Bug#926734: unblock: libcaca/0.99.beta19-2.1

Tobias Frost Tue, 09 Apr 2019 11:33:47 -0700

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock


Please unblock package libcaca

The new packages fixes 6 CVE's. (Bug #917807)

Thanks!

unblock libcaca/0.99.beta19-2.1

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru libcaca-0.99.beta19/debian/changelog 
libcaca-0.99.beta19/debian/changelog
--- libcaca-0.99.beta19/debian/changelog        2014-06-02 22:39:11.000000000 
+0200
+++ libcaca-0.99.beta19/debian/changelog        2019-04-06 22:18:41.000000000 
+0200
@@ -1,3 +1,12 @@
+libcaca (0.99.beta19-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Cherry-Pick fixes from upstream git repository:
+    - CVE-2018-20545, CVE-2018-20546, CVE-2018-20547,CVE-2018-20548 and
+      CVE-2018-20549 (Closes: #917807)
+
+ -- Tobias Frost <t...@debian.org>  Sat, 06 Apr 2019 22:18:41 +0200
+
 libcaca (0.99.beta19-2) unstable; urgency=medium
 
   * debian/patches/100_doxygen.diff: remove deprecated Doxygen variables.
diff -Nru libcaca-0.99.beta19/debian/patches/CVE-2018-20544.patch 
libcaca-0.99.beta19/debian/patches/CVE-2018-20544.patch
--- libcaca-0.99.beta19/debian/patches/CVE-2018-20544.patch     1970-01-01 
01:00:00.000000000 +0100
+++ libcaca-0.99.beta19/debian/patches/CVE-2018-20544.patch     2019-04-06 
21:36:52.000000000 +0200
@@ -0,0 +1,45 @@
+From 84bd155087b93ab2d8d7cb5b1ac94ecd4cf4f93c Mon Sep 17 00:00:00 2001
+From: Sam Hocevar <s...@hocevar.net>
+Date: Sat, 29 Dec 2018 22:13:56 +0100
+Subject: [PATCH] dither: fix integer overflows that were causing a division by
+ zero.
+
+Fixes: #36 (CVE-2018-20544)
+---
+ caca/dither.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/caca/dither.c b/caca/dither.c
+index 04b678e0..c6ebab1b 100644
+--- a/caca/dither.c
++++ b/caca/dither.c
+@@ -991,10 +991,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int y, 
int w, int h,
+         /* First get RGB */
+         if(d->antialias)
+         {
+-            fromx = (x - x1) * w / deltax;
+-            fromy = (y - y1) * h / deltay;
+-            tox = (x - x1 + 1) * w / deltax;
+-            toy = (y - y1 + 1) * h / deltay;
++            fromx = (uint64_t)(x - x1) * w / deltax;
++            fromy = (uint64_t)(y - y1) * h / deltay;
++            tox = (uint64_t)(x - x1 + 1) * w / deltax;
++            toy = (uint64_t)(y - y1 + 1) * h / deltay;
+ 
+             /* We want at least one pixel */
+             if(tox == fromx) tox++;
+@@ -1017,10 +1017,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int 
y, int w, int h,
+         }
+         else
+         {
+-            fromx = (x - x1) * w / deltax;
+-            fromy = (y - y1) * h / deltay;
+-            tox = (x - x1 + 1) * w / deltax;
+-            toy = (y - y1 + 1) * h / deltay;
++            fromx = (uint64_t)(x - x1) * w / deltax;
++            fromy = (uint64_t)(y - y1) * h / deltay;
++            tox = (uint64_t)(x - x1 + 1) * w / deltax;
++            toy = (uint64_t)(y - y1 + 1) * h / deltay;
+ 
+             /* tox and toy can overflow the canvas, but they cannot overflow
+              * when averaged with fromx and fromy because these are guaranteed
diff -Nru libcaca-0.99.beta19/debian/patches/CVE-2018-20545+20547+20549.patch 
libcaca-0.99.beta19/debian/patches/CVE-2018-20545+20547+20549.patch
--- libcaca-0.99.beta19/debian/patches/CVE-2018-20545+20547+20549.patch 
1970-01-01 01:00:00.000000000 +0100
+++ libcaca-0.99.beta19/debian/patches/CVE-2018-20545+20547+20549.patch 
2019-04-06 22:08:34.000000000 +0200
@@ -0,0 +1,34 @@
+Description: img2txt: fix an integer overflow in the BMP loader.
+Origin: 
https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
+Forwarded: not-needed
+Applied-Upstream: 
https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
+Last-Update: 2019-04-06
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/common-image.h
++++ b/src/common-image.h
+@@ -1,19 +1,19 @@
+ /*
+  *  Imaging tools for cacaview and img2irc
+- *  Copyright (c) 2003-2012 Sam Hocevar <s...@hocevar.net>
+- *                All Rights Reserved
++ *  Copyright (c) 2003-2018 Sam Hocevar <s...@hocevar.net>
++ *              All Rights Reserved
+  *
+  *  This program is free software. It comes without any warranty, to
+  *  the extent permitted by applicable law. You can redistribute it
+  *  and/or modify it under the terms of the Do What the Fuck You Want
+- *  to Public License, Version 2, as published by Sam Hocevar. See
+- *  http://www.wtfpl.net/ for more details.
++ *  to Public License, Version 2, as published by the WTFPL Task Force.
++ *  See http://www.wtfpl.net/ for more details.
+  */
+ 
+ struct image
+ {
+     char *pixels;
+-    unsigned int w, h;
++    size_t w, h;
+     struct caca_dither *dither;
+     void *priv;
+ };
diff -Nru libcaca-0.99.beta19/debian/patches/CVE-2018-20546+20547.patch 
libcaca-0.99.beta19/debian/patches/CVE-2018-20546+20547.patch
--- libcaca-0.99.beta19/debian/patches/CVE-2018-20546+20547.patch       
1970-01-01 01:00:00.000000000 +0100
+++ libcaca-0.99.beta19/debian/patches/CVE-2018-20546+20547.patch       
2019-04-06 21:39:32.000000000 +0200
@@ -0,0 +1,36 @@
+From 02a09ec9e5ed8981e7a810bfb6a0172dc24f0790 Mon Sep 17 00:00:00 2001
+From: Sam Hocevar <s...@hocevar.net>
+Date: Sun, 30 Dec 2018 13:18:27 +0100
+Subject: [PATCH] dither: fix integer multiplication overflow that caused
+ crashes.
+
+Fixes: #38 (CVE-2018-20546)
+Fixes: #39 (CVE-2018-20547)
+---
+ caca/dither.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/caca/dither.c b/caca/dither.c
+index c6ebab1b..b2e24e55 100644
+--- a/caca/dither.c
++++ b/caca/dither.c
+@@ -6,8 +6,8 @@
+  *  This library is free software. It comes without any warranty, to
+  *  the extent permitted by applicable law. You can redistribute it
+  *  and/or modify it under the terms of the Do What the Fuck You Want
+- *  to Public License, Version 2, as published by Sam Hocevar. See
+- *  http://www.wtfpl.net/ for more details.
++ *  to Public License, Version 2, as published by the WTFPL Task Force.
++ *  See http://www.wtfpl.net/ for more details.
+  */
+ 
+ /*
+@@ -116,7 +116,7 @@ enum color_mode
+ struct caca_dither
+ {
+     int bpp, has_palette, has_alpha;
+-    int w, h, pitch;
++    size_t w, h, pitch;
+     int rmask, gmask, bmask, amask;
+     int rright, gright, bright, aright;
+     int rleft, gleft, bleft, aleft;
diff -Nru libcaca-0.99.beta19/debian/patches/series 
libcaca-0.99.beta19/debian/patches/series
--- libcaca-0.99.beta19/debian/patches/series   2014-05-16 21:30:34.000000000 
+0200
+++ libcaca-0.99.beta19/debian/patches/series   2019-04-06 21:46:52.000000000 
+0200
@@ -1,2 +1,5 @@
 100_doxygen.diff
 200_glut_header.diff
+CVE-2018-20544.patch
+CVE-2018-20545+20547+20549.patch
+CVE-2018-20546+20547.patch

Bug#926734: unblock: libcaca/0.99.beta19-2.1

Reply via email to