initial import from Debian

version 1.2.5-3
2025-07-19 11:06:09 +03:00
commit ddd46d4ba4
37 changed files with 2846 additions and 0 deletions
--- a/debian/patches/CVE-2025-26519-0001_iconv_fix_erroneous_input_validation_in_EUC_KR_decod.patch
+++ b/debian/patches/CVE-2025-26519-0001_iconv_fix_erroneous_input_validation_in_EUC_KR_decod.patch
@@ -0,0 +1,39 @@
+>From e5adcd97b5196e29991b524237381a0202a60659 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Sun, 9 Feb 2025 10:07:19 -0500
+Bug-Debian: https://bugs.debian.org/1098238
+Subject: [PATCH] iconv: fix erroneous input validation in EUC-KR decoder
+
+as a result of incorrect bounds checking on the lead byte being
+decoded, certain invalid inputs which should produce an encoding
+error, such as "\xc8\x41", instead produced out-of-bounds loads from
+the ksc table.
+
+in a worst case, the loaded value may not be a valid unicode scalar
+value, in which case, if the output encoding was UTF-8, wctomb would
+return (size_t)-1, causing an overflow in the output pointer and
+remaining buffer size which could clobber memory outside of the output
+buffer.
+
+bug report was submitted in private by Nick Wellnhofer on account of
+potential security implications.
+---
+ src/locale/iconv.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/locale/iconv.c b/src/locale/iconv.c
+index 9605c8e9..008c93f0 100644
+--- a/src/locale/iconv.c
+++ b/src/locale/iconv.c
+@@ -502,7 +502,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
+ 			if (c >= 93 || d >= 94) {
+ 				c += (0xa1-0x81);
+ 				d += 0xa1;
+-				if (c >= 93 || c>=0xc6-0x81 && d>0x52)
+				if (c > 0xc6-0x81 || c==0xc6-0x81 && d>0x52)
+ 					goto ilseq;
+ 				if (d-'A'<26) d = d-'A';
+ 				else if (d-'a'<26) d = d-'a'+26;
+-- 
+2.21.0
+
--- a/debian/patches/CVE-2025-26519-0002_iconv_harden_UTF_8_output_code_path_against_input_de.patch
+++ b/debian/patches/CVE-2025-26519-0002_iconv_harden_UTF_8_output_code_path_against_input_de.patch
@@ -0,0 +1,39 @@
+>From c47ad25ea3b484e10326f933e927c0bc8cded3da Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Wed, 12 Feb 2025 17:06:30 -0500
+Bug-Debian: https://bugs.debian.org/1098238
+Subject: [PATCH] iconv: harden UTF-8 output code path against input decoder
+ bugs
+
+the UTF-8 output code was written assuming an invariant that iconv's
+decoders only emit valid Unicode Scalar Values which wctomb can encode
+successfully, thereby always returning a value between 1 and 4.
+
+if this invariant is not satisfied, wctomb returns (size_t)-1, and the
+subsequent adjustments to the output buffer pointer and remaining
+output byte count overflow, moving the output position backwards,
+potentially past the beginning of the buffer, without storing any
+bytes.
+---
+ src/locale/iconv.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/locale/iconv.c b/src/locale/iconv.c
+index 008c93f0..52178950 100644
+--- a/src/locale/iconv.c
+++ b/src/locale/iconv.c
+@@ -545,6 +545,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
+ 				if (*outb < k) goto toobig;
+ 				memcpy(*out, tmp, k);
+ 			} else k = wctomb_utf8(*out, c);
+			/* This failure condition should be unreachable, but
+			 * is included to prevent decoder bugs from translating
+			 * into advancement outside the output buffer range. */
+			if (k>4) goto ilseq;
+ 			*out += k;
+ 			*outb -= k;
+ 			break;
+-- 
+2.21.0
+
+
--- a/debian/patches/renameat2.patch
+++ b/debian/patches/renameat2.patch
@@ -0,0 +1,57 @@
+From 05ce67fea99ca09cd4b6625cff7aec9cc222dd5a Mon Sep 17 00:00:00 2001
+From: Tony Ambardar <tony.ambardar@gmail.com>
+Date: Mon, 6 May 2024 20:28:32 -0700
+Subject: [PATCH] add renameat2 linux syscall wrapper
+
+This syscall is available since Linux 3.15 and also implemented in
+glibc from version 2.28. It is commonly used in filesystem or security
+contexts.
+
+Constants RENAME_NOREPLACE, RENAME_EXCHANGE, RENAME_WHITEOUT are
+guarded by _GNU_SOURCE as with glibc.
+---
+ include/stdio.h       |  7 +++++++
+ src/linux/renameat2.c | 11 +++++++++++
+ 2 files changed, 18 insertions(+)
+ create mode 100644 src/linux/renameat2.c
+
+Bug-Debian: https://bugs.debian.org/1105007
+
+diff --git a/include/stdio.h b/include/stdio.h
+index cb858618..4ea4c170 100644
+--- a/include/stdio.h
+++ b/include/stdio.h
+@@ -158,6 +158,13 @@ char *ctermid(char *);
+ #define L_ctermid 20
+ #endif
+ 
+#if defined(_GNU_SOURCE)
+#define RENAME_NOREPLACE (1 << 0)
+#define RENAME_EXCHANGE  (1 << 1)
+#define RENAME_WHITEOUT  (1 << 2)
+
+int renameat2(int, const char *, int, const char *, unsigned);
+#endif
+ 
+ #if defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) \
+  || defined(_BSD_SOURCE)
+diff --git a/src/linux/renameat2.c b/src/linux/renameat2.c
+new file mode 100644
+index 00000000..b8060388
+--- /dev/null
+++ b/src/linux/renameat2.c
+@@ -0,0 +1,11 @@
+#define _GNU_SOURCE
+#include <stdio.h>
+#include "syscall.h"
+
+int renameat2(int oldfd, const char *old, int newfd, const char *new, unsigned flags)
+{
+#ifdef SYS_renameat
+	if (!flags) return syscall(SYS_renameat, oldfd, old, newfd, new);
+#endif
+	return syscall(SYS_renameat2, oldfd, old, newfd, new, flags);
+}
+-- 
+2.49.0
+
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -0,0 +1,4 @@
+static-pie.patch
+CVE-2025-26519-0001_iconv_fix_erroneous_input_validation_in_EUC_KR_decod.patch
+CVE-2025-26519-0002_iconv_harden_UTF_8_output_code_path_against_input_de.patch
+renameat2.patch
--- a/debian/patches/static-pie.patch
+++ b/debian/patches/static-pie.patch
@@ -0,0 +1,99 @@
+From 0d79e34e6da9d9827cfb7c787e90524176248d67 Mon Sep 17 00:00:00 2001
+From: Harald Hoyer <harald@redhat.com>
+Date: Mon, 27 Apr 2020 14:32:07 +0200
+Bug-Debian: https://bugs.debian.org/996326
+Origin: https://www.openwall.com/lists/musl/2020/04/27/2
+Subject: [PATCH] Enable linking to a static position independent executable
+
+This also enables address space layout randomization (ASLR).
+
+$ cat hello.c
+
+int main()
+{
+  printf("main = 0x%lxd\n", main);
+  return 0;
+}
+
+$ gcc -fPIE -static-pie -o hello hello.c -specs musl-gcc.specs
+
+$ ldd hello
+	statically linked
+
+$ file hello
+hello: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), statically linked, with debug_info, not stripped, too many notes (256)
+
+$ ./hello
+main = 0x7f858c4e72b9d
+
+$ ./hello
+main = 0x7f0854d312b9d
+
+$ ./hello
+main = 0x7f7179a1d2b9d
+
+$ ./hello
+main = 0x7f37f981b2b9d
+
+$ readelf -l hello
+
+Elf file type is DYN (Shared object file)
+Entry point 0x104f
+There are 7 program headers, starting at offset 64
+
+Program Headers:
+  Type           Offset             VirtAddr           PhysAddr
+                 FileSiz            MemSiz              Flags  Align
+  LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000
+                 0x0000000000000308 0x0000000000000308  R      0x1000
+  LOAD           0x0000000000001000 0x0000000000001000 0x0000000000001000
+                 0x0000000000003eb7 0x0000000000003eb7  R E    0x1000
+  LOAD           0x0000000000005000 0x0000000000005000 0x0000000000005000
+                 0x000000000000136c 0x000000000000136c  R      0x1000
+  LOAD           0x0000000000006e50 0x0000000000007e50 0x0000000000007e50
+                 0x00000000000002e0 0x00000000000009a0  RW     0x1000
+  DYNAMIC        0x0000000000006e70 0x0000000000007e70 0x0000000000007e70
+                 0x0000000000000180 0x0000000000000180  RW     0x8
+  GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000
+                 0x0000000000000000 0x0000000000000000  RW     0x10
+  GNU_RELRO      0x0000000000006e50 0x0000000000007e50 0x0000000000007e50
+                 0x00000000000001b0 0x00000000000001b0  R      0x1
+
+ Section to Segment mapping:
+  Segment Sections...
+   00     .hash .gnu.hash .dynsym .dynstr .rela.dyn
+   01     .init .plt .text .fini
+   02     .rodata .eh_frame
+   03     .init_array .fini_array .data.rel.ro .dynamic .got .got.plt .data .bss
+   04     .dynamic
+   05
+   06     .init_array .fini_array .data.rel.ro .dynamic .got
+---
+ tools/musl-gcc.specs.sh | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+ mode change 100644 => 100755 tools/musl-gcc.specs.sh
+
+diff --git a/tools/musl-gcc.specs.sh b/tools/musl-gcc.specs.sh
+old mode 100644
+new mode 100755
+index 30492574..ed584ed3
+--- a/tools/musl-gcc.specs.sh
+++ b/tools/musl-gcc.specs.sh
+@@ -17,13 +17,13 @@ cat <<EOF
+ libgcc.a%s %:if-exists(libgcc_eh.a%s)
+ 
+ *startfile:
+-%{!shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
+%{shared:;static-pie:$libdir/rcrt1.o; :$libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
+ 
+ *endfile:
+ crtendS.o%s $libdir/crtn.o
+ 
+ *link:
+--dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{rdynamic:-export-dynamic}
+-dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{static-pie:-static -pie --no-dynamic-linker} %{rdynamic:-export-dynamic}
+ 
+ *esp_link:
+ 
+-- 
+2.26.2