Bug#1035683: bullseye-pu: package libbsd/0.11.3-1+deb11u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1035683: bullseye-pu: package libbsd/0.11.3-1+deb11u1
From: Guillem Jover <guillem@debian.org>
Date: Sun, 7 May 2023 20:35:52 +0200
Message-id: <[🔎] ZFfviKBAwcjJaGg5@thunder.hadrons.org>
Reply-to: Guillem Jover <guillem@debian.org>, 1035683@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: libbsd@packages.debian.org
Control: affects -1 + src:libbsd

Hi!

[ Reason ]

The libbsd library used to provide MD5 implementations, but those got
split into their own libmd library, and the code removed and switched
to be wrappers to use the libmd implementations to preserve the ABI.
The wrapping for one of those functions was not implemented properly
and that caused the symbol to call itself instead of redirecting to
the libmd symbol, which results in an infinite loop. This got later
inadvertently fixed when the wrapping method was changed, so it never
got noticed as a stable candidate, until now. (So this does not affect
neither earlier versions, nor later ones in other Debian releases.)

[ Impact ]

Any program that might have been linked against old libbsd versions
and uses this symbol from libbsd (instead of using the libmd ones
directly) can end up in this infinite loop, spinning CPU.

[ Tests ]

This is currently not part of the test suite, as these functions are
wrappers over the ones in libmd, and deprecated in favor of direct use
of the symbols in libmd. And while the fix seems obviously correct,
I've done the following to make sure, just in case:

  ,---
  $ cat test.c
  #include <stdio.h>
  #include <bsd/md5.h>
  int main() {
        char digest[MD5_DIGEST_STRING_LENGTH + 1];
        MD5File("test.c", digest);
        printf("md5sum %s\n", digest);
        return 0;
  }
  $ gcc test.c -lbsd -o test
  $ timeout 2 ./test
  $ echo $?
  124
  $ sudo dpkg -i libbsd0_0.11.3-1+deb11u1_amd64.deb
  $ timeout 2 ./test
  md5sum e75d8ce892d0ed5fb1aa2d39242f156c
  $ md5sum test.c
  e75d8ce892d0ed5fb1aa2d39242f156c  test.c
  `---

[ Risks ]

Seems like low risk to me

[ Checklist ]

  [√] *all* changes are documented in the d/changelog
  [√] I reviewed all changes and I approve them
  [√] attach debdiff against the package in (old)stable
  [√] the issue is verified as fixed in unstable

[ Changes ]

Adds a patch making the MD5File() function call the libmd MD5File()
one instead of calling itself.

Attached the debdiff for the update I've prepared.

Thanks,
Guillem

diff -Nru libbsd-0.11.3/debian/changelog libbsd-0.11.3/debian/changelog
--- libbsd-0.11.3/debian/changelog	2021-02-09 06:36:23.000000000 +0100
+++ libbsd-0.11.3/debian/changelog	2023-05-07 19:13:23.000000000 +0200
@@ -1,3 +1,11 @@
+libbsd (0.11.3-1+deb11u1) bullseye; urgency=medium
+
+  * Fix infinite loop when using MD5File() symbol due to missing symbol
+    redirection. Thanks to Guillaume Morin <guillaume@morinfr.org>.
+    Closes: #1033671
+
+ -- Guillem Jover <guillem@debian.org>  Sun, 07 May 2023 19:13:23 +0200
+
 libbsd (0.11.3-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru libbsd-0.11.3/debian/patches/Fix-infinite-loop-on-MD5File-symbol-use.patch libbsd-0.11.3/debian/patches/Fix-infinite-loop-on-MD5File-symbol-use.patch
--- libbsd-0.11.3/debian/patches/Fix-infinite-loop-on-MD5File-symbol-use.patch	1970-01-01 01:00:00.000000000 +0100
+++ libbsd-0.11.3/debian/patches/Fix-infinite-loop-on-MD5File-symbol-use.patch	2023-05-07 19:13:23.000000000 +0200
@@ -0,0 +1,22 @@
+Author: Guillem Jover <guillem@hadrons.org>
+Description: The MD5File() symbol is calling itself causing an infinite loop.
+ This was caused by an omission when switching to use the symbol redirects,
+ which was not applied for this symbol, but was subsequently fixed w/o notice
+ when the redirection method was changed, so this was not spotted as a stable
+ candidate fix.
+Origin: upstream, commit:e7cf8c5785b14fc8fbd37bb665a5f9a4f28c7888
+Bug-Debian: https://bugs.debian.org/1033671
+Forwarded: not-needed
+Last-Update: 2023-05-07
+
+--- a/src/md5.c
++++ b/src/md5.c
+@@ -105,7 +105,7 @@
+ MD5File(const char *filename, char *buf)
+ {
+ 	libmd_wrapper(MD5File);
+-	return MD5File(filename, buf);
++	return libmd_MD5File(filename, buf);
+ }
+ 
+ char *
diff -Nru libbsd-0.11.3/debian/patches/series libbsd-0.11.3/debian/patches/series
--- libbsd-0.11.3/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ libbsd-0.11.3/debian/patches/series	2023-05-07 19:13:23.000000000 +0200
@@ -0,0 +1 @@
+Fix-infinite-loop-on-MD5File-symbol-use.patch

Reply to:

Follow-Ups:
- Processed: bullseye-pu: package libbsd/0.11.3-1+deb11u1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Re: non-essential adduser poses problems to purging packages
Next by Date: Processed: bullseye-pu: package libbsd/0.11.3-1+deb11u1
Previous by thread: Bug#1035680: marked as done (unblock: gr-air-modes/0.0.20210211-3)
Next by thread: Processed: bullseye-pu: package libbsd/0.11.3-1+deb11u1
Index(es):
- Date
- Thread