Merge ~pushkarnk/ubuntu/+source/cura-engine:fix-2059171 into ubuntu/+source/cura-engine:ubuntu/devel

Proposed by Pushkar Kulkarni
Status: Merged
Merged at revision: 8f2259926667ed38f47ade27551568b9bd0ba289
Proposed branch: ~pushkarnk/ubuntu/+source/cura-engine:fix-2059171
Merge into: ubuntu/+source/cura-engine:ubuntu/devel
Diff against target: 53 lines (+31/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/0018-fix-buffer-overflow.patch (+23/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Graham Inggs (community) Approve
git-ubuntu import Pending
Review via email: mp+468332@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Pushkar Kulkarni (pushkarnk) wrote :

Test builds in PPA: https://launchpad.net/~pushkarnk/+archive/ubuntu/test-builds/+packages

Local autopkgtest run:
=====

$ autopkgtest --shell-fail --setup-commands="sudo apt update && \
      sudo apt install software-properties-common -y && \
      sudo add-apt-repository -y -u -s ppa:pushkarnk/test-builds"
  cura-engine \
  -- lxd autopkgtest/ubuntu/oracular/amd64

...
...

autopkgtest [17:12:08]: @@@@@@@@@@@@@@@@@@@@ summary
test-command-line PASS

=====

Revision history for this message
Graham Inggs (ginggs) wrote :

Looks good to me, uploaded!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index e02fa99..60a8a7f 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+cura-engine (1:5.0.0-4ubuntu1) oracular; urgency=medium
7+
8+ * d/patches: Add patch to fix a buffer overflow
9+ (LP: #2059171)
10+
11+ -- Pushkar Kulkarni <pushkar.kulkarni@canonical.com> Thu, 27 Jun 2024 14:24:41 +0530
12+
13 cura-engine (1:5.0.0-4build2) noble; urgency=medium
14
15 * No-change rebuild for CVE-2024-3094
16diff --git a/debian/patches/0018-fix-buffer-overflow.patch b/debian/patches/0018-fix-buffer-overflow.patch
17new file mode 100644
18index 0000000..57eef7a
19--- /dev/null
20+++ b/debian/patches/0018-fix-buffer-overflow.patch
21@@ -0,0 +1,23 @@
22+Description: Fixes a buffer-overflow in strcpy() because the
23+ destination buffer does not have space to accommodate
24+ the null character. This patch is irrelevant to the latest
25+ upstream.
26+Forwarded: not-needed
27+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/cura-engine/+bug/2059171
28+Author: Pushkar Kulkarni <pushkar.kulkarni@canonical.com>
29+--- a/src/utils/getpath.cpp
30++++ b/src/utils/getpath.cpp
31+@@ -28,10 +28,10 @@
32+ DWORD dir_path_size = path_size - (path_size - (file_name_start - buffer));
33+ std::string folder_name{buffer, dir_path_size};
34+ #else
35+- char buffer[filePath.size()];
36++ char buffer[filePath.size()+1];
37+ std::strcpy(buffer, filePath.c_str()); // copy the string because dirname(.) changes the input string!!!
38+ std::string folder_name{dirname(buffer)};
39+ #endif
40+ return folder_name;
41+ }
42+-}
43+\ No newline at end of file
44++}
45diff --git a/debian/patches/series b/debian/patches/series
46index 810ab50..ffdfdda 100644
47--- a/debian/patches/series
48+++ b/debian/patches/series
49@@ -14,3 +14,4 @@
50 0015-Add-missing-cstdint.patch
51 0016-Use-leaf-settings-in-favor-of-adhesion_extruder_nr.patch
52 0017-Round-from-double-to-cInt-explicitly-when-applying-m.patch
53+0018-fix-buffer-overflow.patch

Subscribers

People subscribed via source and target branches