[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#985466: marked as done (buster-pu: package libpano13/2.9.19+dfsg-3+deb10u1)

Your message dated Sat, 27 Mar 2021 10:26:45 +0000
with message-id <702e3cb8159c9986264e966af79023672688a8a4.camel@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 10.9 point release
has caused the Debian Bug report #985466,
regarding buster-pu: package libpano13/2.9.19+dfsg-3+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
985466: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985466
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: libpano13@packages.debian.org

Hello,

I would like to fix 985249 for buster. It is a straightforward format
string issue, as documented in the respective report. The issue is fixed
in unstable (2.9.20~rc3+dfsg-1) but not yet in testing.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

diff -Nru libpano13-2.9.19+dfsg/debian/changelog libpano13-2.9.19+dfsg/debian/changelog
--- libpano13-2.9.19+dfsg/debian/changelog	2017-09-10 14:39:18.000000000 +0200
+++ libpano13-2.9.19+dfsg/debian/changelog	2021-03-18 14:12:08.000000000 +0100
@@ -1,3 +1,12 @@
+libpano13 (2.9.19+dfsg-3+deb10u1) buster; urgency=medium
+
+  * 850_f02459498cb4_Prevent_string_vulnerability_by_refusing.diff
+    cherry-picked from 2.9.20 rc3: Fixes format string bug, pasing along
+    format strings in user specified output filename to printf.
+    Closes: #985249
+
+ -- Andreas Metzler <ametzler@debian.org>  Thu, 18 Mar 2021 14:12:08 +0100
+
 libpano13 (2.9.19+dfsg-3) unstable; urgency=medium
 
   * Move Vcs-* from git/http to https.
diff -Nru libpano13-2.9.19+dfsg/debian/patches/850_f02459498cb4_Prevent_string_vulnerability_by_refusing.diff libpano13-2.9.19+dfsg/debian/patches/850_f02459498cb4_Prevent_string_vulnerability_by_refusing.diff
--- libpano13-2.9.19+dfsg/debian/patches/850_f02459498cb4_Prevent_string_vulnerability_by_refusing.diff	1970-01-01 01:00:00.000000000 +0100
+++ libpano13-2.9.19+dfsg/debian/patches/850_f02459498cb4_Prevent_string_vulnerability_by_refusing.diff	2021-03-18 14:12:08.000000000 +0100
@@ -0,0 +1,40 @@
+# HG changeset patch
+# User tmodes
+# Date 1615911819 -3600
+#      Tue Mar 16 17:23:39 2021 +0100
+# Node ID f02459498cb44c0087900616a7e61563d614c05f
+# Parent  2e9ee0a5e32f2ca6e1a5b3f9c2d5c393a41903c3
+Prevent string vulnerability by refusing prefix strings with percentage sign
+
+diff -r 2e9ee0a5e32f -r f02459498cb4 file.c
+--- a/file.c	Sun Dec 13 15:37:56 2020 +0100
++++ b/file.c	Tue Mar 16 17:23:39 2021 +0100
+@@ -2910,6 +2910,16 @@
+         }
+         strcat(outputPrefix, DEFAULT_PREFIX_NUMBER_FORMAT);
+     }
++    else {
++        // TODO: sanitize outputPrefix, only a single format specifier %??d or %??i
++        // is allowed, all other should be escaped
++        // until this is implemented refuse to process further if prefix string
++        // contains a percentage sign to prevent string vulnerability in 
++        // sprintf(outputFilename, outputPrefix ...) below
++        PrintError("Output prefix must not contain a percentage sign");
++        return 0;
++    }
++
+ 
+     for (i =0; i< filesCount ; i++) {
+         sprintf( outputFilename, outputPrefix, i );
+diff -r 2e9ee0a5e32f -r f02459498cb4 tools/PTcrop.c
+--- a/tools/PTcrop.c	Sun Dec 13 15:37:56 2020 +0100
++++ b/tools/PTcrop.c	Tue Mar 16 17:23:39 2021 +0100
+@@ -36,7 +36,7 @@
+ 
+ #define PT_CROP_USAGE "PTuncrop [options] <inputFiles+>\n\n" \
+     "Options:\n"                                                        \
+-    "\t-p <prefix>\tPrefix for output files (defaults to " DEFAULT_PREFIX "%%4d)\n"	\
++    "\t-p <prefix>\tPrefix for output files (defaults to " DEFAULT_PREFIX ")\n"	\
+     "\t-f\t\tForce processing: Overwrite output files if they exists (use with care)\n"      \
+     "\t-x\t\tDelete source files (use with care)\n"\
+     "\t-q\t\tQuiet run\n"\
diff -Nru libpano13-2.9.19+dfsg/debian/patches/series libpano13-2.9.19+dfsg/debian/patches/series
--- libpano13-2.9.19+dfsg/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ libpano13-2.9.19+dfsg/debian/patches/series	2021-03-18 14:12:08.000000000 +0100
@@ -0,0 +1 @@
+850_f02459498cb4_Prevent_string_vulnerability_by_refusing.diff

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.9

Hi,

Each of the updates referenced in these bugs was included in the 10.9
point release today.

Regards,

Adam

--- End Message ---
Reply to: