Package: release.debian.org User: release.debian....@packages.debian.org Usertags: pu Tags: stretch jessie Severity: normal
bug with potential security implications, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914501
diff -Nru ssh-agent-filter-0.4.2/debian/changelog ssh-agent-filter-0.4.2/debian/changelog --- ssh-agent-filter-0.4.2/debian/changelog 2016-08-27 23:36:56.000000000 +0200 +++ ssh-agent-filter-0.4.2/debian/changelog 2018-11-24 01:46:12.000000000 +0100 @@ -1,3 +1,9 @@ +ssh-agent-filter (0.4.2-1+deb9u1) stretch; urgency=medium + + * backport fix for two-byte out-of-bounds stack write (Closes: #914501) + + -- Timo Weingärtner <t...@tiwe.de> Sat, 24 Nov 2018 01:46:12 +0100 + ssh-agent-filter (0.4.2-1) unstable; urgency=medium * New upstream release: diff -Nru ssh-agent-filter-0.4.2/debian/gbp.conf ssh-agent-filter-0.4.2/debian/gbp.conf --- ssh-agent-filter-0.4.2/debian/gbp.conf 2016-08-27 23:36:56.000000000 +0200 +++ ssh-agent-filter-0.4.2/debian/gbp.conf 2018-11-24 01:46:12.000000000 +0100 @@ -1,5 +1,5 @@ [DEFAULT] upstream-branch=master upstream-tag=%(version)s -debian-branch=debian +debian-branch=debian-stretch pristine-tar=true diff -Nru ssh-agent-filter-0.4.2/debian/patches/914501_fix_two-byte_oob_stack_write ssh-agent-filter-0.4.2/debian/patches/914501_fix_two-byte_oob_stack_write --- ssh-agent-filter-0.4.2/debian/patches/914501_fix_two-byte_oob_stack_write 1970-01-01 01:00:00.000000000 +0100 +++ ssh-agent-filter-0.4.2/debian/patches/914501_fix_two-byte_oob_stack_write 2018-11-24 01:46:12.000000000 +0100 @@ -0,0 +1,26 @@ +Description: fix two-byte out-of-bounds stack write + BASE64_ENCODE_LENGTH() calculates the encoded size without padding +Author: Timo Weingärtner <t...@tiwe.de> +Origin: upstream, https://git.tiwe.de/ssh-agent-filter.git/commit/?id=87f2de93a6522bbcf17d1960e78641df8ecd85d3 +Bug-Debian: https://bugs.debian.org/914501 +Forwarded: not-needed +Last-Update: 2018-11-24 + +--- ssh-agent-filter-0.4.2.orig/ssh-agent-filter.C ++++ ssh-agent-filter-0.4.2/ssh-agent-filter.C +@@ -116,12 +116,9 @@ string md5_hex (string const & s) { + } + + string base64_encode (string const & s) { +- struct base64_encode_ctx ctx; +- base64_encode_init(&ctx); +- uint8_t b64[BASE64_ENCODE_LENGTH(s.size())]; +- auto len = base64_encode_update(&ctx, b64, s.size(), reinterpret_cast<uint8_t const *>(s.data())); +- len += base64_encode_final(&ctx, b64 + len); +- return {reinterpret_cast<char const *>(b64), len}; ++ uint8_t b64[BASE64_ENCODE_RAW_LENGTH(s.size())]; ++ base64_encode_raw(b64, s.size(), reinterpret_cast<uint8_t const *>(s.data())); ++ return {reinterpret_cast<char const *>(b64), sizeof(b64)}; + } + + void cloexec (int fd) { diff -Nru ssh-agent-filter-0.4.2/debian/patches/series ssh-agent-filter-0.4.2/debian/patches/series --- ssh-agent-filter-0.4.2/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ ssh-agent-filter-0.4.2/debian/patches/series 2018-11-24 01:46:12.000000000 +0100 @@ -0,0 +1 @@ +914501_fix_two-byte_oob_stack_write
diff -Nru ssh-agent-filter-0.4/debian/changelog ssh-agent-filter-0.4/debian/changelog --- ssh-agent-filter-0.4/debian/changelog 2014-10-21 17:40:14.000000000 +0200 +++ ssh-agent-filter-0.4/debian/changelog 2018-11-24 02:01:09.000000000 +0100 @@ -1,3 +1,9 @@ +ssh-agent-filter (0.4-2+deb8u1) jessie; urgency=medium + + * backport fix for two-byte out-of-bounds stack write (Closes: #914501) + + -- Timo Weingärtner <t...@tiwe.de> Sat, 24 Nov 2018 02:01:09 +0100 + ssh-agent-filter (0.4-2) unstable; urgency=medium * add debian/patches/0001-workaround-FTBFS-caused-by-doko: diff -Nru ssh-agent-filter-0.4/debian/gbp.conf ssh-agent-filter-0.4/debian/gbp.conf --- ssh-agent-filter-0.4/debian/gbp.conf 2014-10-21 17:40:14.000000000 +0200 +++ ssh-agent-filter-0.4/debian/gbp.conf 2018-11-24 02:01:09.000000000 +0100 @@ -1,5 +1,5 @@ [DEFAULT] upstream-branch=master upstream-tag=%(version)s -debian-branch=debian +debian-branch=debian-jessie pristine-tar=true diff -Nru ssh-agent-filter-0.4/debian/patches/914501_fix_two-byte_oob_stack_write ssh-agent-filter-0.4/debian/patches/914501_fix_two-byte_oob_stack_write --- ssh-agent-filter-0.4/debian/patches/914501_fix_two-byte_oob_stack_write 1970-01-01 01:00:00.000000000 +0100 +++ ssh-agent-filter-0.4/debian/patches/914501_fix_two-byte_oob_stack_write 2018-11-24 02:01:09.000000000 +0100 @@ -0,0 +1,26 @@ +Description: fix two-byte out-of-bounds stack write + BASE64_ENCODE_LENGTH() calculates the encoded size without padding +Author: Timo Weingärtner <t...@tiwe.de> +Origin: upstream, https://git.tiwe.de/ssh-agent-filter.git/commit/?id=87f2de93a6522bbcf17d1960e78641df8ecd85d3 +Bug-Debian: https://bugs.debian.org/914501 +Forwarded: not-needed +Last-Update: 2018-11-24 + +--- ssh-agent-filter-0.4.2.orig/ssh-agent-filter.C ++++ ssh-agent-filter-0.4.2/ssh-agent-filter.C +@@ -116,12 +116,9 @@ string md5_hex (string const & s) { + } + + string base64_encode (string const & s) { +- struct base64_encode_ctx ctx; +- base64_encode_init(&ctx); +- uint8_t b64[BASE64_ENCODE_LENGTH(s.size())]; +- auto len = base64_encode_update(&ctx, b64, s.size(), reinterpret_cast<uint8_t const *>(s.data())); +- len += base64_encode_final(&ctx, b64 + len); +- return {reinterpret_cast<char const *>(b64), len}; ++ uint8_t b64[BASE64_ENCODE_RAW_LENGTH(s.size())]; ++ base64_encode_raw(b64, s.size(), reinterpret_cast<uint8_t const *>(s.data())); ++ return {reinterpret_cast<char const *>(b64), sizeof(b64)}; + } + + void cloexec (int fd) { diff -Nru ssh-agent-filter-0.4/debian/patches/series ssh-agent-filter-0.4/debian/patches/series --- ssh-agent-filter-0.4/debian/patches/series 2014-10-21 17:40:14.000000000 +0200 +++ ssh-agent-filter-0.4/debian/patches/series 2018-11-24 02:01:09.000000000 +0100 @@ -1 +1,2 @@ 0001-workaround-FTBFS-caused-by-doko +914501_fix_two-byte_oob_stack_write
signature.asc
Description: This is a digitally signed message part.
