Version in base suite: 0.6.35-2

Base version: libsolv_0.6.35-2
Target version: libsolv_0.6.35-2+deb10u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/libs/libsolv/libsolv_0.6.35-2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/libs/libsolv/libsolv_0.6.35-2+deb10u1.dsc

 changelog                         |    9 +++++++++
 patches/0001_CVE-2019-20387.patch |   32 ++++++++++++++++++++++++++++++++
 patches/1006_various-types.patch  |    2 +-
 patches/series                    |    1 +
 4 files changed, 43 insertions(+), 1 deletion(-)

diff -Nru libsolv-0.6.35/debian/changelog libsolv-0.6.35/debian/changelog
--- libsolv-0.6.35/debian/changelog	2018-09-03 09:14:21.000000000 +0000
+++ libsolv-0.6.35/debian/changelog	2020-01-30 21:58:10.000000000 +0000
@@ -1,3 +1,12 @@
+libsolv (0.6.35-2+deb10u1) buster; urgency=medium
+
+  * debian/patches:
+    + CVE-2019-20387: Add 0001_CVE-2019-20387.patch. Resolves heap-based buffer
+      over-read in repodata.c (Closes: #949611).
+    + 1006_various-types.patch: Trivial rebase.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Thu, 30 Jan 2020 22:58:10 +0100
+
 libsolv (0.6.35-2) unstable; urgency=medium
 
   * debian/changelog: White-space cleanup in previous stanza.
diff -Nru libsolv-0.6.35/debian/patches/0001_CVE-2019-20387.patch libsolv-0.6.35/debian/patches/0001_CVE-2019-20387.patch
--- libsolv-0.6.35/debian/patches/0001_CVE-2019-20387.patch	1970-01-01 00:00:00.000000000 +0000
+++ libsolv-0.6.35/debian/patches/0001_CVE-2019-20387.patch	2020-01-30 17:50:22.000000000 +0000
@@ -0,0 +1,32 @@
+From fdb9c9c03508990e4583046b590c30d958f272da Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Tue, 6 Aug 2019 09:50:57 +0800
+Subject: [PATCH] repodata_schema2id: fix heap-buffer-overflow in memcmp
+
+When the length of last schema in data->schemadata is
+less than length of input schema, we got a read overflow
+in asan test.
+
+Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
+---
+ src/repodata.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/src/repodata.c
++++ b/src/repodata.c
+@@ -205,11 +205,13 @@
+   cid = schematahash[h];
+   if (cid)
+     {
+-      if (!memcmp(data->schemadata + data->schemata[cid], schema, len * sizeof(Id)))
++      if ((data->schemata[cid] + len <= data->schemadatalen) &&
++			  !memcmp(data->schemadata + data->schemata[cid], schema, len * sizeof(Id)))
+         return cid;
+       /* cache conflict, do a slow search */
+       for (cid = 1; cid < data->nschemata; cid++)
+-        if (!memcmp(data->schemadata + data->schemata[cid], schema, len * sizeof(Id)))
++        if ((data->schemata[cid] + len <= data->schemadatalen) &&
++				!memcmp(data->schemadata + data->schemata[cid], schema, len * sizeof(Id)))
+           return cid;
+     }
+   /* a new one */
diff -Nru libsolv-0.6.35/debian/patches/1006_various-types.patch libsolv-0.6.35/debian/patches/1006_various-types.patch
--- libsolv-0.6.35/debian/patches/1006_various-types.patch	2018-08-20 10:35:15.000000000 +0000
+++ libsolv-0.6.35/debian/patches/1006_various-types.patch	2020-01-30 21:58:10.000000000 +0000
@@ -87,7 +87,7 @@
  *-l* 'PKGSPEC'::
 --- a/src/rules.c
 +++ b/src/rules.c
-@@ -1583,7 +1583,7 @@
+@@ -1607,7 +1607,7 @@
  
        if (allowedarchs.count && pool->implicitobsoleteusescolors && installed && bestscore)
  	{
diff -Nru libsolv-0.6.35/debian/patches/series libsolv-0.6.35/debian/patches/series
--- libsolv-0.6.35/debian/patches/series	2018-04-24 10:45:47.000000000 +0000
+++ libsolv-0.6.35/debian/patches/series	2020-01-30 21:58:10.000000000 +0000
@@ -1,2 +1,3 @@
 1004_cmake-module-path-fix.patch
 1006_various-types.patch
+0001_CVE-2019-20387.patch