Bug#1095692: bookworm-pu: package libeconf/0.5.1+dfsg1-1+deb12u1

Mon, 10 Feb 2025 12:40:06 -0800 

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: libec...@packages.debian.org
Control: affects -1 + src:libeconf

[ Reason ]
I'd like to upload an updated libeconf package to bookworm
that addresses the two open CVEs (both fixed by cherry-picking
a single upstream commit as a patch).

[ Impact ]
The patch fixes two buffer overflows in the code
(and an initialization error) as published in bookworm.

[ Tests ]
The upstream test-suite has been run and passed as part
of building the package in a bookworm chroot.

[ Risks ]
The risks are very low since there are no reverse dependencies
of libeconf in bookworm and will only effect people who have
custom built software against the libeconf package.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
      (ignoring debian/gbp.conf branch changes)
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable/bookworm
  [x] the issue is verified as fixed in unstable
      (newer upstream release already includes the same commit)

[ Changes ]
Upstream commit 
https://github.com/openSUSE/libeconf/commit/8d086dfc69d4299e55e4844e3573b3a4cf420f19
is cherry-picked into debian/patches (via `gbp pq import/export`).

[Other info]
git branch at: 
https://salsa.debian.org/debian/libeconf/-/tree/debian/bookworm?ref_type=heads
debdiff attached.

Regards,
Andreas Henriksson

diff -Nru libeconf-0.5.1+dfsg1/debian/changelog 
libeconf-0.5.1+dfsg1/debian/changelog
--- libeconf-0.5.1+dfsg1/debian/changelog       2023-02-18 20:15:37.000000000 
+0100
+++ libeconf-0.5.1+dfsg1/debian/changelog       2025-02-10 21:04:57.000000000 
+0100
@@ -1,3 +1,11 @@
+libeconf (0.5.1+dfsg1-1+deb12u1) bookworm; urgency=medium
+
+  * Cherry-pick upstream buffer overflow fix (Closes: #1037333)
+    - CVE-2023-32181
+    - CVE-2023-22652
+
+ -- Andreas Henriksson <andr...@fatal.se>  Mon, 10 Feb 2025 21:04:57 +0100
+
 libeconf (0.5.1+dfsg1-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru libeconf-0.5.1+dfsg1/debian/gbp.conf 
libeconf-0.5.1+dfsg1/debian/gbp.conf
--- libeconf-0.5.1+dfsg1/debian/gbp.conf        2022-07-18 23:45:01.000000000 
+0200
+++ libeconf-0.5.1+dfsg1/debian/gbp.conf        2025-02-10 21:00:36.000000000 
+0100
@@ -1,5 +1,5 @@
 [DEFAULT]
-debian-branch = debian/master
+debian-branch = debian/bookworm
 upstream-branch = upstream/latest
 pristine-tar = True
 sign-tags = True
diff -Nru libeconf-0.5.1+dfsg1/debian/patches/0001-Aarch64-gcc13-183.patch 
libeconf-0.5.1+dfsg1/debian/patches/0001-Aarch64-gcc13-183.patch
--- libeconf-0.5.1+dfsg1/debian/patches/0001-Aarch64-gcc13-183.patch    
1970-01-01 01:00:00.000000000 +0100
+++ libeconf-0.5.1+dfsg1/debian/patches/0001-Aarch64-gcc13-183.patch    
2025-02-10 21:01:49.000000000 +0100
@@ -0,0 +1,98 @@
+From: Stefan Schubert <ste...@gefluegelhof-schubert.de>
+Date: Fri, 24 Mar 2023 15:14:07 +0100
+Subject: Aarch64 gcc13 (#183)
+
+* fixed initializatio error
+
+* fixed buffer overflow
+
+* fixed buffer overflow
+
+(cherry picked from commit 8d086dfc69d4299e55e4844e3573b3a4cf420f19)
+---
+ lib/getfilecontents.c | 7 +++----
+ lib/helpers.c         | 1 +
+ lib/libeconf.c        | 2 ++
+ lib/libeconf_ext.c    | 1 +
+ 4 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/lib/getfilecontents.c b/lib/getfilecontents.c
+index 94e1db9..f9b1afc 100644
+--- a/lib/getfilecontents.c
++++ b/lib/getfilecontents.c
+@@ -180,7 +180,7 @@ store (econf_file *ef, const char *group, const char *key,
+ 
+   ef->file_entry[ef->length-1].line_number = line_number;
+ 
+-  ef->file_entry[ef->length-1].quotes |= quotes;
++  ef->file_entry[ef->length-1].quotes = quotes;
+ 
+   if (group)
+     ef->file_entry[ef->length-1].group = strdup(group);
+@@ -265,11 +265,12 @@ read_file(econf_file *ef, const char *file,
+   }
+   ef->delimiter = *delim;
+ 
+-  while (fgets(buf, sizeof(buf), kf)) {
++  while (fgets(buf, BUFSIZ-1, kf)) {
+     char *p, *name, *data = NULL;
+     bool quote_seen = false, delim_seen = false;
+     char *org_buf __attribute__ ((__cleanup__(free_buffer))) = strdup(buf);
+ 
++    buf[BUFSIZ-1] = '\0';
+     line++;
+     last_scanned_line_nr = line;
+ 
+@@ -410,8 +411,6 @@ read_file(econf_file *ef, const char *file,
+       if (!found_delim &&
+         /* Entry has already been found */
+         ef->length > 0 &&
+-        /* Value of previous entry is not Null. So delimiter has been found 
in the previous line */
+-        ef->file_entry[ef->length-1].value != NULL &&
+         /* The Entry must be the next line. Otherwise it is a new one */
+         ef->file_entry[ef->length-1].line_number+1 == line)
+       {
+diff --git a/lib/helpers.c b/lib/helpers.c
+index d721727..3e1541a 100644
+--- a/lib/helpers.c
++++ b/lib/helpers.c
+@@ -47,6 +47,7 @@ void initialize(econf_file *key_file, size_t num) {
+   key_file->file_entry[num].value = strdup(KEY_FILE_NULL_VALUE);
+   key_file->file_entry[num].comment_before_key = NULL;
+   key_file->file_entry[num].comment_after_value = NULL;
++  key_file->file_entry[num].quotes = false;
+ }
+ 
+ // Remove whitespace from beginning and end, append string terminator
+diff --git a/lib/libeconf.c b/lib/libeconf.c
+index d2026ea..0bed98f 100644
+--- a/lib/libeconf.c
++++ b/lib/libeconf.c
+@@ -509,6 +509,7 @@ econf_err econf_writeFile(econf_file *key_file, const char 
*save_to_dir,
+       char *value_string = buf;
+ 
+       strncpy(buf,key_file->file_entry[i].comment_before_key,BUFSIZ-1);
++      buf[BUFSIZ-1] = '\0';
+       while ((line = strsep(&value_string, "\n")) != NULL) {
+       fprintf(kf, "%c%s\n",
+               key_file->comment,
+@@ -533,6 +534,7 @@ econf_err econf_writeFile(econf_file *key_file, const char 
*save_to_dir,
+       char *value_string = buf;
+ 
+       strncpy(buf,key_file->file_entry[i].comment_after_value,BUFSIZ-1);
++      buf[BUFSIZ-1] = '\0';
+       while ((line = strsep(&value_string, "\n")) != NULL) {
+       fprintf(kf, " %c%s\n",
+               key_file->comment,
+diff --git a/lib/libeconf_ext.c b/lib/libeconf_ext.c
+index fe3cdf4..137b869 100644
+--- a/lib/libeconf_ext.c
++++ b/lib/libeconf_ext.c
+@@ -82,6 +82,7 @@ econf_getExtValue(econf_file *kf, const char *group,
+ 
+   if (value_string!=NULL) {
+     strncpy(buf,value_string,BUFSIZ-1);
++    buf[BUFSIZ-1] = '\0';
+     free(value_string);
+     value_string = trim(buf);
+ 
diff -Nru libeconf-0.5.1+dfsg1/debian/patches/series 
libeconf-0.5.1+dfsg1/debian/patches/series
--- libeconf-0.5.1+dfsg1/debian/patches/series  1970-01-01 01:00:00.000000000 
+0100
+++ libeconf-0.5.1+dfsg1/debian/patches/series  2025-02-10 21:01:49.000000000 
+0100
@@ -0,0 +1 @@
+0001-Aarch64-gcc13-183.patch

Reply via email to