Bug#1055350: bookworm-pu: package exfatprogs/1.2.0-1+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: exfatprogs@packages.debian.org
Control: affects -1 + src:exfatprogs
[ Reason ]
https://security-tracker.debian.org/tracker/CVE-2023-45897
Low priority security issue, out-of-bounds memory access
in the exFAT fsck utility exfat2img helper.
[ Impact ]
Low priority security issue is fixed.
[ Tests ]
Manual tests performed that effected tools still work.
[ Risks ]
-
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Adds a patch bundling the three upstream commits
which are referenced together with the CVE ID.
gbp.conf and Vcs-Git reference the bookworm branch
[ Other info ]
There wasn't a bug filled for this CVE in the BTS.
The regular upload of 1.2.2 to unstable fixed the
issue before the CVE ID was published, so there
is not yet a CVE ID mentioned in the unstable
changelog.
diff -Nru exfatprogs-1.2.0/debian/changelog exfatprogs-1.2.0/debian/changelog
--- exfatprogs-1.2.0/debian/changelog 2022-10-28 14:48:05.000000000 +0200
+++ exfatprogs-1.2.0/debian/changelog 2023-11-04 17:56:01.000000000 +0100
@@ -1,3 +1,11 @@
+exfatprogs (1.2.0-1+deb12u1) bookworm; urgency=medium
+
+ * CVE-2023-45897 Add debian/patches/CVE-2023-45897-out-of-bounds-memory-access
+ to fix three out-of-bounds memory access issues.
+ * Add bookworm branch information to Vcs-Git and gbp.conf.
+
+ -- Sven Hoexter <hoexter@debian.org> Sat, 04 Nov 2023 17:56:01 +0100
+
exfatprogs (1.2.0-1) unstable; urgency=medium
* New upstream release.
diff -Nru exfatprogs-1.2.0/debian/control exfatprogs-1.2.0/debian/control
--- exfatprogs-1.2.0/debian/control 2022-10-28 14:47:18.000000000 +0200
+++ exfatprogs-1.2.0/debian/control 2023-11-04 17:38:34.000000000 +0100
@@ -6,7 +6,7 @@
Standards-Version: 4.6.1
Rules-Requires-Root: no
Homepage: https://github.com/exfatprogs/exfatprogs
-Vcs-Git: https://git.sven.stormbind.net/exfatprogs.git
+Vcs-Git: https://git.sven.stormbind.net/exfatprogs.git -b bookworm
Vcs-Browser: https://git.sven.stormbind.net/?p=sven/exfatprogs.git
Package: exfatprogs
diff -Nru exfatprogs-1.2.0/debian/gbp.conf exfatprogs-1.2.0/debian/gbp.conf
--- exfatprogs-1.2.0/debian/gbp.conf 2022-10-28 14:19:18.000000000 +0200
+++ exfatprogs-1.2.0/debian/gbp.conf 2023-11-04 16:39:40.000000000 +0100
@@ -1,2 +1,3 @@
[DEFAULT]
pristine-tar = True
+debian-branch = bookworm
diff -Nru exfatprogs-1.2.0/debian/patches/CVE-2023-45897-out-of-bounds-memory-access exfatprogs-1.2.0/debian/patches/CVE-2023-45897-out-of-bounds-memory-access
--- exfatprogs-1.2.0/debian/patches/CVE-2023-45897-out-of-bounds-memory-access 1970-01-01 01:00:00.000000000 +0100
+++ exfatprogs-1.2.0/debian/patches/CVE-2023-45897-out-of-bounds-memory-access 2023-11-04 16:39:40.000000000 +0100
@@ -0,0 +1,67 @@
+Description: CVE-2023-45897 out-of-bounds memory access
+Origin: https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf
+ https://github.com/exfatprogs/exfatprogs/commit/22d0e43e8d24119cbfc6efafabb0dec6517a86c4
+ https://github.com/exfatprogs/exfatprogs/commit/4abc55e976573991e6a1117bb2b3711e59da07ae
+Last-Update: 2023-10-31
+Index: exfatprogs/exfat2img/exfat2img.c
+===================================================================
+--- exfatprogs.orig/exfat2img/exfat2img.c
++++ exfatprogs/exfat2img/exfat2img.c
+@@ -319,7 +319,7 @@ static int read_file_dentry_set(struct e
+ if (!node)
+ return -ENOMEM;
+
+- for (i = 2; i <= file_de->file_num_ext; i++) {
++ for (i = 2; i <= MIN(file_de->file_num_ext, 1 + MAX_NAME_DENTRIES); i++) {
+ ret = exfat_de_iter_get(iter, i, &dentry);
+ if (ret || dentry->type != EXFAT_NAME)
+ break;
+Index: exfatprogs/fsck/fsck.c
+===================================================================
+--- exfatprogs.orig/fsck/fsck.c
++++ exfatprogs/fsck/fsck.c
+@@ -769,7 +769,7 @@ ask_again:
+ char *rename = NULL;
+ __u16 hash;
+ struct exfat_dentry *stream_de;
+- int name_len, ret;
++ int ret;
+
+ switch (num) {
+ case 1:
+@@ -798,11 +798,11 @@ ask_again:
+ if (ret < 0)
+ return ret;
+
++ ret >>=1;
+ memcpy(dentry->name_unicode, utf16_name, ENTRY_NAME_MAX * 2);
+- name_len = exfat_utf16_len(utf16_name, ENTRY_NAME_MAX * 2);
+- hash = exfat_calc_name_hash(iter->exfat, utf16_name, (int)name_len);
++ hash = exfat_calc_name_hash(iter->exfat, utf16_name, ret);
+ exfat_de_iter_get_dirty(iter, 1, &stream_de);
+- stream_de->stream_name_len = (__u8)name_len;
++ stream_de->stream_name_len = (__u8)ret;
+ stream_de->stream_name_hash = cpu_to_le16(hash);
+ }
+
+@@ -856,7 +856,7 @@ static int read_file_dentry_set(struct e
+ if (!node)
+ return -ENOMEM;
+
+- for (i = 2; i <= file_de->file_num_ext; i++) {
++ for (i = 2; i <= MIN(file_de->file_num_ext, 1 + MAX_NAME_DENTRIES); i++) {
+ ret = exfat_de_iter_get(iter, i, &dentry);
+ if (ret || dentry->type != EXFAT_NAME) {
+ if (i > 2 && repair_file_ask(iter, NULL, ER_DE_NAME,
+Index: exfatprogs/include/exfat_ondisk.h
+===================================================================
+--- exfatprogs.orig/include/exfat_ondisk.h
++++ exfatprogs/include/exfat_ondisk.h
+@@ -40,6 +40,7 @@
+ /* exFAT allows 8388608(256MB) directory entries */
+ #define MAX_EXFAT_DENTRIES 8388608
+ #define MIN_FILE_DENTRIES 3
++#define MAX_NAME_DENTRIES 17
+
+ /* dentry types */
+ #define MSDOS_DELETED 0xE5 /* deleted mark */
diff -Nru exfatprogs-1.2.0/debian/patches/series exfatprogs-1.2.0/debian/patches/series
--- exfatprogs-1.2.0/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ exfatprogs-1.2.0/debian/patches/series 2023-11-04 16:39:40.000000000 +0100
@@ -0,0 +1 @@
+CVE-2023-45897-out-of-bounds-memory-access
Reply to: