Bug#1023602: bullseye-pu: package xfig/1:3.2.8-3

[Roland Rosenfeld <roland@debian.org>]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu

[ Reason ]
This fixes CVE-2021-40241 (a potential buffer overflow in reading an
environment variable).

[ Tests ]
Salsa-CI Pipleline passed except reprotest (no idea, what goes wrong
there, maybe a bullseye problem with the pipeline):
https://salsa.debian.org/debian/xfig/-/pipelines/451502

[ Risks ]
The fix is very minimal (change sprintf to snprintf).

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
- fix for CVE-2021-40241
- Change in debian/salsa-ci.yml to build with bullseye instead of unstable

Greetings
Roland

diff -Nru xfig-3.2.8/debian/changelog xfig-3.2.8/debian/changelog
--- xfig-3.2.8/debian/changelog	2021-05-20 21:14:22.000000000 +0200
+++ xfig-3.2.8/debian/changelog	2022-11-07 13:10:05.000000000 +0100
@@ -1,3 +1,10 @@
+xfig (1:3.2.8-3+deb11u1) bullseye; urgency=medium
+
+  * 10_CVE-2021-40241: Avoid buffer overflow in LANG (CVE-2021-40241)
+    (Closes: #992395).
+
+ -- Roland Rosenfeld <roland@debian.org>  Mon, 07 Nov 2022 13:10:05 +0100
+
 xfig (1:3.2.8-3) unstable; urgency=medium
 
   * testsuite: depend on libgs-dev, so the test does no longer randomly
diff -Nru xfig-3.2.8/debian/patches/10_CVE-2021-40241.patch xfig-3.2.8/debian/patches/10_CVE-2021-40241.patch
--- xfig-3.2.8/debian/patches/10_CVE-2021-40241.patch	1970-01-01 01:00:00.000000000 +0100
+++ xfig-3.2.8/debian/patches/10_CVE-2021-40241.patch	2022-11-07 13:10:05.000000000 +0100
@@ -0,0 +1,19 @@
+From: Roland Rosenfeld <roland@debian.org>
+Date: Fri, 20 Aug 2021 13:18:20 +0200
+Origin: upstream, https://sourceforge.net/p/mcj/xfig/ci/1c4e131
+Bug-Debian: https://bugs.debian.org/992395
+Bug: https://bugs.debian.org/992395
+Subject: Avoid buffer overflow in LANG.
+ Fixes CVE-2021-40241
+
+--- a/src/w_help.c
++++ b/src/w_help.c
+@@ -52,7 +52,7 @@ launch_refman(Widget w, XtPointer closur
+ #ifdef I18N
+ 	if (appres.international && getenv("LANG")) {
+ 	  /* check localized file ($XFIGDOCDIR/html/$LANG/index.html) first */
+-	  sprintf(filename, "%s/html/%s/index.html", XFIGDOCDIR, getenv("LANG"));
++	  snprintf(filename, PATH_MAX, "%s/html/%s/index.html", XFIGDOCDIR, getenv("LANG"));
+ 	  if (!check_docfile(filename))
+ 	    sprintf(filename, "%s/html/index.html", XFIGDOCDIR);
+ 	}
diff -Nru xfig-3.2.8/debian/patches/series xfig-3.2.8/debian/patches/series
--- xfig-3.2.8/debian/patches/series	2021-05-20 21:14:22.000000000 +0200
+++ xfig-3.2.8/debian/patches/series	2022-11-07 13:10:05.000000000 +0100
@@ -4,3 +4,4 @@
 07_missing-config.h.patch
 08_fig-format-doc.patch
 09_repair-table-doc.patch
+10_CVE-2021-40241.patch
diff -Nru xfig-3.2.8/debian/salsa-ci.yml xfig-3.2.8/debian/salsa-ci.yml
--- xfig-3.2.8/debian/salsa-ci.yml	2021-05-20 21:14:22.000000000 +0200
+++ xfig-3.2.8/debian/salsa-ci.yml	2022-11-07 13:10:05.000000000 +0100
@@ -3,4 +3,4 @@
   - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
 
 variables:
-  RELEASE: 'unstable'
+  RELEASE: 'bullseye'

Attachment: signature.asc
Description: PGP signature