Bug#945896: buster-pu: package ros-ros-comm/1.14.3+ds1-5

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#945896: buster-pu: package ros-ros-comm/1.14.3+ds1-5
From: Jochen Sprickerhof <jspricke@debian.org>
Date: Sun, 5 Jan 2020 15:40:39 +0100
Message-id: <[🔎] 20200105144039.GE819@vis.fritz.box>
Reply-to: Jochen Sprickerhof <jspricke@debian.org>, 945896@bugs.debian.org
In-reply-to: <157513843267.45595.14682752984910223081.reportbug@fenchel>
References: <157513843267.45595.14682752984910223081.reportbug@fenchel> <157513843267.45595.14682752984910223081.reportbug@fenchel>

Two more CVEs where published, please find a new patch attached.

Cheers Jochen

diff --git a/debian/changelog b/debian/changelog
index 3f3bc57..2f80bb1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ros-ros-comm (1.14.3+ds1-5+deb10u1) stable; urgency=high
+
+  * Add https://github.com/ros/ros_comm/pull/1771 (Fix CVE-2019-13566, CVE-2019-13465)
+  * Add https://github.com/ros/ros_comm/pull/1741 (Fix CVE-2019-13445)
+
+ -- Jochen Sprickerhof <jspricke@debian.org>  Sun, 05 Jan 2020 15:33:55 +0100
+
 ros-ros-comm (1.14.3+ds1-5) unstable; urgency=medium
 
   * install ros/transport headers (LP: #1815896)
diff --git a/debian/patches/0008-fixing-string-check.patch b/debian/patches/0008-fixing-string-check.patch
new file mode 100644
index 0000000..513acfe
--- /dev/null
+++ b/debian/patches/0008-fixing-string-check.patch
@@ -0,0 +1,65 @@
+From: Daniel Wang <daniel.wang@canonical.com>
+Date: Mon, 22 Jul 2019 15:47:21 -0700
+Subject: fixing string check
+
+Signed-off-by: Daniel Wang <daniel.wang@canonical.com>
+---
+ clients/roscpp/src/libros/transport/transport_tcp.cpp | 8 ++++----
+ clients/roscpp/src/libros/transport/transport_udp.cpp | 4 ++--
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/clients/roscpp/src/libros/transport/transport_tcp.cpp b/clients/roscpp/src/libros/transport/transport_tcp.cpp
+index f33a355..ddc47f5 100644
+--- a/clients/roscpp/src/libros/transport/transport_tcp.cpp
++++ b/clients/roscpp/src/libros/transport/transport_tcp.cpp
+@@ -276,7 +276,7 @@ bool TransportTCP::connect(const std::string& host, int port)
+ 
+     bool found = false;
+     struct addrinfo* it = addr;
+-    char namebuf[128];
++    char namebuf[128] = {};
+     for (; it; it = it->ai_next)
+     {
+       if (!s_use_ipv6_ && it->ai_family == AF_INET)
+@@ -288,7 +288,7 @@ bool TransportTCP::connect(const std::string& host, int port)
+         address->sin_family = it->ai_family;
+         address->sin_port = htons(port);
+ 	
+-        strcpy(namebuf, inet_ntoa(address->sin_addr));
++        strncpy(namebuf, inet_ntoa(address->sin_addr), sizeof(namebuf)-1);
+         found = true;
+         break;
+       }
+@@ -734,14 +734,14 @@ std::string TransportTCP::getClientURI()
+   sockaddr_in *sin = (sockaddr_in *)&sas;
+   sockaddr_in6 *sin6 = (sockaddr_in6 *)&sas;
+ 
+-  char namebuf[128];
++  char namebuf[128] = {};
+   int port;
+ 
+   switch (sas.ss_family)
+   {
+     case AF_INET:
+       port = ntohs(sin->sin_port);
+-      strcpy(namebuf, inet_ntoa(sin->sin_addr));
++      strncpy(namebuf, inet_ntoa(sin->sin_addr), sizeof(namebuf)-1);
+       break;
+     case AF_INET6:
+       port = ntohs(sin6->sin6_port);
+diff --git a/clients/roscpp/src/libros/transport/transport_udp.cpp b/clients/roscpp/src/libros/transport/transport_udp.cpp
+index 47d969e..45f817e 100644
+--- a/clients/roscpp/src/libros/transport/transport_udp.cpp
++++ b/clients/roscpp/src/libros/transport/transport_udp.cpp
+@@ -710,9 +710,9 @@ std::string TransportUDP::getClientURI()
+ 
+   sockaddr_in *sin = (sockaddr_in *)&sas;
+ 
+-  char namebuf[128];
++  char namebuf[128] = {};
+   int port = ntohs(sin->sin_port);
+-  strcpy(namebuf, inet_ntoa(sin->sin_addr));
++  strncpy(namebuf, inet_ntoa(sin->sin_addr), sizeof(namebuf)-1);
+ 
+   std::string ip = namebuf;
+   std::stringstream uri;
diff --git a/debian/patches/1741.patch b/debian/patches/1741.patch
new file mode 100644
index 0000000..a107510
--- /dev/null
+++ b/debian/patches/1741.patch
@@ -0,0 +1,21 @@
+From: Christopher Wecht <christopher.wechtstudent.kit.edu>
+Date: Thu, 4 Jul 2019 21:19:14 +0200
+Subject: [PATCH] rosbag/record: fix signed int overflow
+
+---
+ tools/rosbag/src/record.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/rosbag/src/record.cpp b/tools/rosbag/src/record.cpp
+index f6cbb20..d8739bc 100644
+--- a/tools/rosbag/src/record.cpp
++++ b/tools/rosbag/src/record.cpp
+@@ -123,7 +123,7 @@ rosbag::RecorderOptions parseOptions(int argc, char** argv) {
+         ROS_WARN("Use of \"--split <MAX_SIZE>\" has been deprecated.  Please use --split --size <MAX_SIZE> or --split --duration <MAX_DURATION>");
+         if (S < 0)
+           throw ros::Exception("Split size must be 0 or positive");
+-        opts.max_size = 1048576 * S;
++        opts.max_size = 1048576 * static_cast<uint64_t>(S);
+       }
+     }
+     if(vm.count("max-splits"))
diff --git a/debian/patches/series b/debian/patches/series
index 6e4e210..daf961c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,5 @@
 0005-Add-defaults-to-roswtf.patch
 0006-Use-system-libb64.patch
 0007-Build-Python-3-version-of-roslz4.patch
+0008-fixing-string-check.patch
+1741.patch

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#945896: buster-pu: package ros-ros-comm/1.14.3+ds1-5
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#948219: stretch-pu: package ros-ros-comm/1.12.6-2
Next by Date: Bug#947170: marked as done (transition: botan)
Previous by thread: Processed: ros-ros-comm 1.12.6-2+deb9u2 flagged for acceptance
Next by thread: Bug#945896: buster-pu: package ros-ros-comm/1.14.3+ds1-5
Index(es):
- Date
- Thread