[Pkg-phototools-devel] Bug#985466: buster-pu: package libpano13/2.9.19+dfsg-3+deb10u1

Andreas Metzler ametzler at bebt.de
Thu Mar 18 17:01:01 GMT 2021 

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-Cc: libpano13 at packages.debian.org

Hello,

I would like to fix 985249 for buster. It is a straightforward format
string issue, as documented in the respective report. The issue is fixed
in unstable (2.9.20~rc3+dfsg-1) but not yet in testing.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
diff -Nru libpano13-2.9.19+dfsg/debian/changelog libpano13-2.9.19+dfsg/debian/changelog
--- libpano13-2.9.19+dfsg/debian/changelog	2017-09-10 14:39:18.000000000 +0200
+++ libpano13-2.9.19+dfsg/debian/changelog	2021-03-18 14:12:08.000000000 +0100
@@ -1,3 +1,12 @@
+libpano13 (2.9.19+dfsg-3+deb10u1) buster; urgency=medium
+
+  * 850_f02459498cb4_Prevent_string_vulnerability_by_refusing.diff
+    cherry-picked from 2.9.20 rc3: Fixes format string bug, pasing along
+    format strings in user specified output filename to printf.
+    Closes: #985249
+
+ -- Andreas Metzler <ametzler at debian.org>  Thu, 18 Mar 2021 14:12:08 +0100
+
 libpano13 (2.9.19+dfsg-3) unstable; urgency=medium
 
   * Move Vcs-* from git/http to https.
diff -Nru libpano13-2.9.19+dfsg/debian/patches/850_f02459498cb4_Prevent_string_vulnerability_by_refusing.diff libpano13-2.9.19+dfsg/debian/patches/850_f02459498cb4_Prevent_string_vulnerability_by_refusing.diff
--- libpano13-2.9.19+dfsg/debian/patches/850_f02459498cb4_Prevent_string_vulnerability_by_refusing.diff	1970-01-01 01:00:00.000000000 +0100
+++ libpano13-2.9.19+dfsg/debian/patches/850_f02459498cb4_Prevent_string_vulnerability_by_refusing.diff	2021-03-18 14:12:08.000000000 +0100
@@ -0,0 +1,40 @@
+# HG changeset patch
+# User tmodes
+# Date 1615911819 -3600
+#      Tue Mar 16 17:23:39 2021 +0100
+# Node ID f02459498cb44c0087900616a7e61563d614c05f
+# Parent  2e9ee0a5e32f2ca6e1a5b3f9c2d5c393a41903c3
+Prevent string vulnerability by refusing prefix strings with percentage sign
+
+diff -r 2e9ee0a5e32f -r f02459498cb4 file.c
+--- a/file.c	Sun Dec 13 15:37:56 2020 +0100
++++ b/file.c	Tue Mar 16 17:23:39 2021 +0100
+@@ -2910,6 +2910,16 @@
+         }
+         strcat(outputPrefix, DEFAULT_PREFIX_NUMBER_FORMAT);
+     }
++    else {
++        // TODO: sanitize outputPrefix, only a single format specifier %??d or %??i
++        // is allowed, all other should be escaped
++        // until this is implemented refuse to process further if prefix string
++        // contains a percentage sign to prevent string vulnerability in 
++        // sprintf(outputFilename, outputPrefix ...) below
++        PrintError("Output prefix must not contain a percentage sign");
++        return 0;
++    }
++
+ 
+     for (i =0; i< filesCount ; i++) {
+         sprintf( outputFilename, outputPrefix, i );
+diff -r 2e9ee0a5e32f -r f02459498cb4 tools/PTcrop.c
+--- a/tools/PTcrop.c	Sun Dec 13 15:37:56 2020 +0100
++++ b/tools/PTcrop.c	Tue Mar 16 17:23:39 2021 +0100
+@@ -36,7 +36,7 @@
+ 
+ #define PT_CROP_USAGE "PTuncrop [options] <inputFiles+>\n\n" \
+     "Options:\n"                                                        \
+-    "\t-p <prefix>\tPrefix for output files (defaults to " DEFAULT_PREFIX "%%4d)\n"	\
++    "\t-p <prefix>\tPrefix for output files (defaults to " DEFAULT_PREFIX ")\n"	\
+     "\t-f\t\tForce processing: Overwrite output files if they exists (use with care)\n"      \
+     "\t-x\t\tDelete source files (use with care)\n"\
+     "\t-q\t\tQuiet run\n"\
diff -Nru libpano13-2.9.19+dfsg/debian/patches/series libpano13-2.9.19+dfsg/debian/patches/series
--- libpano13-2.9.19+dfsg/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ libpano13-2.9.19+dfsg/debian/patches/series	2021-03-18 14:12:08.000000000 +0100
@@ -0,0 +1 @@
+850_f02459498cb4_Prevent_string_vulnerability_by_refusing.diff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-phototools-devel/attachments/20210318/03b96483/attachment.sig>

More information about the Pkg-phototools-devel mailing list