Bug#1095692: marked as done (bookworm-pu: package libeconf/0.5.1+dfsg1-1+deb12u1)

Debian Bug Tracking System Sat, 15 Mar 2025 02:55:22 -0700

Your message dated Sat, 15 Mar 2025 09:44:44 +0000
with message-id <e1tto4s-005kk2...@coccia.debian.org>
and subject line Close 1095692
has caused the Debian Bug report #1095692,
regarding bookworm-pu: package libeconf/0.5.1+dfsg1-1+deb12u1
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1095692: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095692
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: libec...@packages.debian.org
Control: affects -1 + src:libeconf

[ Reason ]
I'd like to upload an updated libeconf package to bookworm
that addresses the two open CVEs (both fixed by cherry-picking
a single upstream commit as a patch).

[ Impact ]
The patch fixes two buffer overflows in the code
(and an initialization error) as published in bookworm.

[ Tests ]
The upstream test-suite has been run and passed as part
of building the package in a bookworm chroot.

[ Risks ]
The risks are very low since there are no reverse dependencies
of libeconf in bookworm and will only effect people who have
custom built software against the libeconf package.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
      (ignoring debian/gbp.conf branch changes)
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable/bookworm
  [x] the issue is verified as fixed in unstable
      (newer upstream release already includes the same commit)

[ Changes ]
Upstream commit 
https://github.com/openSUSE/libeconf/commit/8d086dfc69d4299e55e4844e3573b3a4cf420f19
is cherry-picked into debian/patches (via `gbp pq import/export`).

[Other info]
git branch at: 
https://salsa.debian.org/debian/libeconf/-/tree/debian/bookworm?ref_type=heads
debdiff attached.

Regards,
Andreas Henriksson

diff -Nru libeconf-0.5.1+dfsg1/debian/changelog 
libeconf-0.5.1+dfsg1/debian/changelog
--- libeconf-0.5.1+dfsg1/debian/changelog       2023-02-18 20:15:37.000000000 
+0100
+++ libeconf-0.5.1+dfsg1/debian/changelog       2025-02-10 21:04:57.000000000 
+0100
@@ -1,3 +1,11 @@
+libeconf (0.5.1+dfsg1-1+deb12u1) bookworm; urgency=medium
+
+  * Cherry-pick upstream buffer overflow fix (Closes: #1037333)
+    - CVE-2023-32181
+    - CVE-2023-22652
+
+ -- Andreas Henriksson <andr...@fatal.se>  Mon, 10 Feb 2025 21:04:57 +0100
+
 libeconf (0.5.1+dfsg1-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru libeconf-0.5.1+dfsg1/debian/gbp.conf 
libeconf-0.5.1+dfsg1/debian/gbp.conf
--- libeconf-0.5.1+dfsg1/debian/gbp.conf        2022-07-18 23:45:01.000000000 
+0200
+++ libeconf-0.5.1+dfsg1/debian/gbp.conf        2025-02-10 21:00:36.000000000 
+0100
@@ -1,5 +1,5 @@
 [DEFAULT]
-debian-branch = debian/master
+debian-branch = debian/bookworm
 upstream-branch = upstream/latest
 pristine-tar = True
 sign-tags = True
diff -Nru libeconf-0.5.1+dfsg1/debian/patches/0001-Aarch64-gcc13-183.patch 
libeconf-0.5.1+dfsg1/debian/patches/0001-Aarch64-gcc13-183.patch
--- libeconf-0.5.1+dfsg1/debian/patches/0001-Aarch64-gcc13-183.patch    
1970-01-01 01:00:00.000000000 +0100
+++ libeconf-0.5.1+dfsg1/debian/patches/0001-Aarch64-gcc13-183.patch    
2025-02-10 21:01:49.000000000 +0100
@@ -0,0 +1,98 @@
+From: Stefan Schubert <ste...@gefluegelhof-schubert.de>
+Date: Fri, 24 Mar 2023 15:14:07 +0100
+Subject: Aarch64 gcc13 (#183)
+
+* fixed initializatio error
+
+* fixed buffer overflow
+
+* fixed buffer overflow
+
+(cherry picked from commit 8d086dfc69d4299e55e4844e3573b3a4cf420f19)
+---
+ lib/getfilecontents.c | 7 +++----
+ lib/helpers.c         | 1 +
+ lib/libeconf.c        | 2 ++
+ lib/libeconf_ext.c    | 1 +
+ 4 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/lib/getfilecontents.c b/lib/getfilecontents.c
+index 94e1db9..f9b1afc 100644
+--- a/lib/getfilecontents.c
++++ b/lib/getfilecontents.c
+@@ -180,7 +180,7 @@ store (econf_file *ef, const char *group, const char *key,
+ 
+   ef->file_entry[ef->length-1].line_number = line_number;
+ 
+-  ef->file_entry[ef->length-1].quotes |= quotes;
++  ef->file_entry[ef->length-1].quotes = quotes;
+ 
+   if (group)
+     ef->file_entry[ef->length-1].group = strdup(group);
+@@ -265,11 +265,12 @@ read_file(econf_file *ef, const char *file,
+   }
+   ef->delimiter = *delim;
+ 
+-  while (fgets(buf, sizeof(buf), kf)) {
++  while (fgets(buf, BUFSIZ-1, kf)) {
+     char *p, *name, *data = NULL;
+     bool quote_seen = false, delim_seen = false;
+     char *org_buf __attribute__ ((__cleanup__(free_buffer))) = strdup(buf);
+ 
++    buf[BUFSIZ-1] = '\0';
+     line++;
+     last_scanned_line_nr = line;
+ 
+@@ -410,8 +411,6 @@ read_file(econf_file *ef, const char *file,
+       if (!found_delim &&
+         /* Entry has already been found */
+         ef->length > 0 &&
+-        /* Value of previous entry is not Null. So delimiter has been found 
in the previous line */
+-        ef->file_entry[ef->length-1].value != NULL &&
+         /* The Entry must be the next line. Otherwise it is a new one */
+         ef->file_entry[ef->length-1].line_number+1 == line)
+       {
+diff --git a/lib/helpers.c b/lib/helpers.c
+index d721727..3e1541a 100644
+--- a/lib/helpers.c
++++ b/lib/helpers.c
+@@ -47,6 +47,7 @@ void initialize(econf_file *key_file, size_t num) {
+   key_file->file_entry[num].value = strdup(KEY_FILE_NULL_VALUE);
+   key_file->file_entry[num].comment_before_key = NULL;
+   key_file->file_entry[num].comment_after_value = NULL;
++  key_file->file_entry[num].quotes = false;
+ }
+ 
+ // Remove whitespace from beginning and end, append string terminator
+diff --git a/lib/libeconf.c b/lib/libeconf.c
+index d2026ea..0bed98f 100644
+--- a/lib/libeconf.c
++++ b/lib/libeconf.c
+@@ -509,6 +509,7 @@ econf_err econf_writeFile(econf_file *key_file, const char 
*save_to_dir,
+       char *value_string = buf;
+ 
+       strncpy(buf,key_file->file_entry[i].comment_before_key,BUFSIZ-1);
++      buf[BUFSIZ-1] = '\0';
+       while ((line = strsep(&value_string, "\n")) != NULL) {
+       fprintf(kf, "%c%s\n",
+               key_file->comment,
+@@ -533,6 +534,7 @@ econf_err econf_writeFile(econf_file *key_file, const char 
*save_to_dir,
+       char *value_string = buf;
+ 
+       strncpy(buf,key_file->file_entry[i].comment_after_value,BUFSIZ-1);
++      buf[BUFSIZ-1] = '\0';
+       while ((line = strsep(&value_string, "\n")) != NULL) {
+       fprintf(kf, " %c%s\n",
+               key_file->comment,
+diff --git a/lib/libeconf_ext.c b/lib/libeconf_ext.c
+index fe3cdf4..137b869 100644
+--- a/lib/libeconf_ext.c
++++ b/lib/libeconf_ext.c
+@@ -82,6 +82,7 @@ econf_getExtValue(econf_file *kf, const char *group,
+ 
+   if (value_string!=NULL) {
+     strncpy(buf,value_string,BUFSIZ-1);
++    buf[BUFSIZ-1] = '\0';
+     free(value_string);
+     value_string = trim(buf);
+ 
diff -Nru libeconf-0.5.1+dfsg1/debian/patches/series 
libeconf-0.5.1+dfsg1/debian/patches/series
--- libeconf-0.5.1+dfsg1/debian/patches/series  1970-01-01 01:00:00.000000000 
+0100
+++ libeconf-0.5.1+dfsg1/debian/patches/series  2025-02-10 21:01:49.000000000 
+0100
@@ -0,0 +1 @@
+0001-Aarch64-gcc13-183.patch

--- End Message ---

--- Begin Message ---

Version: 12.10
This update has been released as part of 12.10. Thank you for your contribution.

--- End Message ---

Bug#1095692: marked as done (bookworm-pu: package libeconf/0.5.1+dfsg1-1+deb12u1)

Reply via email to