[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1095692: marked as done (bookworm-pu: package libeconf/0.5.1+dfsg1-1+deb12u1)

Your message dated Sat, 15 Mar 2025 09:44:44 +0000
with message-id <E1ttO4S-005Kk2-CL@coccia.debian.org>
and subject line Close 1095692
has caused the Debian Bug report #1095692,
regarding bookworm-pu: package libeconf/0.5.1+dfsg1-1+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1095692: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095692
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: libeconf@packages.debian.org
Control: affects -1 + src:libeconf

[ Reason ]
I'd like to upload an updated libeconf package to bookworm
that addresses the two open CVEs (both fixed by cherry-picking
a single upstream commit as a patch).

[ Impact ]
The patch fixes two buffer overflows in the code
(and an initialization error) as published in bookworm.

[ Tests ]
The upstream test-suite has been run and passed as part
of building the package in a bookworm chroot.

[ Risks ]
The risks are very low since there are no reverse dependencies
of libeconf in bookworm and will only effect people who have
custom built software against the libeconf package.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
      (ignoring debian/gbp.conf branch changes)
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable/bookworm
  [x] the issue is verified as fixed in unstable
      (newer upstream release already includes the same commit)

[ Changes ]
Upstream commit https://github.com/openSUSE/libeconf/commit/8d086dfc69d4299e55e4844e3573b3a4cf420f19
is cherry-picked into debian/patches (via `gbp pq import/export`).

[Other info]
git branch at: https://salsa.debian.org/debian/libeconf/-/tree/debian/bookworm?ref_type=heads
debdiff attached.

Regards,
Andreas Henriksson

diff -Nru libeconf-0.5.1+dfsg1/debian/changelog libeconf-0.5.1+dfsg1/debian/changelog
--- libeconf-0.5.1+dfsg1/debian/changelog	2023-02-18 20:15:37.000000000 +0100
+++ libeconf-0.5.1+dfsg1/debian/changelog	2025-02-10 21:04:57.000000000 +0100
@@ -1,3 +1,11 @@
+libeconf (0.5.1+dfsg1-1+deb12u1) bookworm; urgency=medium
+
+  * Cherry-pick upstream buffer overflow fix (Closes: #1037333)
+    - CVE-2023-32181
+    - CVE-2023-22652
+
+ -- Andreas Henriksson <andreas@fatal.se>  Mon, 10 Feb 2025 21:04:57 +0100
+
 libeconf (0.5.1+dfsg1-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru libeconf-0.5.1+dfsg1/debian/gbp.conf libeconf-0.5.1+dfsg1/debian/gbp.conf
--- libeconf-0.5.1+dfsg1/debian/gbp.conf	2022-07-18 23:45:01.000000000 +0200
+++ libeconf-0.5.1+dfsg1/debian/gbp.conf	2025-02-10 21:00:36.000000000 +0100
@@ -1,5 +1,5 @@
 [DEFAULT]
-debian-branch = debian/master
+debian-branch = debian/bookworm
 upstream-branch = upstream/latest
 pristine-tar = True
 sign-tags = True
diff -Nru libeconf-0.5.1+dfsg1/debian/patches/0001-Aarch64-gcc13-183.patch libeconf-0.5.1+dfsg1/debian/patches/0001-Aarch64-gcc13-183.patch
--- libeconf-0.5.1+dfsg1/debian/patches/0001-Aarch64-gcc13-183.patch	1970-01-01 01:00:00.000000000 +0100
+++ libeconf-0.5.1+dfsg1/debian/patches/0001-Aarch64-gcc13-183.patch	2025-02-10 21:01:49.000000000 +0100
@@ -0,0 +1,98 @@
+From: Stefan Schubert <stefan@gefluegelhof-schubert.de>
+Date: Fri, 24 Mar 2023 15:14:07 +0100
+Subject: Aarch64 gcc13 (#183)
+
+* fixed initializatio error
+
+* fixed buffer overflow
+
+* fixed buffer overflow
+
+(cherry picked from commit 8d086dfc69d4299e55e4844e3573b3a4cf420f19)
+---
+ lib/getfilecontents.c | 7 +++----
+ lib/helpers.c         | 1 +
+ lib/libeconf.c        | 2 ++
+ lib/libeconf_ext.c    | 1 +
+ 4 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/lib/getfilecontents.c b/lib/getfilecontents.c
+index 94e1db9..f9b1afc 100644
+--- a/lib/getfilecontents.c
++++ b/lib/getfilecontents.c
+@@ -180,7 +180,7 @@ store (econf_file *ef, const char *group, const char *key,
+ 
+   ef->file_entry[ef->length-1].line_number = line_number;
+ 
+-  ef->file_entry[ef->length-1].quotes |= quotes;
++  ef->file_entry[ef->length-1].quotes = quotes;
+ 
+   if (group)
+     ef->file_entry[ef->length-1].group = strdup(group);
+@@ -265,11 +265,12 @@ read_file(econf_file *ef, const char *file,
+   }
+   ef->delimiter = *delim;
+ 
+-  while (fgets(buf, sizeof(buf), kf)) {
++  while (fgets(buf, BUFSIZ-1, kf)) {
+     char *p, *name, *data = NULL;
+     bool quote_seen = false, delim_seen = false;
+     char *org_buf __attribute__ ((__cleanup__(free_buffer))) = strdup(buf);
+ 
++    buf[BUFSIZ-1] = '\0';
+     line++;
+     last_scanned_line_nr = line;
+ 
+@@ -410,8 +411,6 @@ read_file(econf_file *ef, const char *file,
+       if (!found_delim &&
+ 	  /* Entry has already been found */
+ 	  ef->length > 0 &&
+-	  /* Value of previous entry is not Null. So delimiter has been found in the previous line */
+-	  ef->file_entry[ef->length-1].value != NULL &&
+ 	  /* The Entry must be the next line. Otherwise it is a new one */
+ 	  ef->file_entry[ef->length-1].line_number+1 == line)
+       {
+diff --git a/lib/helpers.c b/lib/helpers.c
+index d721727..3e1541a 100644
+--- a/lib/helpers.c
++++ b/lib/helpers.c
+@@ -47,6 +47,7 @@ void initialize(econf_file *key_file, size_t num) {
+   key_file->file_entry[num].value = strdup(KEY_FILE_NULL_VALUE);
+   key_file->file_entry[num].comment_before_key = NULL;
+   key_file->file_entry[num].comment_after_value = NULL;
++  key_file->file_entry[num].quotes = false;
+ }
+ 
+ // Remove whitespace from beginning and end, append string terminator
+diff --git a/lib/libeconf.c b/lib/libeconf.c
+index d2026ea..0bed98f 100644
+--- a/lib/libeconf.c
++++ b/lib/libeconf.c
+@@ -509,6 +509,7 @@ econf_err econf_writeFile(econf_file *key_file, const char *save_to_dir,
+       char *value_string = buf;
+ 
+       strncpy(buf,key_file->file_entry[i].comment_before_key,BUFSIZ-1);
++      buf[BUFSIZ-1] = '\0';
+       while ((line = strsep(&value_string, "\n")) != NULL) {
+ 	fprintf(kf, "%c%s\n",
+ 		key_file->comment,
+@@ -533,6 +534,7 @@ econf_err econf_writeFile(econf_file *key_file, const char *save_to_dir,
+       char *value_string = buf;
+ 
+       strncpy(buf,key_file->file_entry[i].comment_after_value,BUFSIZ-1);
++      buf[BUFSIZ-1] = '\0';
+       while ((line = strsep(&value_string, "\n")) != NULL) {
+ 	fprintf(kf, " %c%s\n",
+ 		key_file->comment,
+diff --git a/lib/libeconf_ext.c b/lib/libeconf_ext.c
+index fe3cdf4..137b869 100644
+--- a/lib/libeconf_ext.c
++++ b/lib/libeconf_ext.c
+@@ -82,6 +82,7 @@ econf_getExtValue(econf_file *kf, const char *group,
+ 
+   if (value_string!=NULL) {
+     strncpy(buf,value_string,BUFSIZ-1);
++    buf[BUFSIZ-1] = '\0';
+     free(value_string);
+     value_string = trim(buf);
+ 
diff -Nru libeconf-0.5.1+dfsg1/debian/patches/series libeconf-0.5.1+dfsg1/debian/patches/series
--- libeconf-0.5.1+dfsg1/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ libeconf-0.5.1+dfsg1/debian/patches/series	2025-02-10 21:01:49.000000000 +0100
@@ -0,0 +1 @@
+0001-Aarch64-gcc13-183.patch

--- End Message ---
--- Begin Message --- 
Version: 12.10
This update has been released as part of 12.10. Thank you for your contribution.

--- End Message ---
Reply to: