Bug#988995: marked as done (unblock: openexr/2.5.4-2)

To: Paul Gevers <elbrus@debian.org>
Subject: Bug#988995: marked as done (unblock: openexr/2.5.4-2)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 23 May 2021 19:33:13 +0000
Message-id: <[🔎] handler.988995.D988995.1621798280426.ackdone@bugs.debian.org>
Reply-to: 988995@bugs.debian.org
References: <ebbe3771-93d8-608d-dc47-b811644d5090@debian.org> <[🔎] 87h7iubpyo.fsf@localhost>

Your message dated Sun, 23 May 2021 21:31:18 +0200
with message-id <ebbe3771-93d8-608d-dc47-b811644d5090@debian.org>
and subject line Re: Bug#988995: unblock: openexr/2.5.4-2
has caused the Debian Bug report #988995,
regarding unblock: openexr/2.5.4-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
988995: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988995
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: openexr/2.5.4-2
From: "Matteo F. Vescovi" <mfv@debian.org>
Date: Sat, 22 May 2021 20:09:19 +0200
Message-id: <[🔎] 87h7iubpyo.fsf@localhost>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package openexr

This new revision aims to fix the CVE-2021-23169, regarding the
Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer.

[ Reason ]
Framebuffer didn't handle images with nonzero dataWindow.min.x!=0 and
xSampling!=1, as well as in exrcheck's stream object, calling seekg()
with a bad value would still seek to a bad position, even though it
threw an exception, so a future read would segfault

[ Impact ]
The fix should handle xsampling and bad seekg() calls in exrcheck,
that in previous Debian revision weren't managed yet.

[ Tests ]
Tests were made upstream, back in December 2020.

[ Risks ]
Very low risk for regressions.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock openexr/2.5.4-2

-- 
Matteo F. Vescovi || Debian Developer
GnuPG KeyID: 4096R/0x8062398983B2CF7A

diff -Nru openexr-2.5.4/debian/changelog openexr-2.5.4/debian/changelog
--- openexr-2.5.4/debian/changelog	2021-01-21 23:24:00.000000000 +0100
+++ openexr-2.5.4/debian/changelog	2021-05-18 23:26:12.000000000 +0200
@@ -1,3 +1,14 @@
+openexr (2.5.4-2) unstable; urgency=high
+
+  * debian/patches/: patchset updated
+    - CVE-2021-23169.diff added (Closes: #988240)
+    | This patch aims to fix CVE-2021-23169:
+    |   Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
+    | The patch applied is a reduced version of the upstream
+    | commit, given the code base has changed in the meanwhile.
+
+ -- Matteo F. Vescovi <mfv@debian.org>  Tue, 18 May 2021 23:26:12 +0200
+
 openexr (2.5.4-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru openexr-2.5.4/debian/patches/CVE-2021-23169.diff openexr-2.5.4/debian/patches/CVE-2021-23169.diff
--- openexr-2.5.4/debian/patches/CVE-2021-23169.diff	1970-01-01 01:00:00.000000000 +0100
+++ openexr-2.5.4/debian/patches/CVE-2021-23169.diff	2021-05-18 23:21:27.000000000 +0200
@@ -0,0 +1,19 @@
+Author: peterhillman <peterh@wetafx.co.nz>
+Date:   Thu Dec 3 10:53:32 2020 +1300
+Subject: Handle xsampling and bad seekg() calls in exrcheck
+Origin: https://github.com/AcademySoftwareFoundation/openexr/pull/872
+Bug-Debian: https://bugs.debian.org/988240
+
+diff --git a/OpenEXR/IlmImf/ImfDeepTiledInputFile.cpp b/OpenEXR/IlmImf/ImfDeepTiledInputFile.cpp
+index f5abe9c6..94452905 100644
+--- a/OpenEXR/IlmImf/ImfDeepTiledInputFile.cpp
++++ b/OpenEXR/IlmImf/ImfDeepTiledInputFile.cpp
+@@ -960,7 +960,7 @@ DeepTiledInputFile::compatibilityInitialize(OPENEXR_IMF_INTERNAL_NAMESPACE::IStr
+ void
+ DeepTiledInputFile::multiPartInitialize(InputPartData* part)
+ {
+-    if (isTiled(part->header.type()) == false)
++    if (part->header.type() != DEEPTILE)
+         THROW (IEX_NAMESPACE::ArgExc, "Can't build a DeepTiledInputFile from a part of type " << part->header.type());
+
+     _data->_streamData = part->mutex;
diff -Nru openexr-2.5.4/debian/patches/series openexr-2.5.4/debian/patches/series
--- openexr-2.5.4/debian/patches/series	2020-05-10 23:13:25.000000000 +0200
+++ openexr-2.5.4/debian/patches/series	2021-05-18 23:03:57.000000000 +0200
@@ -11,3 +11,4 @@
 #CVE-2017-911x.patch
 am_foreign_set_global.diff
 bug909865.patch
+CVE-2021-23169.diff

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

To: "Matteo F. Vescovi" <mfv@debian.org>, 988995-done@bugs.debian.org

Subject: Re: Bug#988995: unblock: openexr/2.5.4-2

From: Paul Gevers <elbrus@debian.org>

Date: Sun, 23 May 2021 21:31:18 +0200

Message-id: <ebbe3771-93d8-608d-dc47-b811644d5090@debian.org>

In-reply-to: <[🔎] 87h7iubpyo.fsf@localhost>

References: <[🔎] 87h7iubpyo.fsf@localhost>
Hi

On 22-05-2021 20:09, Matteo F. Vescovi wrote:
> Please unblock package openexr

Already unblocked and aged.

Paul
Attachment: OpenPGP_signature
Description: OpenPGP digital signature

--- End Message ---

Reply to:

References:
- Bug#988995: unblock: openexr/2.5.4-2
  - From: "Matteo F. Vescovi" <mfv@debian.org>

Prev by Date: Processed: get version right
Next by Date: Re: Bug#988217: u-boot: bootefi causes boot failure with boot.scr
Previous by thread: Bug#988995: unblock: openexr/2.5.4-2
Next by thread: Re: Bug#988217: u-boot: bootefi causes boot failure with boot.scr
Index(es):
- Date
- Thread