s/Cheery/Cherry/ Other than that, looks good to me.
Thanks for backporting this! Cheers, Jelmer On Tue, May 26, 2015 at 10:12:20PM +0200, Guido Günther wrote: > Hi, > attached is the debdiff for dulwich fixing CVE-2015-0838. Since this > is might first LTS upload it'd be happy about somebody having a second > look. > > The fix is a straight cherry pick from Wheezy. > > Cheers, > -- Guido > diff --git a/debian/changelog b/debian/changelog > index 87cc441..af8f8e9 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,9 @@ > +dulwich (0.6.1-1+deb6u1) squeeze-lts; urgency=high > + > + * CVE-2015-0838: Fix buffer overflow in C version of apply_delta() > + > + -- Guido Günther <a...@sigxcpu.org> Tue, 26 May 2015 21:46:59 +0200 > + > dulwich (0.6.1-1) unstable; urgency=low > > * New upstream release. > diff --git > a/debian/patches/CVE-2015-0838-Fix-buffer-overflow-in-C-version-of-ap.patch > b/debian/patches/CVE-2015-0838-Fix-buffer-overflow-in-C-version-of-ap.patch > new file mode 100644 > index 0000000..beee163 > --- /dev/null > +++ > b/debian/patches/CVE-2015-0838-Fix-buffer-overflow-in-C-version-of-ap.patch > @@ -0,0 +1,59 @@ > +From: =?utf-8?q?Jelmer_Vernoo=C4=B3?= <jel...@google.com> > +Date: Fri, 22 May 2015 15:01:47 +0200 > +Subject: CVE-2015-0838: Fix buffer overflow in C version of apply_delta() > + > +Cheery-picked from upstream commmit > +1c7e06f6ae53cf4a755fe734db7114be67daf35b. > +--- > + dulwich/_pack.c | 8 ++++++-- > + dulwich/tests/test_pack.py | 8 ++++++++ > + 2 files changed, 14 insertions(+), 2 deletions(-) > + > +diff --git a/dulwich/_pack.c b/dulwich/_pack.c > +index ee79b40..c6ab327 100644 > +--- a/dulwich/_pack.c > ++++ b/dulwich/_pack.c > +@@ -146,10 +146,14 @@ static PyObject *py_apply_delta(PyObject *self, > PyObject *args) > + break; > + memcpy(out+outindex, src_buf+cp_off, cp_size); > + outindex += cp_size; > ++ dest_size -= cp_size; > + } else if (cmd != 0) { > ++ if (cmd > dest_size) > ++ break; > + memcpy(out+outindex, delta+index, cmd); > + outindex += cmd; > +- index += cmd; > ++ index += cmd; > ++ dest_size -= cmd; > + } else { > + PyErr_SetString(PyExc_ValueError, "Invalid opcode 0"); > + Py_DECREF(ret); > +@@ -167,7 +171,7 @@ static PyObject *py_apply_delta(PyObject *self, PyObject > *args) > + return NULL; > + } > + > +- if (dest_size != outindex) { > ++ if (dest_size != 0) { > + PyErr_SetString(PyExc_ValueError, "dest size incorrect"); > + Py_DECREF(ret); > + return NULL; > +diff --git a/dulwich/tests/test_pack.py b/dulwich/tests/test_pack.py > +index b6aea48..2bbd674 100644 > +--- a/dulwich/tests/test_pack.py > ++++ b/dulwich/tests/test_pack.py > +@@ -155,6 +155,14 @@ class TestPackDeltas(TestCase): > + def test_overflow(self): > + self._test_roundtrip(self.test_string_empty, self.test_string_big) > + > ++ def test_dest_overflow(self): > ++ self.assertRaises( > ++ ValueError, > ++ apply_delta, 'a'*0x10000, '\x80\x80\x04\x80\x80\x04\x80' + > 'a'*0x10000) > ++ self.assertRaises( > ++ ValueError, > ++ apply_delta, '', '\x00\x80\x02\xb0\x11\x11') > ++ > + > + class TestPackData(PackTests): > + """Tests getting the data from the packfile.""" > diff --git a/debian/patches/series b/debian/patches/series > new file mode 100644 > index 0000000..7a0b9eb > --- /dev/null > +++ b/debian/patches/series > @@ -0,0 +1 @@ > +CVE-2015-0838-Fix-buffer-overflow-in-C-version-of-ap.patch -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150526214521.gb20...@jelmer.uk