[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1068033: marked as done (bookworm-pu: package gross/1.0.2-4.1~deb12u1)

Your message dated Sat, 29 Jun 2024 10:46:17 +0000
with message-id <E1sNVaz-002bcQ-Q2@coccia.debian.org>
and subject line Released with 12.6
has caused the Debian Bug report #1068033,
regarding bookworm-pu: package gross/1.0.2-4.1~deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1068033: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068033
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Antonio Radici <antonio@debian.org>, team@security.debian.org

  * CVE-2023-52159: Stack-based buffer overflow (Closes: #1067115)

This CVE is marked no-dsa.

Building with the bookworm debhelper adds a preinst due to #1021027.

diffstat for gross-1.0.2 gross-1.0.2

 changelog                                |   14 ++++
 patches/0001-fix-misuse-of-strncat.patch |   95 +++++++++++++++++++++++++++++++
 patches/series                           |    1 
 3 files changed, 110 insertions(+)

diff -Nru gross-1.0.2/debian/changelog gross-1.0.2/debian/changelog
--- gross-1.0.2/debian/changelog	2014-10-25 11:20:12.000000000 +0300
+++ gross-1.0.2/debian/changelog	2024-03-29 22:52:55.000000000 +0200
@@ -1,3 +1,17 @@
+gross (1.0.2-4.1~deb12u1) bookworm; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for bookworm.
+
+ -- Adrian Bunk <bunk@debian.org>  Fri, 29 Mar 2024 22:52:55 +0200
+
+gross (1.0.2-4.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * CVE-2023-52159: Stack-based buffer overflow (Closes: #1067115)
+
+ -- Adrian Bunk <bunk@debian.org>  Sat, 23 Mar 2024 23:23:34 +0200
+
 gross (1.0.2-4) unstable; urgency=low
 
   * debian/README: fixed a typo (Closes: 670596)
diff -Nru gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch
--- gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch	1970-01-01 02:00:00.000000000 +0200
+++ gross-1.0.2/debian/patches/0001-fix-misuse-of-strncat.patch	2024-03-23 23:23:34.000000000 +0200
@@ -0,0 +1,95 @@
+From ec697f4dd5b057ad5af17468dac7955f3d1c03c6 Mon Sep 17 00:00:00 2001
+From: Dmitry Mikhirev <mikhirev@gmail.com>
+Date: Wed, 27 Dec 2023 03:42:29 +0400
+Subject: fix misuse of strncat
+
+---
+ src/gross.c  | 11 ++++++++---
+ src/worker.c | 21 ++++++++++++---------
+ 2 files changed, 20 insertions(+), 12 deletions(-)
+
+diff --git a/src/gross.c b/src/gross.c
+index 6e1a277..f477845 100644
+--- a/src/gross.c
++++ b/src/gross.c
+@@ -111,7 +111,9 @@ configure_grossd(configlist_t *config)
+ 	configlist_t *cp;
+ 	const char *updatestr;
+ 	struct hostent *host = NULL;
+-	char buffer[MAXLINELEN] = { '\0' };
++	char buffer[MAXLINELEN];
++	char *lineend;
++	size_t len;
+ 	params_t *pp;
+ 
+ 	cp = config;
+@@ -119,11 +121,14 @@ configure_grossd(configlist_t *config)
+ 		while (cp) {
+ 			pp = cp->params;
+ 			*buffer = '\0';
++			lineend = buffer;
++			len = 0;
+ 			while (pp) {
+-				strncat(buffer, " ; ", MAXLINELEN - 1);
+-				strncat(buffer, pp->value, MAXLINELEN - 1);
++				len += snprintf(lineend, MAXLINELEN - len - 1, " ; %s", pp->value);
++				lineend = buffer + len;
+ 				pp = pp->next;
+ 			}
++			buffer[MAXLINELEN - 1] = '\0';
+ 			logstr(GLOG_DEBUG, "config: %s = %s%s", cp->name, cp->value, buffer);
+ 			cp = cp->next;
+ 		}
+diff --git a/src/worker.c b/src/worker.c
+index 24f104b..63c0f06 100644
+--- a/src/worker.c
++++ b/src/worker.c
+@@ -618,7 +618,8 @@ void
+ querylogwrite(querylog_entry_t *q)
+ {
+ 	char line[MAXLINELEN];
+-	char buffer[MAXLINELEN];
++	size_t len = 0;
++	char *lineend = line;
+ 	char *actionstr;
+ 	check_match_t *m;
+ 
+@@ -655,25 +656,27 @@ querylogwrite(querylog_entry_t *q)
+ 	if (NULL == q->recipient)
+ 		q->recipient = "N/A";
+ 
+-	snprintf(line, MAXLINELEN - 1, "a=%s d=%d w=%d c=%s s=%s r=%s", actionstr, q->delay, q->totalweight,
+-	    q->client_ip, q->sender, q->recipient);
++	len += snprintf(line, MAXLINELEN - 1, "a=%s d=%d w=%d c=%s s=%s r=%s", actionstr, q->delay, q->totalweight,  q->client_ip, q->sender, q->recipient);
++	lineend = line +len;
+ 
+ 	if (q->helo) {
+-		snprintf(buffer, MAXLINELEN - 1, " h=%s", q->helo);
+-		strncat(line, buffer, MAXLINELEN - 1);
++		len += snprintf(lineend, MAXLINELEN - len - 1, " h=%s", q->helo);
++		lineend = line + len;
+ 	}
+ 
+ 	m = q->match;
+ 	while (m) {
+-		snprintf(buffer, MAXLINELEN - 1, " m=%s", m->name);
+-		strncat(line, buffer, MAXLINELEN - 1);
++		len += snprintf(lineend, MAXLINELEN - len - 1, " m=%s", m->name);
++		lineend = line + len;
+ 		if (m->weight) {
+-			snprintf(buffer, MAXLINELEN - 1, "%+d", m->weight);
+-			strncat(line, buffer, MAXLINELEN - 1);
++			len += snprintf(lineend, MAXLINELEN - len - 1, "%+d", m->weight);
++			lineend = line + len;
+ 		}
+ 		m = m->next;
+ 	}
+ 
++	line[MAXLINELEN - 1] = '\0';
++
+ 	logstr(GLOG_INFO, "%s", line);
+ }
+ 
+-- 
+2.30.2
+
diff -Nru gross-1.0.2/debian/patches/series gross-1.0.2/debian/patches/series
--- gross-1.0.2/debian/patches/series	2014-10-25 11:07:44.000000000 +0300
+++ gross-1.0.2/debian/patches/series	2024-03-23 23:23:34.000000000 +0200
@@ -1,3 +1,4 @@
 0001-fix-manpage-errors.patch
 0003-change-default-user.patch
 0002-remove-getline.patch
+0001-fix-misuse-of-strncat.patch

--- End Message ---
--- Begin Message --- 
Version: 12.6

The upload requested in this bug has been released as part of 12.6.

--- End Message ---
Reply to: