Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected], [email protected] Control: affects -1 + src:capstone User: [email protected] Usertags: pu
This updates capstone to a new upstream version for fixing no-dsa CVE-2025-67873 and CVE-2025-68114. Except for a harmless CMake fix, the new upstream version contains only the CVE fixes.
diffstat for capstone-5.0.6 capstone-5.0.7 CMakeLists.txt | 6 +++--- ChangeLog | 9 +++++++++ SStream.c | 6 ++++++ SStream.h | 12 +++++++++++- bindings/python/capstone/__init__.py | 2 +- cs.c | 14 +++++++++----- debian/changelog | 17 +++++++++++++++++ debian/control | 2 +- include/capstone/capstone.h | 2 +- pkgconfig.mk | 2 +- 10 files changed, 59 insertions(+), 13 deletions(-) diff -Nru capstone-5.0.6/bindings/python/capstone/__init__.py capstone-5.0.7/bindings/python/capstone/__init__.py --- capstone-5.0.6/bindings/python/capstone/__init__.py 2025-03-23 17:48:02.000000000 +0200 +++ capstone-5.0.7/bindings/python/capstone/__init__.py 2026-02-10 00:30:40.000000000 +0200 @@ -180,7 +180,7 @@ # Package version CS_VERSION_MAJOR = CS_API_MAJOR CS_VERSION_MINOR = CS_API_MINOR -CS_VERSION_EXTRA = 6 +CS_VERSION_EXTRA = 7 __version__ = "%u.%u.%u" %(CS_VERSION_MAJOR, CS_VERSION_MINOR, CS_VERSION_EXTRA) diff -Nru capstone-5.0.6/ChangeLog capstone-5.0.7/ChangeLog --- capstone-5.0.6/ChangeLog 2025-03-23 17:48:02.000000000 +0200 +++ capstone-5.0.7/ChangeLog 2026-02-10 00:30:40.000000000 +0200 @@ -1,6 +1,15 @@ This file details the changelog of Capstone. -------------------------------- +Version 5.0.7: February 4th, 2026 + +## What's Changed +* Backport for 5.0.7 by @scribam in https://github.com/capstone-engine/capstone/pull/2785 +* CVE v5 backports by @Rot127 in https://github.com/capstone-engine/capstone/pull/2835 + +**Full Changelog**: https://github.com/capstone-engine/capstone/compare/5.0.6...5.0.7 + +-------------------------------- Version 5.0.6: March 23th, 2025 ## What's Changed diff -Nru capstone-5.0.6/CMakeLists.txt capstone-5.0.7/CMakeLists.txt --- capstone-5.0.6/CMakeLists.txt 2025-03-23 17:48:02.000000000 +0200 +++ capstone-5.0.7/CMakeLists.txt 2026-02-10 00:30:40.000000000 +0200 @@ -21,9 +21,9 @@ # Enable support for MSVC_RUNTIME_LIBRARY cmake_policy(SET CMP0091 NEW) -# Check if VERSION is provided externally, otherwise default to 5.0.3 -if(NOT DEFINED PROJECT_VERSION) - set(PROJECT_VERSION "5.0.6") +# Check if VERSION is provided externally, otherwise default to 5.0.7 +if(NOT DEFINED PROJECT_VERSION OR PROJECT_VERSION STREQUAL "") + set(PROJECT_VERSION "5.0.7") endif() # Use PROJECT_VERSION directly for CPack diff -Nru capstone-5.0.6/cs.c capstone-5.0.7/cs.c --- capstone-5.0.6/cs.c 2025-03-23 17:48:02.000000000 +0200 +++ capstone-5.0.7/cs.c 2026-02-10 00:30:40.000000000 +0200 @@ -976,10 +976,13 @@ skipdata_bytes = handle->skipdata_size; // we have to skip some amount of data, depending on arch & mode - insn_cache->id = 0; // invalid ID for this "data" instruction + // invalid ID for this "data" instruction + insn_cache->id = 0; insn_cache->address = offset; - insn_cache->size = (uint16_t)skipdata_bytes; - memcpy(insn_cache->bytes, buffer, skipdata_bytes); + insn_cache->size = (uint16_t)MIN( + skipdata_bytes, sizeof(insn_cache->bytes)); + memcpy(insn_cache->bytes, buffer, + MIN(skipdata_bytes, sizeof(insn_cache->bytes))); #ifdef CAPSTONE_DIET insn_cache->mnemonic[0] = '\0'; insn_cache->op_str[0] = '\0'; @@ -1181,12 +1184,13 @@ // we have to skip some amount of data, depending on arch & mode insn->id = 0; // invalid ID for this "data" instruction insn->address = *address; - insn->size = (uint16_t)skipdata_bytes; + insn->size = (uint16_t)MIN(skipdata_bytes, sizeof(insn->bytes)); + memcpy(insn->bytes, *code, + MIN(skipdata_bytes, sizeof(insn->bytes))); #ifdef CAPSTONE_DIET