Version in base suite: 131.1.0-3 Base version: kissfft_131.1.0-3 Target version: kissfft_131.1.0-4.1~deb13u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/k/kissfft/kissfft_131.1.0-3.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/k/kissfft/kissfft_131.1.0-4.1~deb13u1.dsc changelog | 33 ++++ control | 4 copyright | 4 gitlab-ci.yml | 6 patches/0001-check-for-overflow-on-32-bit-platform-closes-120.patch | 36 ++++ patches/0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch | 82 ++++++++++ patches/cmake_4.patch | 27 +++ patches/series | 3 salsa-ci.yml | 3 9 files changed, 188 insertions(+), 10 deletions(-) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpwgm8t021/kissfft_131.1.0-3.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpwgm8t021/kissfft_131.1.0-4.1~deb13u1.dsc: no acceptable signature found diff -Nru kissfft-131.1.0/debian/changelog kissfft-131.1.0/debian/changelog --- kissfft-131.1.0/debian/changelog 2022-11-18 21:57:24.000000000 +0000 +++ kissfft-131.1.0/debian/changelog 2026-05-09 14:31:44.000000000 +0000 @@ -1,3 +1,36 @@ +kissfft (131.1.0-4.1~deb13u1) trixie; urgency=medium + + * Non-maintainer upload. + * Rebuild for trixie. + - Drop the CMake 4 fix. + + -- Adrian Bunk Sat, 09 May 2026 17:31:44 +0300 + +kissfft (131.1.0-4.1) unstable; urgency=medium + + * Non-maintainer upload. + * CVE-2025-34297: Integer Overflow on 32-bit Systems + (Closes: #1131147) + * CVE-2026-41445: Integer Overflow in kiss_fftndr_alloc() + (Closes: #1134493) + + -- Adrian Bunk Thu, 07 May 2026 14:02:10 +0300 + +kissfft (131.1.0-4) unstable; urgency=medium + + * Team upload. + + [ Vasyl Gello ] + * Fix lintian warnings + + [ Dylan Aïssi ] + * Cherry-pick upstream patch to improve compatibility with cmake 4 + * Update debian/salsa-ci.yml + * Switch Build-Dep from pkg-config to pkgconf + * Standards-Version: 4.7.2 (routine-update) + + -- Dylan Aïssi Thu, 25 Sep 2025 23:32:11 +0200 + kissfft (131.1.0-3) unstable; urgency=medium * [DNM] Try unmerged PRs diff -Nru kissfft-131.1.0/debian/control kissfft-131.1.0/debian/control --- kissfft-131.1.0/debian/control 2021-10-07 13:30:50.000000000 +0000 +++ kissfft-131.1.0/debian/control 2025-09-25 21:32:11.000000000 +0000 @@ -9,10 +9,10 @@ debhelper-compat (= 13), libfftw3-dev, libpng-dev, - pkg-config, + pkgconf, python3, python3-numpy, -Standards-Version: 4.6.0 +Standards-Version: 4.7.2 Rules-Requires-Root: no Homepage: https://github.com/mborgerding/kissfft Vcs-Git: https://salsa.debian.org/multimedia-team/kissfft.git diff -Nru kissfft-131.1.0/debian/copyright kissfft-131.1.0/debian/copyright --- kissfft-131.1.0/debian/copyright 2021-01-15 02:04:49.000000000 +0000 +++ kissfft-131.1.0/debian/copyright 2025-09-25 21:32:11.000000000 +0000 @@ -3,13 +3,13 @@ Source: https://github.com/mborgerding/kissfft Files: * -Copyright: 2003-2020, Mark Borgerding +Copyright: 2003-2022, Mark Borgerding License: BSD-3-clause Comment: Full list of contributors available from Github commit history Files: debian/* -Copyright: 2020 Vasyl Gello +Copyright: 2020-2022 Vasyl Gello License: BSD-3-clause Comment: License text retrieved from upstream LICENSES/BSD-3-Clause file diff -Nru kissfft-131.1.0/debian/gitlab-ci.yml kissfft-131.1.0/debian/gitlab-ci.yml --- kissfft-131.1.0/debian/gitlab-ci.yml 2021-01-15 02:04:49.000000000 +0000 +++ kissfft-131.1.0/debian/gitlab-ci.yml 1970-01-01 00:00:00.000000000 +0000 @@ -1,6 +0,0 @@ -include: - - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml - - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml - -variables: - RELEASE: 'unstable' diff -Nru kissfft-131.1.0/debian/patches/0001-check-for-overflow-on-32-bit-platform-closes-120.patch kissfft-131.1.0/debian/patches/0001-check-for-overflow-on-32-bit-platform-closes-120.patch --- kissfft-131.1.0/debian/patches/0001-check-for-overflow-on-32-bit-platform-closes-120.patch 1970-01-01 00:00:00.000000000 +0000 +++ kissfft-131.1.0/debian/patches/0001-check-for-overflow-on-32-bit-platform-closes-120.patch 2026-05-07 11:01:40.000000000 +0000 @@ -0,0 +1,36 @@ +From 9a13b3b7f8568ebdad4508447708ce6f509667ee Mon Sep 17 00:00:00 2001 +From: Mark Borgerding +Date: Wed, 26 Nov 2025 10:39:17 -0500 +Subject: check for overflow on 32 bit platform (closes #120) + +--- + kiss_fft.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/kiss_fft.c b/kiss_fft.c +index 58c24a0..aba63e0 100644 +--- a/kiss_fft.c ++++ b/kiss_fft.c +@@ -6,7 +6,7 @@ + * See COPYING file for more information. + */ + +- ++#include + #include "_kiss_fft_guts.h" + /* The guts header contains all the multiplication and addition macros that are defined for + fixed or floating point complex numbers. It also delares the kf_ internal functions. +@@ -339,6 +339,10 @@ kiss_fft_cfg kiss_fft_alloc(int nfft,int inverse_fft,void * mem,size_t * lenmem + KISS_FFT_ALIGN_CHECK(mem) + + kiss_fft_cfg st=NULL; ++ // check for overflow condition {memneeded > SIZE_MAX}. ++ if (nfft >= (SIZE_MAX - 2*sizeof(struct kiss_fft_state))/sizeof(kiss_fft_cpx)) ++ return NULL; ++ + size_t memneeded = KISS_FFT_ALIGN_SIZE_UP(sizeof(struct kiss_fft_state) + + sizeof(kiss_fft_cpx)*(nfft-1)); /* twiddle factors*/ + +-- +2.47.3 + diff -Nru kissfft-131.1.0/debian/patches/0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch kissfft-131.1.0/debian/patches/0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch --- kissfft-131.1.0/debian/patches/0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch 1970-01-01 00:00:00.000000000 +0000 +++ kissfft-131.1.0/debian/patches/0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch 2026-05-07 11:01:40.000000000 +0000 @@ -0,0 +1,82 @@ +From 566bef407b555cc2a6a9b492f01676c8167b317e Mon Sep 17 00:00:00 2001 +From: Mark Borgerding +Date: Sat, 31 Jan 2026 16:06:10 -0500 +Subject: kiss_fftndr_alloc: check for overflow (and _perhaps_ let combined + dims > INT_MAX) + +--- + kiss_fftndr.c | 28 ++++++++++++++++++++-------- + 1 file changed, 20 insertions(+), 8 deletions(-) + +diff --git a/kiss_fftndr.c b/kiss_fftndr.c +index e979d03..c1cd27b 100644 +--- a/kiss_fftndr.c ++++ b/kiss_fftndr.c +@@ -13,15 +13,15 @@ + struct kiss_fftndr_state + { + int dimReal; +- int dimOther; ++ size_t dimOther; + kiss_fftr_cfg cfg_r; + kiss_fftnd_cfg cfg_nd; + void * tmpbuf; + }; + +-static int prod(const int *dims, int ndims) ++static size_t prod(const int *dims, int ndims) + { +- int x=1; ++ size_t x=1; + while (ndims--) + x *= *dims++; + return x; +@@ -34,18 +34,30 @@ kiss_fftndr_cfg kiss_fftndr_alloc(const int *dims,int ndims,int inverse_fft,void + kiss_fftndr_cfg st = NULL; + size_t nr=0 , nd=0,ntmp=0; + int dimReal = dims[ndims-1]; +- int dimOther = prod(dims,ndims-1); ++ size_t dimOther = prod(dims,ndims-1); + size_t memneeded; + char * ptr = NULL; ++ int k,check; + + (void)kiss_fftr_alloc(dimReal,inverse_fft,NULL,&nr); + (void)kiss_fftnd_alloc(dims,ndims-1,inverse_fft,NULL,&nd); + ntmp = + MAX( 2*dimOther , dimReal+2) * sizeof(kiss_fft_scalar) // freq buffer for one pass +- + dimOther*(dimReal+2) * sizeof(kiss_fft_scalar); // large enough to hold entire input in case of in-place ++ + dimOther*(size_t)(dimReal+2) * sizeof(kiss_fft_scalar); // large enough to hold entire input in case of in-place + + memneeded = KISS_FFT_ALIGN_SIZE_UP(sizeof( struct kiss_fftndr_state )) + KISS_FFT_ALIGN_SIZE_UP(nr) + KISS_FFT_ALIGN_SIZE_UP(nd) + KISS_FFT_ALIGN_SIZE_UP(ntmp); + ++ /* check for overflow */ ++ check = memneeded; ++ for (k=0;kdimReal; +- int dimOther = st->dimOther; ++ size_t k1,k2; ++ size_t dimReal = (size_t)st->dimReal; ++ size_t dimOther = st->dimOther; + int nrbins = dimReal/2+1; + + kiss_fft_cpx * tmp1 = (kiss_fft_cpx*)st->tmpbuf; +-- +2.47.3 + diff -Nru kissfft-131.1.0/debian/patches/cmake_4.patch kissfft-131.1.0/debian/patches/cmake_4.patch --- kissfft-131.1.0/debian/patches/cmake_4.patch 1970-01-01 00:00:00.000000000 +0000 +++ kissfft-131.1.0/debian/patches/cmake_4.patch 2025-09-25 21:32:11.000000000 +0000 @@ -0,0 +1,27 @@ +From c519408e76191e1ffc301f6edcbd14559b8da298 Mon Sep 17 00:00:00 2001 +From: Christophe Marin +Date: Fri, 12 Sep 2025 07:15:57 +0200 +Subject: [PATCH] kissfft-config.cmake: Bump minimum version to 3.10 +Forwarded: https://github.com/mborgerding/kissfft/pull/101 +Origin: upstream, https://github.com/mborgerding/kissfft/commit/c519408 + +--------- + +Co-authored-by: Martin +--- + kissfft-config.cmake.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kissfft-config.cmake.in b/kissfft-config.cmake.in +index cd7139a..157fe75 100644 +--- a/kissfft-config.cmake.in ++++ b/kissfft-config.cmake.in +@@ -24,7 +24,7 @@ + + @PACKAGE_INIT@ + +-cmake_minimum_required(VERSION 3.3) ++cmake_minimum_required(VERSION 3.10) + + # Set include glob of config files using SHARED/static component, BUILD_SHARED_LIBS by default + set(_kissfft_shared_detected OFF) diff -Nru kissfft-131.1.0/debian/patches/series kissfft-131.1.0/debian/patches/series --- kissfft-131.1.0/debian/patches/series 2022-11-18 21:57:24.000000000 +0000 +++ kissfft-131.1.0/debian/patches/series 2026-05-09 14:31:44.000000000 +0000 @@ -2,3 +2,6 @@ 0002-PR69.patch 0003-PR70.patch 0004-libm.diff +#cmake_4.patch +0001-check-for-overflow-on-32-bit-platform-closes-120.patch +0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch diff -Nru kissfft-131.1.0/debian/salsa-ci.yml kissfft-131.1.0/debian/salsa-ci.yml --- kissfft-131.1.0/debian/salsa-ci.yml 1970-01-01 00:00:00.000000000 +0000 +++ kissfft-131.1.0/debian/salsa-ci.yml 2025-09-25 21:32:11.000000000 +0000 @@ -0,0 +1,3 @@ +--- +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml