Package: release.debian.org Severity: normal Tags: bullseye User: release.debian....@packages.debian.org Usertags: pu
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear release team, [ Reason ] gnuplot_5.4.1+dfsg1-1+deb11u1 is fixing security issue CVE-2021-44917. Please include it into the bullseye. [ Impact ] Security issue [ Tests ] Done on CI and locally. [ Risks ] No risks awaited [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Patch imported from upstream. Thanks Anton -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmHHZV4RHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/waXwg/+N32dARCRDysGWA2f1KWiP/9slcH00cYQ Vyja1+nYut1S4HuWv8oWX7dvC9anSj8+I123M3Q7k2kG1iRN0FyydXnxwQT7xU8p ewS0NJvgO8QLPAS1kAzn72zT6KMnBlIbYoLGuVjnWRpQiCO8P0GJ8pgK7mr1tNN2 2/t+TfD7gvGgpN1ZIxnrpa5wwSBvG/txJqO7sazC6O7NZwRRxzHP5GG1Gn6I6yJP MparDEkNpSDeZTIo6o6D6g8dnMVIG6ukpWp0aJIHzKpy6a/P3agzglwTyl2V20+L m06EP4/zureXmAQz8mCA7rvTMo/N6LCRPKVOssNXwnja98kD612icYFhFg+P7tOY xlhbHVh+E8mEAbbovfaQp0MvlkvrkOwB0KtB8vcSaC0//HU3OsBS4f0g8Gb+fFa6 9OMTuCZ3XUEiNXHOr8P6LyCwK6R+blU1O0nAF8DuC14nR00Wjbi/h6SwuHNvNHEq WuGwLp2fWDKBd4ViQCMRwI5IcEhi9usW+q3e/X08VuI2t/tb2Nv+5fPbqTzQ6q1w TD4vQOT8YrTP4i+MKDOUkXoVePidmVNVHmChEgANqCMQfQ85gcHT6ldq1l+GADJ9 pVLZi6qjA3T/ePS70Dox/TAy/saKXO7hQhtlj4V4vKm2EGh0hvZzdS6wkvMHORuq z6abtXAa96M= =tBfC -----END PGP SIGNATURE-----
diff -Nru gnuplot-5.4.1+dfsg1/debian/changelog gnuplot-5.4.1+dfsg1/debian/changelog --- gnuplot-5.4.1+dfsg1/debian/changelog 2020-12-03 22:27:21.000000000 +0100 +++ gnuplot-5.4.1+dfsg1/debian/changelog 2021-12-25 19:15:06.000000000 +0100 @@ -1,3 +1,9 @@ +gnuplot (5.4.1+dfsg1-1+deb11u1) bullseye; urgency=medium + + * Fix divide by zero vulnerability. CVE-2021-44917. (Closes: #1002539) + + -- Anton Gladky <gl...@debian.org> Sat, 25 Dec 2021 19:15:06 +0100 + gnuplot (5.4.1+dfsg1-1) unstable; urgency=medium * [945257b] New upstream version 5.4.1+dfsg1 diff -Nru gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml --- gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml 2020-09-24 23:46:23.000000000 +0200 +++ gnuplot-5.4.1+dfsg1/debian/.gitlab-ci.yml 2021-12-25 19:15:06.000000000 +0100 @@ -1,3 +1,4 @@ include: - - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml - - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml +variables: + RELEASE: 'bullseye' diff -Nru gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch --- gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnuplot-5.4.1+dfsg1/debian/patches/CVE-2021-44917.patch 2021-12-25 19:15:06.000000000 +0100 @@ -0,0 +1,114 @@ +Description: <short summary of the patch> + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + gnuplot (5.4.2+dfsg2-1) unstable; urgency=medium + . + * [4370a18] Update d/watch + * [7d7c5c0] New upstream version 5.4.2+dfsg1.orig + * [97d5d83] Refresh patches + * [9d8bbae] Update gitlab.ci + * [e168129] Use secure URI in debian/watch. + * [08324bf] Bump debhelper from old 12 to 13. + * [3a47530] Update standards version to 4.5.1, no changes needed. + * [ba4a50d] Avoid explicitly specifying -Wl,--as-needed linker flag. + * [9ce752b] Set Standards-Version: 4.6.0 + * [917e564] Use execute-syntax for some commands in d/rules +Author: Anton Gladky <gl...@debian.org> + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: <vendor|upstream|other>, <url of original patch> +Bug: <url in upstream bugtracker> +Bug-Debian: https://bugs.debian.org/<bugnumber> +Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber> +Forwarded: <no|not-needed|url proving that it has been forwarded> +Reviewed-By: <name and email of someone who approved the patch> +Last-Update: 2021-12-25 + +Index: gnuplot-5.4.1+dfsg1/src/set.c +=================================================================== +--- gnuplot-5.4.1+dfsg1.orig/src/set.c ++++ gnuplot-5.4.1+dfsg1/src/set.c +@@ -5058,18 +5058,6 @@ set_terminal() + fprintf(stderr,"Options are '%s'\n",term_options); + if ((term->flags & TERM_MONOCHROME)) + init_monochrome(); +- +- /* Sanity check: +- * The most common failure mode found by fuzzing is a divide-by-zero +- * caused by initializing the basic unit of the current terminal character +- * size to zero. I keep patching the individual terminals, but a generic +- * sanity check may at least prevent a crash due to mistyping. +- */ +- if (term->h_char <= 0 || term->v_char <= 0) { +- int_warn(NO_CARET, "invalid terminal font size"); +- term->h_char = 10; +- term->v_char = 10; +- } + } + + +Index: gnuplot-5.4.1+dfsg1/src/term.c +=================================================================== +--- gnuplot-5.4.1+dfsg1.orig/src/term.c ++++ gnuplot-5.4.1+dfsg1/src/term.c +@@ -235,6 +235,7 @@ static void UNKNOWN_null(void); + static void MOVE_null(unsigned int, unsigned int); + static void LINETYPE_null(int); + static void PUTTEXT_null(unsigned int, unsigned int, const char *); ++static TBOOLEAN sanity_check_font_size(void); + + static int strlen_tex(const char *); + +@@ -516,6 +517,8 @@ term_start_plot() + term_suspended = FALSE; + } + ++ sanity_check_font_size(); ++ + if (multiplot) + multiplot_count++; + +@@ -2920,3 +2923,21 @@ escape_reserved_chars(const char *str, c + + return escaped_str; + } ++ ++/* Sanity check: ++ * The most common program failure mode found by fuzzing is a divide-by-zero ++ * caused by initializing the basic unit of the current terminal character ++ * size to zero. I keep patching individual terminals, but a generic ++ * sanity check may at least prevent a crash due to typos. ++ */ ++static TBOOLEAN ++sanity_check_font_size() ++{ ++ if (!(0 < term->v_char && term->v_char < term->ymax) ++ || !(0 < term->h_char && term->h_char < term->xmax)) { ++ int_warn(NO_CARET, "Invalid terminal font size"); ++ term->v_char = term->h_char = 10; ++ return FALSE; ++ } ++ return TRUE; ++} +\ No newline at end of file +Index: gnuplot-5.4.1+dfsg1/term/emf.trm +=================================================================== +--- gnuplot-5.4.1+dfsg1.orig/term/emf.trm ++++ gnuplot-5.4.1+dfsg1/term/emf.trm +@@ -805,7 +805,7 @@ EMF_options() + new_defaultfontsize = real_expression(); + } + +- if (new_defaultfontsize > 0) ++ if ((0 < new_defaultfontsize) && (new_defaultfontsize < 999)) + emf_defaultfontsize = new_defaultfontsize; + + sprintf(term_options, "%s %s font \"%s,%g\"", diff -Nru gnuplot-5.4.1+dfsg1/debian/patches/series gnuplot-5.4.1+dfsg1/debian/patches/series --- gnuplot-5.4.1+dfsg1/debian/patches/series 2019-10-17 20:27:54.000000000 +0200 +++ gnuplot-5.4.1+dfsg1/debian/patches/series 2021-12-25 18:00:52.000000000 +0100 @@ -5,3 +5,4 @@ 10_removepicins.patch 11_fix_linkage_wx.patch 13_honour_SOURCE_DATE_EPOCH.patch +CVE-2021-44917.patch