Your message dated Sat, 31 Aug 2024 12:30:55 +0100
with message-id
<27c418b1a49ffc566f1b9635359e59f6a742be26.ca...@adam-barratt.org.uk>
and subject line Closing bugs for 11.11
has caused the Debian Bug report #1074142,
regarding bullseye-pu: package indent/2.2.12-1+deb11u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1074142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074142
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ind...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:indent
[ Reason ]
Fix several memory handling bugs, already fixed in stable.
[ Impact ]
Without those fixes, indent crashes with several real-life inputs.
[ Tests ]
I've tested the resulting package and it fixes the reported problems.
[ Risks ]
Quite low, the fixes have been in stable and testing for a long time.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
This release is essentially the same as 2.2.12-1 currently in bullseye,
but adding the following patches taken verbatim from 2.2.12-4+deb12u3
currently in bookworm:
02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
03-fix-an-out-of-buffer-read.patch
04-fix-a-heap-buffer-overwrite.patch
05-fix-a-heap-buffer-underread-in-set-buf-break.patch
Therefore, this upload will make the bullseye version to be functionally
equivalent to the bookworm version.
[ Other info ]
I've already made the upload.
diff -Nru indent-2.2.12/debian/changelog indent-2.2.12/debian/changelog
--- indent-2.2.12/debian/changelog 2019-01-27 22:35:20.000000000 +0100
+++ indent-2.2.12/debian/changelog 2024-06-23 18:25:00.000000000 +0200
@@ -1,3 +1,19 @@
+indent (2.2.12-1+deb11u1) bullseye; urgency=low
+
+ * Restore the ROUND_UP macro and adjust the initial buffer size.
+ Patch from the author, backported from 2.2.13.
+ Fix memory handling problem. Closes: #1036851.
+ * Apply two patches by Petr Písař <ppi...@redhat.com>.
+ - Fix an out-of-buffer read in search_brace()/lexi() on an condition
+ without parentheses followed with an overlong comment.
+ - Fix a heap buffer overwrite in search_brace(). Closes: #1049366.
+ This one is CVE-2023-40305.
+ * Fix a heap buffer underread in set_buf_break(). Closes: #1061543.
+ Patch by Petr Písař <ppi...@redhat.com>.
+ This is CVE-2024-0911.
+
+ -- Santiago Vila <sanv...@debian.org> Sun, 23 Jun 2024 18:25:00 +0200
+
indent (2.2.12-1) unstable; urgency=low
* New upstream release. Closes: #916199.
diff -Nru
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
---
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
1970-01-01 01:00:00.000000000 +0100
+++
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
2024-06-23 17:01:00.000000000 +0200
@@ -0,0 +1,59 @@
+From: Andrej Shadura <and...@shadura.me>
+Subject: Restore the ROUND_UP macro and adjust the initial buffer size.
+Bug-Debian: https://bugs.debian.org/1036851
+
+When need_chars was moved from "handletoken.h" to "handletoken.c",
+the ROUND_UP macro was removed, but the replacement was incorrect.
+
+This caused the program to exit with a "Virtual memory exhausted"
+error when it tried to reallocate 0 bytes (thus freeing the memory).
+It reallocated to 0 bytes because the initial buffer size was less
+than 1024, and the size calculation rounds down instead of up.
+
+Bug: #56644
+Fixes: c89d32a
+---
+ src/handletoken.c | 2 +-
+ src/indent.h | 8 ++++++++
+ src/parse.c | 2 +-
+ 3 files changed, 10 insertions(+), 2 deletions(-)
+
+--- a/src/handletoken.c
++++ b/src/handletoken.c
+@@ -85,7 +85,7 @@
+
+ if (current_size + needed >= (size_t)bp->size)
+ {
+- bp->size = ((current_size + needed) & (size_t)~1023);
++ bp->size = ROUND_UP (current_size + needed, 1024);
+ bp->ptr = xrealloc(bp->ptr, bp->size);
+ if (bp->ptr == NULL)
+ {
+--- a/src/indent.h
++++ b/src/indent.h
+@@ -66,6 +66,14 @@
+
+ #include "lexi.h"
+
++/**
++ * Round up P to be a multiple of SIZE.
++ */
++
++#ifndef ROUND_UP
++#define ROUND_UP(p, size) (((unsigned long) (p) + (size) - 1) & ~((size) - 1))
++#endif
++
+ /** Values that `indent' can return for exit status.
+ *
+ * `total_success' means no errors or warnings were found during a successful
+--- a/src/parse.c
++++ b/src/parse.c
+@@ -53,7 +53,7 @@
+
+ parser_state_ty *parser_state_tos = NULL;
+
+-#define INITIAL_BUFFER_SIZE 1000
++#define INITIAL_BUFFER_SIZE 1024
+ #define INITIAL_STACK_SIZE 2
+
+ /**
diff -Nru indent-2.2.12/debian/patches/03-fix-an-out-of-buffer-read.patch
indent-2.2.12/debian/patches/03-fix-an-out-of-buffer-read.patch
--- indent-2.2.12/debian/patches/03-fix-an-out-of-buffer-read.patch
1970-01-01 01:00:00.000000000 +0100
+++ indent-2.2.12/debian/patches/03-fix-an-out-of-buffer-read.patch
2024-06-23 17:02:00.000000000 +0200
@@ -0,0 +1,17 @@
+From: Petr Písař <ppi...@redhat.com>
+Subject: Fix an out-of-buffer read in search_brace()/lexi()
+Bug-Debian: https://bugs.debian.org/1049366
+Forwarded: https://savannah.gnu.org/bugs/index.php?64503
+
+--- a/src/indent.c
++++ b/src/indent.c
+@@ -145,8 +145,8 @@
+ parser_state_tos->search_brace = false;
+ bp_save = buf_ptr;
+ be_save = buf_end;
+- buf_ptr = save_com.ptr;
+ need_chars (&save_com, 1);
++ buf_ptr = save_com.ptr;
+ buf_end = save_com.end;
+ save_com.end = save_com.ptr; /* make save_com empty */
+ }
diff -Nru indent-2.2.12/debian/patches/04-fix-a-heap-buffer-overwrite.patch
indent-2.2.12/debian/patches/04-fix-a-heap-buffer-overwrite.patch
--- indent-2.2.12/debian/patches/04-fix-a-heap-buffer-overwrite.patch
1970-01-01 01:00:00.000000000 +0100
+++ indent-2.2.12/debian/patches/04-fix-a-heap-buffer-overwrite.patch
2024-06-23 17:03:00.000000000 +0200
@@ -0,0 +1,15 @@
+From: Petr Písař <ppi...@redhat.com>
+Subject: Fix a heap buffer overwrite in search_brace() (CVE-2023-40305)
+Bug-Debian: https://bugs.debian.org/1049366
+Forwarded: https://savannah.gnu.org/bugs/index.php?64503
+
+--- a/src/indent.c
++++ b/src/indent.c
+@@ -228,6 +228,7 @@
+ * a `dump_line' call, thus ensuring that the brace
+ * will go into the right column. */
+
++ need_chars (&save_com, 2);
+ *save_com.end++ = EOL;
+ *save_com.end++ = '{';
+ save_com.len += 2;
diff -Nru
indent-2.2.12/debian/patches/05-fix-a-heap-buffer-underread-in-set-buf-break.patch
indent-2.2.12/debian/patches/05-fix-a-heap-buffer-underread-in-set-buf-break.patch
---
indent-2.2.12/debian/patches/05-fix-a-heap-buffer-underread-in-set-buf-break.patch
1970-01-01 01:00:00.000000000 +0100
+++
indent-2.2.12/debian/patches/05-fix-a-heap-buffer-underread-in-set-buf-break.patch
2024-06-23 17:04:00.000000000 +0200
@@ -0,0 +1,16 @@
+From: Petr Písař <ppi...@redhat.com>
+Subject: Fix a heap buffer underread in set_buf_break()
+Bug-Debian: https://bugs.debian.org/1061543
+Forwarded: https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00001.html
+
+--- a/src/output.c
++++ b/src/output.c
+@@ -290,7 +290,7 @@
+ /* Did we just parse a bracket that will be put on the next line
+ * by this line break? */
+
+- if ((*token == '(') || (*token == '['))
++ if (level > 0 && ((*token == '(') || (*token == '[')))
+ {
+ --level; /* then don't take it into account */
+ }
diff -Nru indent-2.2.12/debian/patches/series
indent-2.2.12/debian/patches/series
--- indent-2.2.12/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ indent-2.2.12/debian/patches/series 2024-06-23 17:00:00.000000000 +0200
@@ -0,0 +1,4 @@
+02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
+03-fix-an-out-of-buffer-read.patch
+04-fix-a-heap-buffer-overwrite.patch
+05-fix-a-heap-buffer-underread-in-set-buf-break.patch
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 11.11
Hi,
Each of these bugs relates to an update including in today's final
bullseye 11.11 point release.
Regards,
Adam
--- End Message ---
