltay;
+-            tox = (x - x1 + 1) * w / deltax;
+-            toy = (y - y1 + 1) * h / deltay;
++            fromx = (uint64_t)(x - x1) * w / deltax;
++            fromy = (uint64_t)(y - y1) * h / deltay;
++            tox = (uint64_t)(x - x1 + 1) * w / deltax;
++            toy = (uint64_t)(y - y1 + 1) * h / deltay;
+ 
+             /* tox and toy can overflow the canvas, but they cannot overflow
+              * when averaged with fromx and fromy because these are guaranteed
diff -Nru libcaca-0.99.beta19/debian/patches/CVE-2018-20545+20547+20549.patch libcaca-0.99.beta19/debian/patches/CVE-2018-20545+20547+20549.patch
--- libcaca-0.99.beta19/debian/patches/CVE-2018-20545+20547+20549.patch	1970-01-01 01:00:00.000000000 +0100
+++ libcaca-0.99.beta19/debian/patches/CVE-2018-20545+20547+20549.patch	2019-04-06 22:08:34.000000000 +0200
@@ -0,0 +1,34 @@
+Description: img2txt: fix an integer overflow in the BMP loader.
+Origin: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
+Forwarded: not-needed
+Applied-Upstream: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
+Last-Update: 2019-04-06
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/common-image.h
++++ b/src/common-image.h
+@@ -1,19 +1,19 @@
+ /*
+  *  Imaging tools for cacaview and img2irc
+- *  Copyright (c) 2003-2012 Sam Hocevar <sam@hocevar.net>
+- *                All Rights Reserved
++ *  Copyright (c) 2003-2018 Sam Hocevar <sam@hocevar.net>
++ *              All Rights Reserved
+  *
+  *  This program is free software. It comes without any warranty, to
+  *  the extent permitted by applicable law. You can redistribute it
+  *  and/or modify it under the terms of the Do What the Fuck You Want
+- *  to Public License, Version 2, as published by Sam Hocevar. See
+- *  http://www.wtfpl.net/ for more details.
++ *  to Public License, Version 2, as published by the WTFPL Task Force.
++ *  See http://www.wtfpl.net/ for more details.
+  */
+ 
+ struct image
+ {
+     char *pixels;
+-    unsigned int w, h;
++    size_t w, h;
+     struct caca_dither *dither;
+     void *priv;
+ };
diff -Nru libcaca-0.99.beta19/debian/patches/CVE-2018-20546+20547.patch libcaca-0.99.beta19/debian/patches/CVE-2018-20546+20547.patch
--- libcaca-0.99.beta19/debian/patches/CVE-2018-20546+20547.patch	1970-01-01 01:00:00.000000000 +0100
+++ libcaca-0.99.beta19/debian/patches/CVE-2018-20546+20547.patch	2019-04-06 21:39:32.000000000 +0200
@@ -0,0 +1,36 @@
+From 02a09ec9e5ed8981e7a810bfb6a0172dc24f0790 Mon Sep 17 00:00:00 2001
+From: Sam Hocevar <sam@hocevar.net>
+Date: Sun, 30 Dec 2018 13:18:27 +0100
+Subject: [PATCH] dither: fix integer multiplication overflow that caused
+ crashes.
+
+Fixes: #38 (CVE-2018-20546)
+Fixes: #39 (CVE-2018-20547)
+---
+ caca/dither.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/caca/dither.c b/caca/dither.c
+index c6ebab1b..b2e24e55 100644
+--- a/caca/dither.c
++++ b/caca/dither.c
+@@ -6,8 +6,8 @@
+  *  This library is free software. It comes without any warranty, to
+  *  the extent permitted by applicable law. You can redistribute it
+  *  and/or modify it under the terms of the Do What the Fuck You Want
+- *  to Public License, Version 2, as published by Sam Hocevar. See
+- *  http://www.wtfpl.net/ for more details.
++ *  to Public License, Version 2, as published by the WTFPL Task Force.
++ *  See http://www.wtfpl.net/ for more details.
+  */
+ 
+ /*
+@@ -116,7 +116,7 @@ enum color_mode
+ struct caca_dither
+ {
+     int bpp, has_palette, has_alpha;
+-    int w, h, pitch;
++    size_t w, h, pitch;
+     int rmask, gmask, bmask, amask;
+     int rright, gright, bright, aright;
+     int rleft, gleft, bleft, aleft;
diff -Nru libcaca-0.99.beta19/debian/patches/series libcaca-0.99.beta19/debian/patches/series
--- libcaca-0.99.beta19/debian/patches/series	2014-05-16 21:30:34.000000000 +0200
+++ libcaca-0.99.beta19/debian/patches/series	2019-04-06 21:46:52.000000000 +0200
@@ -1,2 +1,5 @@
 100_doxygen.diff
 200_glut_header.diff
+CVE-2018-20544.patch
+CVE-2018-20545+20547+20549.patch
+CVE-2018-20546+20547.patch

--- End Message ---
--- Begin Message --- 
Already unblocked, sorry for the noise.
(and thanks to the release team for the work!)

--- End Message ---
Reply to: