Brian May <b...@debian.org> writes:
> I will have a look and see if I can hack^h^h^h^hpatch the Debian package
> to include the above security fix; although I don't have any exploits
> test it with.
Ok, I have attached my proposed debdiff patch. It builds using sbuild. I
haven't claimed this package, and unlikely to have time to continue this
month. So if anybody wants to take over before then, feel free to do so.
--
Brian May <b...@debian.org>
diff -u matrixssl-1.8.8/debian/changelog matrixssl-1.8.8/debian/changelog
--- matrixssl-1.8.8/debian/changelog
+++ matrixssl-1.8.8/debian/changelog
@@ -1,3 +1,10 @@
+matrixssl (1.8.8-1+deb7u1) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the LTS Team.
+ * Fix integer overflow in bn_reverse.
+
+ -- Brian May <b...@debian.org> Mon, 22 Aug 2016 18:09:05 +1000
+
matrixssl (1.8.8-1) unstable; urgency=high
* new upstream version.
diff -u matrixssl-1.8.8/debian/control matrixssl-1.8.8/debian/control
--- matrixssl-1.8.8/debian/control
+++ matrixssl-1.8.8/debian/control
@@ -2,7 +2,7 @@
Priority: optional
Section: libs
Maintainer: Gerrit Pape <p...@smarden.org>
-Build-Depends: dietlibc-dev [alpha amd64 arm hppa i386 ia64 mips mipsel powerpc ppc64 s390 sparc]
+Build-Depends: dietlibc-dev [alpha amd64 arm hppa i386 ia64 mips mipsel powerpc ppc64 s390 sparc], quilt
Standards-Version: 3.8.0.1
Package: libmatrixssl1.8-dev
diff -u matrixssl-1.8.8/debian/rules matrixssl-1.8.8/debian/rules
--- matrixssl-1.8.8/debian/rules
+++ matrixssl-1.8.8/debian/rules
@@ -28,6 +28,7 @@
DIR =$(shell pwd)/debian/libmatrixssl$(SOVER)
unpack: deb-checkdir unpack-gnu-stamp unpack-diet-stamp
+ quilt push -a
unpack-gnu-stamp:
mkdir -p gnu/static gnu/shared
(cd gnu/static && tar xzf - && ln -s matrixssl* matrixssl) <'$(TARGZ)'
@@ -61,6 +62,7 @@
touch build-diet-stamp
clean: deb-checkdir deb-checkuid
+ quilt pop -a || true
rm -rf gnu diet examples
rm -f unpack-gnu-stamp unpack-diet-stamp build-gnu-stamp \
build-diet-stamp
only in patch2:
unchanged:
--- matrixssl-1.8.8.orig/.pc/.quilt_patches
+++ matrixssl-1.8.8/.pc/.quilt_patches
@@ -0,0 +1 @@
+debian/patches
only in patch2:
unchanged:
--- matrixssl-1.8.8.orig/.pc/.quilt_series
+++ matrixssl-1.8.8/.pc/.quilt_series
@@ -0,0 +1 @@
+series
only in patch2:
unchanged:
--- matrixssl-1.8.8.orig/.pc/.version
+++ matrixssl-1.8.8/.pc/.version
@@ -0,0 +1 @@
+2
only in patch2:
unchanged:
--- matrixssl-1.8.8.orig/debian/patches/fix-bn_reverse.patch
+++ matrixssl-1.8.8/debian/patches/fix-bn_reverse.patch
@@ -0,0 +1,36 @@
+--- a/diet/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
++++ b/diet/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
+@@ -945,6 +945,9 @@
+ int32 ix, iy;
+ unsigned char t;
+
++ if (len == 0) {
++ return;
++ }
+ ix = 0;
+ iy = len - 1;
+ while (ix < iy) {
+--- a/gnu/shared/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
++++ b/gnu/shared/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
+@@ -945,6 +945,9 @@
+ int32 ix, iy;
+ unsigned char t;
+
++ if (len == 0) {
++ return;
++ }
+ ix = 0;
+ iy = len - 1;
+ while (ix < iy) {
+--- a/gnu/static/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
++++ b/gnu/static/matrixssl-1-8-8-open/src/crypto/peersec/mpi.c
+@@ -945,6 +945,9 @@
+ int32 ix, iy;
+ unsigned char t;
+
++ if (len == 0) {
++ return;
++ }
+ ix = 0;
+ iy = len - 1;
+ while (ix < iy) {
only in patch2:
unchanged:
--- matrixssl-1.8.8.orig/debian/patches/series
+++ matrixssl-1.8.8/debian/patches/series
@@ -0,0 +1 @@
+fix-bn_reverse.patch
