--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: bullseye-pu: package gnuplot/gnuplot_5.4.1+dfsg1-1+deb11u1
- From: Anton Gladky <gladk@debian.org>
- Date: Sat, 25 Dec 2021 19:39:27 +0100
- Message-id: <164045756702.399027.15974007875260706160.reportbug@thinkpad.debian>
- Reply-to: gladk@debian.org
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear release team,
[ Reason ]
gnuplot_5.4.1+dfsg1-1+deb11u1 is fixing security issue CVE-2021-44917.
Please include it into the bullseye.
[ Impact ]
Security issue
[ Tests ]
Done on CI and locally.
[ Risks ]
No risks awaited
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Patch imported from upstream.
Thanks
Anton
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHHZV4RHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/waXwg/+N32dARCRDysGWA2f1KWiP/9slcH00cYQ
Vyja1+nYut1S4HuWv8oWX7dvC9anSj8+I123M3Q7k2kG1iRN0FyydXnxwQT7xU8p
ewS0NJvgO8QLPAS1kAzn72zT6KMnBlIbYoLGuVjnWRpQiCO8P0GJ8pgK7mr1tNN2
2/t+TfD7gvGgpN1ZIxnrpa5wwSBvG/txJqO7sazC6O7NZwRRxzHP5GG1Gn6I6yJP
MparDEkNpSDeZTIo6o6D6g8dnMVIG6ukpWp0aJIHzKpy6a/P3agzglwTyl2V20+L
m06EP4/zureXmAQz8mCA7rvTMo/N6LCRPKVOssNXwnja98kD612icYFhFg+P7tOY
xlhbHVh+E8mEAbbovfaQp0MvlkvrkOwB0KtB8vcSaC0//HU3OsBS4f0g8Gb+fFa6
9OMTuCZ3XUEiNXHOr8P6LyCwK6R+blU1O0nAF8DuC14nR00Wjbi/h6SwuHNvNHEq
WuGwLp2fWDKBd4ViQCMRwI5IcEhi9usW+q3e/X08VuI2t/tb2Nv+5fPbqTzQ6q1w
TD4vQOT8YrTP4i+MKDOUkXoVePidmVNVHmChEgANqCMQfQ85gcHT6ldq1l+GADJ9
pVLZi6qjA3T/ePS70Dox/TAy/saKXO7hQhtlj4V4vKm2EGh0hvZzdS6wkvMHORuq
z6abtXAa96M=
=tBfC
-----END PGP SIGNATURE-----
diff -Nru gnuplot-5.4.1+dfsg1/debian/changelog gnuplot-5.4.1+dfsg1/debian/changelog
--- gnuplot-5.4.1+dfsg1/debian/changelog 2020-12-03 22:27:21.000000000 +0100
+++ gnuplot-5.4.1+dfsg1/debian/changelog 2021-12-25 19:15:06.000000000 +0100
@@ -1,3 +1,9 @@
+gnuplot (5.4.1+dfsg1-1+deb11u1) bullseye; urgency=medium
+
+ * Fix divide by zero vulnerability. CVE-2021-44917. (Closes: #1002539)
+
+ -- Anton Gladky <gladk@debian.org> Sat, 25 Dec 2021 19:15:06 +0100
+
gnuplot (5.4.1+dfsg1-1) unstable; urgency=medium
* [945257b] New upstream version 5.4.1+dfsg1
diff -Nru gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml
--- gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml 2020-09-24 23:46:23.000000000 +0200
+++ gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml 2021-12-25 19:15:06.000000000 +0100
@@ -1,3 +1,4 @@
include:
- - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
- - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+variables:
+ RELEASE: 'bullseye'
diff -Nru gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch
--- gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch 2021-12-25 19:15:06.000000000 +0100
@@ -0,0 +1,114 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ gnuplot (5.4.2+dfsg2-1) unstable; urgency=medium
+ .
+ * [4370a18] Update d/watch
+ * [7d7c5c0] New upstream version 5.4.2+dfsg1.orig
+ * [97d5d83] Refresh patches
+ * [9d8bbae] Update gitlab.ci
+ * [e168129] Use secure URI in debian/watch.
+ * [08324bf] Bump debhelper from old 12 to 13.
+ * [3a47530] Update standards version to 4.5.1, no changes needed.
+ * [ba4a50d] Avoid explicitly specifying -Wl,--as-needed linker flag.
+ * [9ce752b] Set Standards-Version: 4.6.0
+ * [917e564] Use execute-syntax for some commands in d/rules
+Author: Anton Gladky <gladk@debian.org>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: https://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: 2021-12-25
+
+Index: gnuplot-5.4.1+dfsg1/src/set.c
+===================================================================
+--- gnuplot-5.4.1+dfsg1.orig/src/set.c
++++ gnuplot-5.4.1+dfsg1/src/set.c
+@@ -5058,18 +5058,6 @@ set_terminal()
+ fprintf(stderr,"Options are '%s'\n",term_options);
+ if ((term->flags & TERM_MONOCHROME))
+ init_monochrome();
+-
+- /* Sanity check:
+- * The most common failure mode found by fuzzing is a divide-by-zero
+- * caused by initializing the basic unit of the current terminal character
+- * size to zero. I keep patching the individual terminals, but a generic
+- * sanity check may at least prevent a crash due to mistyping.
+- */
+- if (term->h_char <= 0 || term->v_char <= 0) {
+- int_warn(NO_CARET, "invalid terminal font size");
+- term->h_char = 10;
+- term->v_char = 10;
+- }
+ }
+
+
+Index: gnuplot-5.4.1+dfsg1/src/term.c
+===================================================================
+--- gnuplot-5.4.1+dfsg1.orig/src/term.c
++++ gnuplot-5.4.1+dfsg1/src/term.c
+@@ -235,6 +235,7 @@ static void UNKNOWN_null(void);
+ static void MOVE_null(unsigned int, unsigned int);
+ static void LINETYPE_null(int);
+ static void PUTTEXT_null(unsigned int, unsigned int, const char *);
++static TBOOLEAN sanity_check_font_size(void);
+
+ static int strlen_tex(const char *);
+
+@@ -516,6 +517,8 @@ term_start_plot()
+ term_suspended = FALSE;
+ }
+
++ sanity_check_font_size();
++
+ if (multiplot)
+ multiplot_count++;
+
+@@ -2920,3 +2923,21 @@ escape_reserved_chars(const char *str, c
+
+ return escaped_str;
+ }
++
++/* Sanity check:
++ * The most common program failure mode found by fuzzing is a divide-by-zero
++ * caused by initializing the basic unit of the current terminal character
++ * size to zero. I keep patching individual terminals, but a generic
++ * sanity check may at least prevent a crash due to typos.
++ */
++static TBOOLEAN
++sanity_check_font_size()
++{
++ if (!(0 < term->v_char && term->v_char < term->ymax)
++ || !(0 < term->h_char && term->h_char < term->xmax)) {
++ int_warn(NO_CARET, "Invalid terminal font size");
++ term->v_char = term->h_char = 10;
++ return FALSE;
++ }
++ return TRUE;
++}
+\ No newline at end of file
+Index: gnuplot-5.4.1+dfsg1/term/emf.trm
+===================================================================
+--- gnuplot-5.4.1+dfsg1.orig/term/emf.trm
++++ gnuplot-5.4.1+dfsg1/term/emf.trm
+@@ -805,7 +805,7 @@ EMF_options()
+ new_defaultfontsize = real_expression();
+ }
+
+- if (new_defaultfontsize > 0)
++ if ((0 < new_defaultfontsize) && (new_defaultfontsize < 999))
+ emf_defaultfontsize = new_defaultfontsize;
+
+ sprintf(term_options, "%s %s font \"%s,%g\"",
diff -Nru gnuplot-5.4.1+dfsg1/debian/patches/series gnuplot-5.4.1+dfsg1/debian/patches/series
--- gnuplot-5.4.1+dfsg1/debian/patches/series 2019-10-17 20:27:54.000000000 +0200
+++ gnuplot-5.4.1+dfsg1/debian/patches/series 2021-12-25 18:00:52.000000000 +0100
@@ -5,3 +5,4 @@
10_removepicins.patch
11_fix_linkage_wx.patch
13_honour_SOURCE_DATE_EPOCH.patch
+CVE-2021-44917.patch
--- End Message ---