insn->mnemonic[0] = '\0'; insn->op_str[0] = '\0'; #else - memcpy(insn->bytes, *code, skipdata_bytes); strncpy(insn->mnemonic, handle->skipdata_setup.mnemonic, sizeof(insn->mnemonic) - 1); skipdata_opstr(insn->op_str, *code, skipdata_bytes); diff -Nru capstone-5.0.6/debian/changelog capstone-5.0.7/debian/changelog --- capstone-5.0.6/debian/changelog 2025-03-24 16:33:46.000000000 +0200 +++ capstone-5.0.7/debian/changelog 2026-03-04 18:22:48.000000000 +0200 @@ -1,3 +1,20 @@ +capstone (5.0.7-1~deb13u1) trixie; urgency=medium + + * Non-maintainer upload. + * Rebuild for trixie. + - CVE-2025-67873: cs_insn.bytes heap buffer overflow + - CVE-2025-68114: SStream_concat() stack buffer underflow&overflow + + -- Adrian Bunk <[email protected]> Wed, 04 Mar 2026 18:22:48 +0200 + +capstone (5.0.7-1) unstable; urgency=medium + + * Team upload. + * New upstream version 5.0.7 + * Bump Standards-Version + + -- Hilko Bengen <[email protected]> Sun, 15 Feb 2026 12:10:56 +0100 + capstone (5.0.6-1) unstable; urgency=medium * New upstream version 5.0.6 diff -Nru capstone-5.0.6/debian/control capstone-5.0.7/debian/control --- capstone-5.0.6/debian/control 2025-02-12 10:11:51.000000000 +0200 +++ capstone-5.0.7/debian/control 2026-02-15 13:10:28.000000000 +0200 @@ -7,7 +7,7 @@ python3-all-dev, python3-setuptools, cython3, -Standards-Version: 4.6.1 +Standards-Version: 4.7.3 Rules-Requires-Root: no Section: devel Homepage: https://www.capstone-engine.org/ diff -Nru capstone-5.0.6/include/capstone/capstone.h capstone-5.0.7/include/capstone/capstone.h --- capstone-5.0.6/include/capstone/capstone.h 2025-03-23 17:48:02.000000000 +0200 +++ capstone-5.0.7/include/capstone/capstone.h 2026-02-10 00:30:40.000000000 +0200 @@ -58,7 +58,7 @@ // Capstone package version #define CS_VERSION_MAJOR CS_API_MAJOR #define CS_VERSION_MINOR CS_API_MINOR -#define CS_VERSION_EXTRA 6 +#define CS_VERSION_EXTRA 7 /// Macro for meta programming. /// Meant for projects using Capstone and need to support multiple diff -Nru capstone-5.0.6/pkgconfig.mk capstone-5.0.7/pkgconfig.mk --- capstone-5.0.6/pkgconfig.mk 2025-03-23 17:48:02.000000000 +0200 +++ capstone-5.0.7/pkgconfig.mk 2026-02-10 00:30:40.000000000 +0200 @@ -6,7 +6,7 @@ PKG_MINOR = 0 # version bugfix level. Example: PKG_EXTRA = 1 -PKG_EXTRA = 6 +PKG_EXTRA = 7 # version tag. Examples: rc1, b2, post1 - or just comment out for no tag PKG_TAG = diff -Nru capstone-5.0.6/SStream.c capstone-5.0.7/SStream.c --- capstone-5.0.6/SStream.c 2025-03-23 17:48:02.000000000 +0200 +++ capstone-5.0.7/SStream.c 2026-02-10 00:30:40.000000000 +0200 @@ -33,6 +33,7 @@ #ifndef CAPSTONE_DIET unsigned int len = (unsigned int) strlen(s); + SSTREAM_OVERFLOW_CHECK(ss, len); memcpy(ss->buffer + ss->index, s, len); ss->index += len; ss->buffer[ss->index] = '\0'; @@ -42,6 +43,7 @@ void SStream_concat1(SStream *ss, const char c) { #ifndef CAPSTONE_DIET + SSTREAM_OVERFLOW_CHECK(ss, 1); ss->buffer[ss->index] = c; ss->index++; ss->buffer[ss->index] = '\0'; @@ -57,6 +59,10 @@ va_start(ap, fmt); ret = cs_vsnprintf(ss->buffer + ss->index, sizeof(ss->buffer) - (ss->index + 1), fmt, ap); va_end(ap); + if (ret < 0) { + return; + } + SSTREAM_OVERFLOW_CHECK(ss, ret); ss->index += ret; #endif } diff -Nru capstone-5.0.6/SStream.h capstone-5.0.7/SStream.h --- capstone-5.0.6/SStream.h 2025-03-23 17:48:02.000000000 +0200 +++ capstone-5.0.7/SStream.h 2026-02-10 00:30:40.000000000 +0200 @@ -6,8 +6,18 @@ #include "include/capstone/platform.h" +#define SSTREAM_BUF_LEN 512 + +#define SSTREAM_OVERFLOW_CHECK(OS, len) \ + do { \ + if (OS->index + len + 1 > SSTREAM_BUF_LEN) { \ + fprintf(stderr, "Buffer overflow caught!\n"); \ + return; \ + } \ + } while (0) + typedef struct SStream { - char buffer[512]; + char buffer[SSTREAM_BUF_LEN]; int index; } SStream;
