--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:kissfft
User: [email protected]
Usertags: pu
* CVE-2025-34297: Integer Overflow on 32-bit Systems
(Closes: #1131147)
* CVE-2026-41445: Integer Overflow in kiss_fftndr_alloc()
(Closes: #1134493)
cmake_4.patch is disabled in debian/patches/series,
the other changes from 131.1.0-4 look harmless enough.
diffstat for kissfft-131.1.0 kissfft-131.1.0
changelog | 33
++++
control | 4
copyright | 4
gitlab-ci.yml | 6
patches/0001-check-for-overflow-on-32-bit-platform-closes-120.patch | 36
++++
patches/0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch | 82
++++++++++
patches/cmake_4.patch | 27
+++
patches/series | 3
salsa-ci.yml | 3
9 files changed, 188 insertions(+), 10 deletions(-)
diff -Nru kissfft-131.1.0/debian/changelog kissfft-131.1.0/debian/changelog
--- kissfft-131.1.0/debian/changelog 2022-11-18 23:57:24.000000000 +0200
+++ kissfft-131.1.0/debian/changelog 2026-05-09 17:31:44.000000000 +0300
@@ -1,3 +1,36 @@
+kissfft (131.1.0-4.1~deb13u1) trixie; urgency=medium
+
+ * Non-maintainer upload.
+ * Rebuild for trixie.
+ - Don't include the CMake 4 fix.
+
+ -- Adrian Bunk <[email protected]> Sat, 09 May 2026 17:31:44 +0300
+
+kissfft (131.1.0-4.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2025-34297: Integer Overflow on 32-bit Systems
+ (Closes: #1131147)
+ * CVE-2026-41445: Integer Overflow in kiss_fftndr_alloc()
+ (Closes: #1134493)
+
+ -- Adrian Bunk <[email protected]> Thu, 07 May 2026 14:02:10 +0300
+
+kissfft (131.1.0-4) unstable; urgency=medium
+
+ * Team upload.
+
+ [ Vasyl Gello ]
+ * Fix lintian warnings
+
+ [ Dylan Aïssi ]
+ * Cherry-pick upstream patch to improve compatibility with cmake 4
+ * Update debian/salsa-ci.yml
+ * Switch Build-Dep from pkg-config to pkgconf
+ * Standards-Version: 4.7.2 (routine-update)
+
+ -- Dylan Aïssi <[email protected]> Thu, 25 Sep 2025 23:32:11 +0200
+
kissfft (131.1.0-3) unstable; urgency=medium
* [DNM] Try unmerged PRs
diff -Nru kissfft-131.1.0/debian/control kissfft-131.1.0/debian/control
--- kissfft-131.1.0/debian/control 2021-10-07 16:30:50.000000000 +0300
+++ kissfft-131.1.0/debian/control 2025-09-26 00:32:11.000000000 +0300
@@ -9,10 +9,10 @@
debhelper-compat (= 13),
libfftw3-dev,
libpng-dev,
- pkg-config,
+ pkgconf,
python3,
python3-numpy,
-Standards-Version: 4.6.0
+Standards-Version: 4.7.2
Rules-Requires-Root: no
Homepage: https://github.com/mborgerding/kissfft
Vcs-Git: https://salsa.debian.org/multimedia-team/kissfft.git
diff -Nru kissfft-131.1.0/debian/copyright kissfft-131.1.0/debian/copyright
--- kissfft-131.1.0/debian/copyright 2021-01-15 04:04:49.000000000 +0200
+++ kissfft-131.1.0/debian/copyright 2025-09-26 00:32:11.000000000 +0300
@@ -3,13 +3,13 @@
Source: https://github.com/mborgerding/kissfft
Files: *
-Copyright: 2003-2020, Mark Borgerding
+Copyright: 2003-2022, Mark Borgerding
License: BSD-3-clause
Comment: Full list of contributors available from
Github commit history
Files: debian/*
-Copyright: 2020 Vasyl Gello <[email protected]>
+Copyright: 2020-2022 Vasyl Gello <[email protected]>
License: BSD-3-clause
Comment: License text retrieved from upstream LICENSES/BSD-3-Clause file
diff -Nru kissfft-131.1.0/debian/gitlab-ci.yml
kissfft-131.1.0/debian/gitlab-ci.yml
--- kissfft-131.1.0/debian/gitlab-ci.yml 2021-01-15 04:04:49.000000000
+0200
+++ kissfft-131.1.0/debian/gitlab-ci.yml 1970-01-01 02:00:00.000000000
+0200
@@ -1,6 +0,0 @@
-include:
- - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
- - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
-
-variables:
- RELEASE: 'unstable'
diff -Nru
kissfft-131.1.0/debian/patches/0001-check-for-overflow-on-32-bit-platform-closes-120.patch
kissfft-131.1.0/debian/patches/0001-check-for-overflow-on-32-bit-platform-closes-120.patch
---
kissfft-131.1.0/debian/patches/0001-check-for-overflow-on-32-bit-platform-closes-120.patch
1970-01-01 02:00:00.000000000 +0200
+++
kissfft-131.1.0/debian/patches/0001-check-for-overflow-on-32-bit-platform-closes-120.patch
2026-05-07 14:01:40.000000000 +0300
@@ -0,0 +1,36 @@
+From 9a13b3b7f8568ebdad4508447708ce6f509667ee Mon Sep 17 00:00:00 2001
+From: Mark Borgerding <[email protected]>
+Date: Wed, 26 Nov 2025 10:39:17 -0500
+Subject: check for overflow on 32 bit platform (closes #120)
+
+---
+ kiss_fft.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/kiss_fft.c b/kiss_fft.c
+index 58c24a0..aba63e0 100644
+--- a/kiss_fft.c
++++ b/kiss_fft.c
+@@ -6,7 +6,7 @@
+ * See COPYING file for more information.
+ */
+
+-
++#include <stdint.h>
+ #include "_kiss_fft_guts.h"
+ /* The guts header contains all the multiplication and addition macros that
are defined for
+ fixed or floating point complex numbers. It also delares the kf_ internal
functions.
+@@ -339,6 +339,10 @@ kiss_fft_cfg kiss_fft_alloc(int nfft,int inverse_fft,void
* mem,size_t * lenmem
+ KISS_FFT_ALIGN_CHECK(mem)
+
+ kiss_fft_cfg st=NULL;
++ // check for overflow condition {memneeded > SIZE_MAX}.
++ if (nfft >= (SIZE_MAX - 2*sizeof(struct
kiss_fft_state))/sizeof(kiss_fft_cpx))
++ return NULL;
++
+ size_t memneeded = KISS_FFT_ALIGN_SIZE_UP(sizeof(struct kiss_fft_state)
+ + sizeof(kiss_fft_cpx)*(nfft-1)); /* twiddle factors*/
+
+--
+2.47.3
+
diff -Nru
kissfft-131.1.0/debian/patches/0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch
kissfft-131.1.0/debian/patches/0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch
---
kissfft-131.1.0/debian/patches/0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch
1970-01-01 02:00:00.000000000 +0200
+++
kissfft-131.1.0/debian/patches/0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch
2026-05-07 14:01:40.000000000 +0300
@@ -0,0 +1,82 @@
+From 566bef407b555cc2a6a9b492f01676c8167b317e Mon Sep 17 00:00:00 2001
+From: Mark Borgerding <[email protected]>
+Date: Sat, 31 Jan 2026 16:06:10 -0500
+Subject: kiss_fftndr_alloc: check for overflow (and _perhaps_ let combined
+ dims > INT_MAX)
+
+---
+ kiss_fftndr.c | 28 ++++++++++++++++++++--------
+ 1 file changed, 20 insertions(+), 8 deletions(-)
+
+diff --git a/kiss_fftndr.c b/kiss_fftndr.c
+index e979d03..c1cd27b 100644
+--- a/kiss_fftndr.c
++++ b/kiss_fftndr.c
+@@ -13,15 +13,15 @@
+ struct kiss_fftndr_state
+ {
+ int dimReal;
+- int dimOther;
++ size_t dimOther;
+ kiss_fftr_cfg cfg_r;
+ kiss_fftnd_cfg cfg_nd;
+ void * tmpbuf;
+ };
+
+-static int prod(const int *dims, int ndims)
++static size_t prod(const int *dims, int ndims)
+ {
+- int x=1;
++ size_t x=1;
+ while (ndims--)
+ x *= *dims++;
+ return x;
+@@ -34,18 +34,30 @@ kiss_fftndr_cfg kiss_fftndr_alloc(const int *dims,int
ndims,int inverse_fft,void
+ kiss_fftndr_cfg st = NULL;
+ size_t nr=0 , nd=0,ntmp=0;
+ int dimReal = dims[ndims-1];
+- int dimOther = prod(dims,ndims-1);
++ size_t dimOther = prod(dims,ndims-1);
+ size_t memneeded;
+ char * ptr = NULL;
++ int k,check;
+
+ (void)kiss_fftr_alloc(dimReal,inverse_fft,NULL,&nr);
+ (void)kiss_fftnd_alloc(dims,ndims-1,inverse_fft,NULL,&nd);
+ ntmp =
+ MAX( 2*dimOther , dimReal+2) * sizeof(kiss_fft_scalar) // freq
buffer for one pass
+- + dimOther*(dimReal+2) * sizeof(kiss_fft_scalar); // large enough to
hold entire input in case of in-place
++ + dimOther*(size_t)(dimReal+2) * sizeof(kiss_fft_scalar); // large
enough to hold entire input in case of in-place
+
+ memneeded = KISS_FFT_ALIGN_SIZE_UP(sizeof( struct kiss_fftndr_state )) +
KISS_FFT_ALIGN_SIZE_UP(nr) + KISS_FFT_ALIGN_SIZE_UP(nd) +
KISS_FFT_ALIGN_SIZE_UP(ntmp);
+
++ /* check for overflow */
++ check = memneeded;
++ for (k=0;k<ndims;++k) {
++ check /= dims[k];
++ if (check <= sizeof(kiss_fft_scalar)) {
++ if (lenmem!=NULL)
++ *lenmem = (size_t)(-1);
++ return NULL;
++ }
++ }
++
+ if (lenmem==NULL) {
+ ptr = (char*) malloc(memneeded);
+ }else{
+@@ -73,9 +85,9 @@ kiss_fftndr_cfg kiss_fftndr_alloc(const int *dims,int
ndims,int inverse_fft,void
+
+ void kiss_fftndr(kiss_fftndr_cfg st,const kiss_fft_scalar
*timedata,kiss_fft_cpx *freqdata)
+ {
+- int k1,k2;
+- int dimReal = st->dimReal;
+- int dimOther = st->dimOther;
++ size_t k1,k2;
++ size_t dimReal = (size_t)st->dimReal;
++ size_t dimOther = st->dimOther;
+ int nrbins = dimReal/2+1;
+
+ kiss_fft_cpx * tmp1 = (kiss_fft_cpx*)st->tmpbuf;
+--
+2.47.3
+
diff -Nru kissfft-131.1.0/debian/patches/cmake_4.patch
kissfft-131.1.0/debian/patches/cmake_4.patch
--- kissfft-131.1.0/debian/patches/cmake_4.patch 1970-01-01
02:00:00.000000000 +0200
+++ kissfft-131.1.0/debian/patches/cmake_4.patch 2025-09-26
00:32:11.000000000 +0300
@@ -0,0 +1,27 @@
+From c519408e76191e1ffc301f6edcbd14559b8da298 Mon Sep 17 00:00:00 2001
+From: Christophe Marin <[email protected]>
+Date: Fri, 12 Sep 2025 07:15:57 +0200
+Subject: [PATCH] kissfft-config.cmake: Bump minimum version to 3.10
+Forwarded: https://github.com/mborgerding/kissfft/pull/101
+Origin: upstream, https://github.com/mborgerding/kissfft/commit/c519408
+
+---------
+
+Co-authored-by: Martin <[email protected]>
+---
+ kissfft-config.cmake.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/kissfft-config.cmake.in b/kissfft-config.cmake.in
+index cd7139a..157fe75 100644
+--- a/kissfft-config.cmake.in
++++ b/kissfft-config.cmake.in
+@@ -24,7 +24,7 @@
+
+ @PACKAGE_INIT@
+
+-cmake_minimum_required(VERSION 3.3)
++cmake_minimum_required(VERSION 3.10)
+
+ # Set include glob of config files using SHARED/static component,
BUILD_SHARED_LIBS by default
+ set(_kissfft_shared_detected OFF)
diff -Nru kissfft-131.1.0/debian/patches/series
kissfft-131.1.0/debian/patches/series
--- kissfft-131.1.0/debian/patches/series 2022-11-18 23:57:24.000000000
+0200
+++ kissfft-131.1.0/debian/patches/series 2026-05-09 17:31:44.000000000
+0300
@@ -2,3 +2,6 @@
0002-PR69.patch
0003-PR70.patch
0004-libm.diff
+#cmake_4.patch
+0001-check-for-overflow-on-32-bit-platform-closes-120.patch
+0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch
diff -Nru kissfft-131.1.0/debian/salsa-ci.yml
kissfft-131.1.0/debian/salsa-ci.yml
--- kissfft-131.1.0/debian/salsa-ci.yml 1970-01-01 02:00:00.000000000 +0200
+++ kissfft-131.1.0/debian/salsa-ci.yml 2025-09-26 00:32:11.000000000 +0300
@@ -0,0 +1,3 @@
+---
+include:
+ -
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
--- End Message ---
