Debian Bug report logs - #685331
unblock: (pre-approval) src:calligra/1:2.4.3-2

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>

Date: Sun, 19 Aug 2012 20:12:01 UTC

Severity: normal

Done: Niels Thykier <niels@thykier.net>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, lisandro@debian.org, debian-qt-kde@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#685331; Package release.debian.org. (Sun, 19 Aug 2012 20:12:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>:
New Bug report received and forwarded. Copy sent to lisandro@debian.org, debian-qt-kde@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>. (Sun, 19 Aug 2012 20:12:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: (pre-approval) src:calligra/1:2.4.3-2
Date: Sun, 19 Aug 2012 17:08:32 -0300
[Message part 1 (text/plain, inline)]
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package src:calligra

Hi! I'm writing you to ask for pre-approval of an upload of calligra. The
changes are:

Important stuff:

- Backport upstream commit 7d72f7dd8d28d18c59a08a7d43bd4e0654043103 to fix
  a buffer overflow in the msword import filter; patch
  upstream_Make-sure-not-to-write-behind-the-allocated-memory.patch.
  (Closes: #684004) (CVE-2012-3456)
- Force the "kde" build system to dh_auto_configure, so the proper kdeinit
  handling is applied.
- Split some templates from calligra-data to their respective packages (#682763)
  This adds some Breaks+replaces to the packages to avoid installation problems.

Small stuff:

- Some changes in text descriptions of the packages.

I'm attaching the debdiff wrt the latest upload.

Kinds regards, Lisandro.

unblock src:calligra/1:2.4.3-2

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
[calligra_debdiff.patch (text/html, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#685331; Package release.debian.org. (Fri, 24 Aug 2012 07:45:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Niels Thykier <niels@thykier.net>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Fri, 24 Aug 2012 07:45:05 GMT) Full text and rfc822 format available.

Message #10 received at 685331@bugs.debian.org (full text, mbox):

From: Niels Thykier <niels@thykier.net>
To: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>, 685331@bugs.debian.org
Subject: Re: Bug#685331: unblock: (pre-approval) src:calligra/1:2.4.3-2
Date: Fri, 24 Aug 2012 09:41:44 +0200
Control: tags -1 moreinfo

On 2012-08-19 22:08, Lisandro Damián Nicanor Pérez Meyer wrote:
> Package: release.debian.org Severity: normal User:
> release.debian.org@packages.debian.org Usertags: unblock
> 
> Please unblock package src:calligra
> 
> Hi! I'm writing you to ask for pre-approval of an upload of
> calligra. The changes are:
> 
> Important stuff:
> 
> - Backport upstream commit 7d72f7dd8d28d18c59a08a7d43bd4e0654043103
> to fix a buffer overflow in the msword import filter; patch 
> upstream_Make-sure-not-to-write-behind-the-allocated-memory.patch. 
> (Closes: #684004) (CVE-2012-3456) - Force the "kde" build system to
> dh_auto_configure, so the proper kdeinit handling is applied. -
> Split some templates from calligra-data to their respective
> packages (#682763) This adds some Breaks+replaces to the packages
> to avoid installation problems.
> 
> Small stuff:
> 
> - Some changes in text descriptions of the packages.
> 
> I'm attaching the debdiff wrt the latest upload.
> 
> Kinds regards, Lisandro.
> 
> unblock src:calligra/1:2.4.3-2
> 
> [...]

Hi,

The file you attached is not a diff, but some html page with a
redirect.  Could you please attach the real debdiff?

~Niels




Added tag(s) moreinfo. Request was from Niels Thykier <niels@thykier.net> to 685331-submit@bugs.debian.org. (Fri, 24 Aug 2012 07:45:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#685331; Package release.debian.org. (Fri, 24 Aug 2012 12:51:14 GMT) Full text and rfc822 format available.

Acknowledgement sent to Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Fri, 24 Aug 2012 12:51:14 GMT) Full text and rfc822 format available.

Message #17 received at 685331@bugs.debian.org (full text, mbox):

From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>
To: Niels Thykier <niels@thykier.net>
Cc: 685331@bugs.debian.org
Subject: Re: Bug#685331: unblock: (pre-approval) src:calligra/1:2.4.3-2
Date: Fri, 24 Aug 2012 09:49:31 -0300
[Message part 1 (text/plain, inline)]
Control: tags -1 - moreinfo

On Fri 24 Aug 2012 04:41:44 Niels Thykier escribió:
[snip]
> The file you attached is not a diff, but some html page with a
> redirect.  Could you please attach the real debdiff?

Oh, my mistake. My apologies for that. Please find the correct diff attached 
:-)

Kinds regards, Lisandro.

-- 
Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/
[calligra_debdiff.diff (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]

Removed tag(s) moreinfo. Request was from Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com> to 685331-submit@bugs.debian.org. (Fri, 24 Aug 2012 12:51:14 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#685331; Package release.debian.org. (Mon, 27 Aug 2012 20:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Niels Thykier <niels@thykier.net>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Mon, 27 Aug 2012 20:12:03 GMT) Full text and rfc822 format available.

Message #24 received at 685331@bugs.debian.org (full text, mbox):

From: Niels Thykier <niels@thykier.net>
To: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>, 685331@bugs.debian.org
Subject: Re: Bug#685331: unblock: (pre-approval) src:calligra/1:2.4.3-2
Date: Mon, 27 Aug 2012 22:08:48 +0200
On 2012-08-24 14:49, Lisandro Damián Nicanor Pérez Meyer wrote:
> +--- a/filters/words/msword-odf/wv2/src/styles.cpp
> ++++ b/filters/words/msword-odf/wv2/src/styles.cpp
> +@@ -248,6 +248,11 @@ throw(InvalidFormatException)
> + #ifdef WV2_DEBUG_STYLESHEET
> +         wvlog << "cbUPX: " << cbUPX << endl;
> + #endif
> ++        // do not overflow the allocated buffer grupx
> ++        if (offset + cbUPX > grupxLen) {
                ^^^^^^^^^^^^^^^^^^^^^^^^^

In my experience it is either

  if (offset + i < limit) { /* safe */ }

or

  if (offset + i >= limit) { /* abort */ }

Is "offset + cbUPX == grupxLen" really a "safe" index?

> ++            wvlog << "====> Error: grupx would overflow!" << endl;
> ++            return false;
> ++        }
> +         for ( U16 j = 0; j < cbUPX; ++j ) {
                             ^^^^^^^^^

This suggests it might not be...

> +             grupx[ offset + j ] = stream->readU8();  // read the whole UPX
> + #ifdef WV2_DEBUG_STYLESHEET
> +-- 
> +1.7.10.4
> +

~Niels




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#685331; Package release.debian.org. (Mon, 03 Sep 2012 21:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Mon, 03 Sep 2012 21:57:03 GMT) Full text and rfc822 format available.

Message #29 received at 685331@bugs.debian.org (full text, mbox):

From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>
To: Niels Thykier <niels@thykier.net>
Cc: 685331@bugs.debian.org
Subject: Re: Bug#685331: unblock: (pre-approval) src:calligra/1:2.4.3-2
Date: Mon, 3 Sep 2012 18:52:44 -0300
[Message part 1 (text/plain, inline)]
On Mon 27 Aug 2012 17:08:48 Niels Thykier escribió:
[snip]

Hi Niels! Sune Vuorela asked with upstream and they both reviewed the code to 
find that, while it was not very clear, it's actually safe.

> > ++        // do not overflow the allocated buffer grupx
> > ++        if (offset + cbUPX > grupxLen) {
> 
>                 ^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> In my experience it is either
> 
>   if (offset + i < limit) { /* safe */ }
> 
> or
> 
>   if (offset + i >= limit) { /* abort */ }
> 
> Is "offset + cbUPX == grupxLen" really a "safe" index?

OK, let's suppose "offset + cbUPX == grupxLen". Then...

> > ++            wvlog << "====> Error: grupx would overflow!" << endl;
> > ++            return false;
> > ++        }
> > +         for ( U16 j = 0; j < cbUPX; ++j ) {
> 
>                              ^^^^^^^^^
> 
> This suggests it might not be...
> 
> > +             grupx[ offset + j ] = stream->readU8();  // read the whole

In the above line, j would reach as maximum (cbUPX - 1), as the above for has 
"<" and not "<=".
In the next cupx for() loop, if (offset + cbUPX > grupxLen) will trigger.

So, this seems safe.

Kinds regards, and thanks for pointing this out :-)

Lisandro.

-- 
porque no respeta el orden natural en el que se leen las cosas
>¿por qué top-posting es tan molesto?
>>top-posting
>>>¿cuál es la peor molestia en los emails de respuesta?

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#685331; Package release.debian.org. (Tue, 04 Sep 2012 18:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Niels Thykier <niels@thykier.net>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Tue, 04 Sep 2012 18:51:03 GMT) Full text and rfc822 format available.

Message #34 received at 685331@bugs.debian.org (full text, mbox):

From: Niels Thykier <niels@thykier.net>
To: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>, 685331@bugs.debian.org
Subject: Re: Bug#685331: unblock: (pre-approval) src:calligra/1:2.4.3-2
Date: Tue, 04 Sep 2012 20:48:09 +0200
On 2012-09-03 23:52, Lisandro Damián Nicanor Pérez Meyer wrote:
> On Mon 27 Aug 2012 17:08:48 Niels Thykier escribió:
> [snip]
> 
> Hi Niels! Sune Vuorela asked with upstream and they both reviewed the code to 
> find that, while it was not very clear, it's actually safe.
> 
> [...]
> Kinds regards, and thanks for pointing this out :-)
> 
> Lisandro.
> 


Thanks.  Please go ahead then and ping us when it has been in unstable
for a couple of days.

~Niels





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#685331; Package release.debian.org. (Fri, 07 Sep 2012 16:33:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Fri, 07 Sep 2012 16:33:10 GMT) Full text and rfc822 format available.

Message #39 received at 685331@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Niels Thykier <niels@thykier.net>
Cc: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>, 685331@bugs.debian.org
Subject: Re: Bug#685331: unblock: (pre-approval) src:calligra/1:2.4.3-2
Date: Fri, 7 Sep 2012 18:29:17 +0200
On Tue, Sep 04, 2012 at 08:48:09PM +0200, Niels Thykier wrote:
> On 2012-09-03 23:52, Lisandro Damián Nicanor Pérez Meyer wrote:
> > On Mon 27 Aug 2012 17:08:48 Niels Thykier escribió:
> > [snip]
> > 
> > Hi Niels! Sune Vuorela asked with upstream and they both reviewed the code to 
> > find that, while it was not very clear, it's actually safe.
> > 
> > [...]
> > Kinds regards, and thanks for pointing this out :-)
> > 
> > Lisandro.
> > 
> 
> 
> Thanks.  Please go ahead then and ping us when it has been in unstable
> for a couple of days.

calligra 1:2.4.3-2 has been uploaded and built on all release archs.

Cheers,
        Moritz



Reply sent to Niels Thykier <niels@thykier.net>:
You have taken responsibility. (Fri, 07 Sep 2012 16:57:06 GMT) Full text and rfc822 format available.

Notification sent to Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>:
Bug acknowledged by developer. (Fri, 07 Sep 2012 16:57:06 GMT) Full text and rfc822 format available.

Message #44 received at 685331-done@bugs.debian.org (full text, mbox):

From: Niels Thykier <niels@thykier.net>
To: Moritz Muehlenhoff <jmm@inutil.org>, 685331-done@bugs.debian.org
Cc: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>
Subject: Re: Bug#685331: unblock: (pre-approval) src:calligra/1:2.4.3-2
Date: Fri, 07 Sep 2012 18:54:07 +0200
On 2012-09-07 18:29, Moritz Muehlenhoff wrote:
> [...]
>>
>>
>> Thanks.  Please go ahead then and ping us when it has been in unstable
>> for a couple of days.
> 
> calligra 1:2.4.3-2 has been uploaded and built on all release archs.
> 
> Cheers,
>         Moritz
> 
> 

Unblocked, thanks.

~Niels




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 06 Oct 2012 07:25:54 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 07:17:01 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.