Bug#781273: unblock: freexl/1.0.0g-1+deb8u1

Thu, 26 Mar 2015 12:27:59 -0700 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package freexl

It fixes the security issues reported in #781228.

unblock freexl/1.0.0g-1+deb8u1

diff -Nru freexl-1.0.0g/debian/changelog freexl-1.0.0g/debian/changelog
--- freexl-1.0.0g/debian/changelog	2014-01-14 11:18:36.000000000 +0100
+++ freexl-1.0.0g/debian/changelog	2015-03-26 20:10:54.000000000 +0100
@@ -1,3 +1,12 @@
+freexl (1.0.0g-1+deb8u1) unstable; urgency=high
+
+  * Update my email to @debian.org address. 
+  * Specify jessie branch in Vcs-Git field.
+  * Add patch to fix vulnerabilities identified by American Fuzzy Lop.
+    (closes: #781228)
+
+ -- Bas Couwenberg <sebas...@debian.org>  Thu, 26 Mar 2015 11:44:10 +0100
+
 freexl (1.0.0g-1) unstable; urgency=low
 
   * New upstream release. 
diff -Nru freexl-1.0.0g/debian/control freexl-1.0.0g/debian/control
--- freexl-1.0.0g/debian/control	2014-01-14 11:16:41.000000000 +0100
+++ freexl-1.0.0g/debian/control	2015-03-26 20:10:54.000000000 +0100
@@ -1,7 +1,7 @@
 Source: freexl
 Maintainer: Debian GIS Project <pkg-grass-de...@lists.alioth.debian.org>
 Uploaders: David Paleino <da...@debian.org>,
-           Bas Couwenberg <sebas...@xs4all.nl>
+           Bas Couwenberg <sebas...@debian.org>
 Section: libs
 Priority: optional
 Build-Depends: debhelper (>= 9~),
@@ -9,7 +9,7 @@
                dh-autoreconf
 Standards-Version: 3.9.5
 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-grass/freexl.git
-Vcs-Git: git://anonscm.debian.org/pkg-grass/freexl.git
+Vcs-Git: git://anonscm.debian.org/pkg-grass/freexl.git -b jessie
 Homepage: https://www.gaia-gis.it/fossil/freexl/
 
 Package: libfreexl-dev
diff -Nru freexl-1.0.0g/debian/patches/afl-vulnerabilitities.patch freexl-1.0.0g/debian/patches/afl-vulnerabilitities.patch
--- freexl-1.0.0g/debian/patches/afl-vulnerabilitities.patch	1970-01-01 01:00:00.000000000 +0100
+++ freexl-1.0.0g/debian/patches/afl-vulnerabilitities.patch	2015-03-26 20:10:54.000000000 +0100
@@ -0,0 +1,63 @@
+Description: Fix critical bugs identified by American Fuzzy Lop.
+Origin: https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1
+Author: Alessandro Furieri <a.furi...@lqt.it>
+Bug-Debian: https://bugs.debian.org/781228
+
+--- a/src/freexl.c
++++ b/src/freexl.c
+@@ -1068,6 +1068,11 @@ allocate_cells (biff_workbook * workbook
+     unsigned int col;
+     biff_cell_value *p_cell;
+ 
++    if (workbook == NULL)
++        return FREEXL_NULL_ARGUMENT;
++    if (workbook->active_sheet == NULL) 
++        return FREEXL_NULL_ARGUMENT;
++
+ /* allocating the cell values array */
+     workbook->active_sheet->cell_values =
+ 	malloc (sizeof (biff_cell_value) *
+@@ -1713,6 +1718,11 @@ parse_SST (biff_workbook * workbook, int
+ 	      swap32 (&n_strings);
+ 	  p_string = workbook->record + 8;
+ 	  workbook->shared_strings.string_count = n_strings.value;
++          if (workbook->shared_strings.string_count > 1024 * 1024)
++            {
++                /* unexpected huge count ... cowardly giving up ... */
++                return FREEXL_INSUFFICIENT_MEMORY;
++            }
+ 	  workbook->shared_strings.utf8_strings =
+ 	      malloc (sizeof (char **) * workbook->shared_strings.string_count);
+ 	  for (i_string = 0; i_string < workbook->shared_strings.string_count;
+@@ -3749,6 +3759,8 @@ read_biff_next_record (biff_workbook * w
+ 	  unsigned int already_done;
+ 	  unsigned int chunk =
+ 	      workbook->sector_end - (workbook->p_in - workbook->sector_buf);
++          if (workbook->sector_end <= (workbook->p_in - workbook->sector_buf))
++              return -1;
+ 	  memcpy (workbook->record, workbook->p_in, chunk);
+ 	  workbook->p_in += chunk;
+ 	  already_done = chunk;
+@@ -3825,6 +3837,10 @@ read_mini_biff_next_record (biff_workboo
+     workbook->record_type = record_type.value;
+     workbook->record_size = record_size.value;
+ 
++    if ((workbook->p_in - workbook->fat->miniStream) + workbook->record_size >
++        (int) workbook->size)
++        return 0;		/* unexpected EOF */
++
+     memcpy (workbook->record, workbook->p_in, workbook->record_size);
+     workbook->p_in += record_size.value;
+ 
+@@ -4062,7 +4078,10 @@ common_open (const char *path, const voi
+ 		p_sheet->columns += 1;
+ 		ret = allocate_cells (workbook);
+ 		if (ret != FREEXL_OK)
+-		    return ret;
++                  {
++		      errcode = ret;
++		      goto stop;
++                  }
+ 		p_sheet->valid_dimension = 1;
+ 		workbook->second_pass = 1;
+ 	    }
diff -Nru freexl-1.0.0g/debian/patches/series freexl-1.0.0g/debian/patches/series
--- freexl-1.0.0g/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ freexl-1.0.0g/debian/patches/series	2015-03-26 11:31:43.000000000 +0100
@@ -0,0 +1 @@
+afl-vulnerabilitities.patch

Reply via email to