Control: tags 798032 + patch Control: tags 798032 + pending Dear maintainer,
I've prepared an NMU for libpgf (versioned as 6.14.12-3.2) and uploaded it to DELAYED/5. Please feel free to tell me if I should delay it longer. Regards.
diff -Nru libpgf-6.14.12/debian/changelog libpgf-6.14.12/debian/changelog --- libpgf-6.14.12/debian/changelog 2015-10-20 04:09:35.000000000 -0500 +++ libpgf-6.14.12/debian/changelog 2016-04-03 21:58:47.000000000 -0500 @@ -1,3 +1,12 @@ +libpgf (6.14.12-3.2) unstable; urgency=medium + + * Non-maintainer upload. + * Apply upstream changes 147 & 148 to fix CVE-2015-6673 (Closes: + #798032). New patches 02-fix-CVE-2015-6673-upstream-147.patch and + 03-fix-CVE-2015-6673-upstream-148.patch. + + -- Steve M. Robbins <s...@debian.org> Sun, 03 Apr 2016 21:58:47 -0500 + libpgf (6.14.12-3.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru libpgf-6.14.12/debian/patches/02-fix-CVE-2015-6673-upstream-147.patch libpgf-6.14.12/debian/patches/02-fix-CVE-2015-6673-upstream-147.patch --- libpgf-6.14.12/debian/patches/02-fix-CVE-2015-6673-upstream-147.patch 1969-12-31 18:00:00.000000000 -0600 +++ libpgf-6.14.12/debian/patches/02-fix-CVE-2015-6673-upstream-147.patch 2016-04-03 18:45:29.000000000 -0500 @@ -0,0 +1,97 @@ +--- libpgf-6.14.12.orig/include/PGFimage.h ++++ libpgf-6.14.12/include/PGFimage.h +@@ -538,7 +538,7 @@ + ProgressMode m_progressMode; ///< progress mode used in Read and Write; PM_Relative is default mode + + void ComputeLevels(); +- void CompleteHeader(); ++ bool CompleteHeader(); + void RgbToYuv(int pitch, UINT8* rgbBuff, BYTE bpp, int channelMap[], CallbackPtr cb, void *data) THROW_; + void Downsample(int nChannel); + UINT32 UpdatePostHeaderSize() THROW_; +--- libpgf-6.14.12.orig/src/PGFimage.cpp ++++ libpgf-6.14.12/src/PGFimage.cpp +@@ -145,7 +145,7 @@ + m_height[0] = m_header.height; + + // complete header +- CompleteHeader(); ++ if (!CompleteHeader()) ReturnWithError(FormatCannotRead); + + // interpret quant parameter + if (m_header.quality > DownsampleThreshold && +@@ -205,7 +205,7 @@ + } + + //////////////////////////////////////////////////////////// +-void CPGFImage::CompleteHeader() { ++bool CPGFImage::CompleteHeader() { + if (m_header.mode == ImageModeUnknown) { + // undefined mode + switch(m_header.bpp) { +@@ -261,20 +261,21 @@ + // change mode + m_header.mode = ImageModeRGBA; + } +- ASSERT(m_header.mode != ImageModeBitmap || m_header.bpp == 1); +- ASSERT(m_header.mode != ImageModeIndexedColor || m_header.bpp == 8); +- ASSERT(m_header.mode != ImageModeGrayScale || m_header.bpp == 8); +- ASSERT(m_header.mode != ImageModeGray16 || m_header.bpp == 16); +- ASSERT(m_header.mode != ImageModeGray32 || m_header.bpp == 32); +- ASSERT(m_header.mode != ImageModeRGBColor || m_header.bpp == 24); +- ASSERT(m_header.mode != ImageModeRGBA || m_header.bpp == 32); +- ASSERT(m_header.mode != ImageModeRGB12 || m_header.bpp == 12); +- ASSERT(m_header.mode != ImageModeRGB16 || m_header.bpp == 16); +- ASSERT(m_header.mode != ImageModeRGB48 || m_header.bpp == 48); +- ASSERT(m_header.mode != ImageModeLabColor || m_header.bpp == 24); +- ASSERT(m_header.mode != ImageModeLab48 || m_header.bpp == 48); +- ASSERT(m_header.mode != ImageModeCMYKColor || m_header.bpp == 32); +- ASSERT(m_header.mode != ImageModeCMYK64 || m_header.bpp == 64); ++ ++ if (m_header.mode == ImageModeBitmap && m_header.bpp != 1) return false; ++ if (m_header.mode == ImageModeIndexedColor && m_header.bpp != 8) return false; ++ if (m_header.mode == ImageModeGrayScale && m_header.bpp != 8) return false; ++ if (m_header.mode == ImageModeGray16 && m_header.bpp != 16) return false; ++ if (m_header.mode == ImageModeGray32 && m_header.bpp != 32) return false; ++ if (m_header.mode == ImageModeRGBColor && m_header.bpp != 24) return false; ++ if (m_header.mode == ImageModeRGBA && m_header.bpp != 32) return false; ++ if (m_header.mode == ImageModeRGB12 && m_header.bpp != 12) return false; ++ if (m_header.mode == ImageModeRGB16 && m_header.bpp != 16) return false; ++ if (m_header.mode == ImageModeRGB48 && m_header.bpp != 48) return false; ++ if (m_header.mode == ImageModeLabColor && m_header.bpp != 24) return false; ++ if (m_header.mode == ImageModeLab48 && m_header.bpp != 48) return false; ++ if (m_header.mode == ImageModeCMYKColor && m_header.bpp != 32) return false; ++ if (m_header.mode == ImageModeCMYK64 && m_header.bpp != 64) return false; + + // set number of channels + if (!m_header.channels) { +@@ -300,8 +301,7 @@ + m_header.channels = 4; + break; + default: +- ASSERT(false); +- m_header.channels = 3; ++ return false; + } + } + +@@ -311,6 +311,8 @@ + if (!m_header.usedBitsPerChannel || m_header.usedBitsPerChannel > bpc) { + m_header.usedBitsPerChannel = bpc; + } ++ ++ return true; + } + + ////////////////////////////////////////////////////////////////////// +--- libpgf-6.14.12.orig/src/Decoder.cpp ++++ libpgf-6.14.12/src/Decoder.cpp +@@ -158,7 +158,7 @@ + if (size > 0) { + // read post-header + if (header.mode == ImageModeIndexedColor) { +- ASSERT((size_t)size >= ColorTableSize); ++ if (size < ColorTableSize) ReturnWithError(FormatCannotRead); + // read color table + count = expected = ColorTableSize; + m_stream->Read(&count, postHeader.clut); diff -Nru libpgf-6.14.12/debian/patches/03-fix-CVE-2015-6673-upstream-148.patch libpgf-6.14.12/debian/patches/03-fix-CVE-2015-6673-upstream-148.patch --- libpgf-6.14.12/debian/patches/03-fix-CVE-2015-6673-upstream-148.patch 1969-12-31 18:00:00.000000000 -0600 +++ libpgf-6.14.12/debian/patches/03-fix-CVE-2015-6673-upstream-148.patch 2016-04-03 21:56:44.000000000 -0500 @@ -0,0 +1,63 @@ +--- libpgf-6.14.12.orig/src/Decoder.cpp ++++ libpgf-6.14.12/src/Decoder.cpp +@@ -87,29 +87,6 @@ + + int count, expected; + +- // set number of threads +-#ifdef LIBPGF_USE_OPENMP +- m_macroBlockLen = omp_get_num_procs(); +-#else +- m_macroBlockLen = 1; +-#endif +- +- if (useOMP && m_macroBlockLen > 1) { +-#ifdef LIBPGF_USE_OPENMP +- omp_set_num_threads(m_macroBlockLen); +-#endif +- +- // create macro block array +- m_macroBlocks = new(std::nothrow) CMacroBlock*[m_macroBlockLen]; +- if (!m_macroBlocks) ReturnWithError(InsufficientMemory); +- for (int i=0; i < m_macroBlockLen; i++) m_macroBlocks[i] = new CMacroBlock(); +- m_currentBlock = m_macroBlocks[m_currentBlockIndex]; +- } else { +- m_macroBlocks = 0; +- m_macroBlockLen = 1; // there is only one macro block +- m_currentBlock = new CMacroBlock(); +- } +- + // store current stream position + m_startPos = m_stream->GetPos(); + +@@ -209,6 +186,30 @@ + + // store current stream position + m_encodedHeaderLength = UINT32(m_stream->GetPos() - m_startPos); ++ ++ // set number of threads ++#ifdef LIBPGF_USE_OPENMP ++ m_macroBlockLen = omp_get_num_procs(); ++#else ++ m_macroBlockLen = 1; ++#endif ++ ++ if (useOMP && m_macroBlockLen > 1) { ++#ifdef LIBPGF_USE_OPENMP ++ omp_set_num_threads(m_macroBlockLen); ++#endif ++ ++ // create macro block array ++ m_macroBlocks = new(std::nothrow) CMacroBlock*[m_macroBlockLen]; ++ if (!m_macroBlocks) ReturnWithError(InsufficientMemory); ++ for (int i = 0; i < m_macroBlockLen; i++) m_macroBlocks[i] = new CMacroBlock(); ++ m_currentBlock = m_macroBlocks[m_currentBlockIndex]; ++ } else { ++ m_macroBlocks = 0; ++ m_macroBlockLen = 1; // there is only one macro block ++ m_currentBlock = new(std::nothrow) CMacroBlock(); ++ if (!m_currentBlock) ReturnWithError(InsufficientMemory); ++ } + } + + ///////////////////////////////////////////////////////////////////// diff -Nru libpgf-6.14.12/debian/patches/series libpgf-6.14.12/debian/patches/series --- libpgf-6.14.12/debian/patches/series 2014-09-28 09:48:34.000000000 -0500 +++ libpgf-6.14.12/debian/patches/series 2016-04-03 21:56:05.000000000 -0500 @@ -1,2 +1,4 @@ 00-fix_encoding.patch 01-fix_build.patch +02-fix-CVE-2015-6673-upstream-147.patch +03-fix-CVE-2015-6673-upstream-148.patch
signature.asc
Description: PGP signature