--- Begin Message ---
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: weec...@packages.debian.org, Emmanuel Bouthenot
<kol...@debian.org>
Control: affects -1 + src:weechat
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package weechat
[ Reason ]
multiple CVEs
[ Impact ]
integer and buffer overflows, memory leak.
[ Tests ]
I am running the new version without problems.
[ Risks ]
Low, I read the diff and it is really only security updates.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other info ]
I am filling this to get this into trixie, @Emmanuel hope that is fine.
unblock weechat/4.6.3-1
diff -Nru weechat-4.6.1/CHANGELOG.md weechat-4.6.3/CHANGELOG.md
--- weechat-4.6.1/CHANGELOG.md 2025-04-09 13:33:19.000000000 +0200
+++ weechat-4.6.3/CHANGELOG.md 2025-05-11 11:22:11.000000000 +0200
@@ -1,5 +1,25 @@
# WeeChat ChangeLog
+## Version 4.6.3 (2025-05-11)
+
+### Fixed
+
+- core: fix integer overflow with decimal numbers in calculation of expression
+- core: fix integer overflow in base32 encoding/decoding
+- core: fix integer overflow in function util_version_number
+- core: fix buffer overflow in function util_parse_time
+- core: fix buffer overflow in function eval_syntax_highlight_colorize
+- core: fix buffer overflow in function eval_string_base_encode
+- core: fix buffer overflow in function eval_string_range_chars
+- core: fix memory leak in function util_parse_delay
+
+## Version 4.6.2 (2025-04-18)
+
+### Fixed
+
+- core: fix write of weechat.log to stdout with `weechat-headless --stdout`
([#2247](https://github.com/weechat/weechat/issues/2247))
+- core: add refresh of window title on buffer switch, when option
weechat.look.window_title is set
+
## Version 4.6.1 (2025-04-09)
### Fixed
diff -Nru weechat-4.6.1/debian/changelog weechat-4.6.3/debian/changelog
--- weechat-4.6.1/debian/changelog 2025-04-16 22:31:07.000000000 +0200
+++ weechat-4.6.3/debian/changelog 2025-05-17 07:49:46.000000000 +0200
@@ -1,3 +1,10 @@
+weechat (4.6.3-1) unstable; urgency=medium
+
+ * New upstream release
+ - fixes multiple security vulnerabilities (Closes: #1104554)
+
+ -- Emmanuel Bouthenot <kol...@debian.org> Sat, 17 May 2025 05:49:46 +0000
+
weechat (4.6.1-1) unstable; urgency=medium
* New upstream release (Closes: #1102450, #1098090)
diff -Nru weechat-4.6.1/doc/en/weechat_plugin_api.en.adoc
weechat-4.6.3/doc/en/weechat_plugin_api.en.adoc
--- weechat-4.6.1/doc/en/weechat_plugin_api.en.adoc 2025-04-09
13:33:19.000000000 +0200
+++ weechat-4.6.3/doc/en/weechat_plugin_api.en.adoc 2025-05-11
11:22:11.000000000 +0200
@@ -15528,8 +15528,8 @@
Arguments:
-* _title_: new title for terminal (NULL to reset title); string is evaluated,
- so variables like `${info:version}` can be used
+* _title_: new title for terminal; string is evaluated, so variables like
+ `${info:version}` can be used
(see <<_string_eval_expression,string_eval_expression>>)
C example:
diff -Nru weechat-4.6.1/doc/fr/weechat_plugin_api.fr.adoc
weechat-4.6.3/doc/fr/weechat_plugin_api.fr.adoc
--- weechat-4.6.1/doc/fr/weechat_plugin_api.fr.adoc 2025-04-09
13:33:19.000000000 +0200
+++ weechat-4.6.3/doc/fr/weechat_plugin_api.fr.adoc 2025-05-11
11:22:11.000000000 +0200
@@ -15869,9 +15869,9 @@
Paramètres :
-* _title_ : nouveau titre pour le terminal (NULL pour réinitialiser le titre) ;
- la chaîne est évaluée, donc les variables comme `${info:version}` peuvent
- être utilisées (voir <<_string_eval_expression,string_eval_expression>>)
+* _title_ : nouveau titre pour le terminal ; la chaîne est évaluée, donc les
variables
+ comme `${info:version}` peuvent être utilisées
+ (voir <<_string_eval_expression,string_eval_expression>>)
Exemple en C :
diff -Nru weechat-4.6.1/doc/it/weechat_plugin_api.it.adoc
weechat-4.6.3/doc/it/weechat_plugin_api.it.adoc
--- weechat-4.6.1/doc/it/weechat_plugin_api.it.adoc 2025-04-09
13:33:19.000000000 +0200
+++ weechat-4.6.3/doc/it/weechat_plugin_api.it.adoc 2025-05-11
11:22:11.000000000 +0200
@@ -16302,8 +16302,8 @@
Argomenti:
// TRANSLATION MISSING
-* _title_: nuovo titolo per il terminale (NULL per resettarlo);
- string is evaluated, so variables like `${info:version}` can be used
+* _title_: nuovo titolo per il terminale; string is evaluated, so variables
+ like `${info:version}` can be used
(see <<_string_eval_expression,string_eval_expression>>)
Esempio in C:
diff -Nru weechat-4.6.1/doc/ja/weechat_plugin_api.ja.adoc
weechat-4.6.3/doc/ja/weechat_plugin_api.ja.adoc
--- weechat-4.6.1/doc/ja/weechat_plugin_api.ja.adoc 2025-04-09
13:33:19.000000000 +0200
+++ weechat-4.6.3/doc/ja/weechat_plugin_api.ja.adoc 2025-05-11
11:22:11.000000000 +0200
@@ -15797,8 +15797,8 @@
引数:
-* _title_: 端末の新しいタイトル (タイトルをリセットする場合は NULL);
- この文字列は評価されるため、文字列内に `${info:version}` などの変数を含めることが可能です
+* _title_: 端末の新しいタイトル; この文字列は評価されるため、文字列内に
+ `${info:version}` などの変数を含めることが可能です
(<<_string_eval_expression,string_eval_expression>> を参照)
C 言語での使用例:
diff -Nru weechat-4.6.1/doc/sr/weechat_plugin_api.sr.adoc
weechat-4.6.3/doc/sr/weechat_plugin_api.sr.adoc
--- weechat-4.6.1/doc/sr/weechat_plugin_api.sr.adoc 2025-04-09
13:33:19.000000000 +0200
+++ weechat-4.6.3/doc/sr/weechat_plugin_api.sr.adoc 2025-05-11
11:22:11.000000000 +0200
@@ -15104,7 +15104,9 @@
Аргументи:
-* _title_: нови наслов за терминал (NULL ако желите да ресетујете наслов);
стринг се израчунава, тако да је могуће коришћење променљивих као што је
`${info:version}` (погледајте
<<_string_eval_expression,string_eval_expression>>)
+* _title_: нови наслов за терминал; стринг се израчунава, тако да је могуће
+ коришћење променљивих као што је `${info:version}`
+ (погледајте <<_string_eval_expression,string_eval_expression>>)
C пример:
diff -Nru weechat-4.6.1/src/core/core-calc.c weechat-4.6.3/src/core/core-calc.c
--- weechat-4.6.1/src/core/core-calc.c 2025-04-09 13:33:19.000000000 +0200
+++ weechat-4.6.3/src/core/core-calc.c 2025-05-11 11:22:11.000000000 +0200
@@ -336,9 +336,9 @@
struct t_arraylist *list_values, *list_ops;
const char *ptr_expr, *ptr_expr2;
char str_result[64], *ptr_operator, *operator;
- int index_op, decimals;
+ int index_op;
enum t_calc_symbol last_symbol;
- double value, factor, *ptr_value;
+ double value, factor, decimals, *ptr_value;
list_values = NULL;
list_ops = NULL;
diff -Nru weechat-4.6.1/src/core/core-config.c
weechat-4.6.3/src/core/core-config.c
--- weechat-4.6.1/src/core/core-config.c 2025-04-09 13:33:19.000000000
+0200
+++ weechat-4.6.3/src/core/core-config.c 2025-05-11 11:22:11.000000000
+0200
@@ -498,12 +498,8 @@
(void) data;
(void) option;
- if (gui_init_ok
- || (CONFIG_STRING(config_look_window_title)
- && CONFIG_STRING(config_look_window_title)[0]))
- {
+ if (gui_init_ok)
gui_window_set_title (CONFIG_STRING(config_look_window_title));
- }
}
/*
diff -Nru weechat-4.6.1/src/core/core-eval.c weechat-4.6.3/src/core/core-eval.c
--- weechat-4.6.1/src/core/core-eval.c 2025-04-09 13:33:19.000000000 +0200
+++ weechat-4.6.3/src/core/core-eval.c 2025-05-11 11:22:11.000000000 +0200
@@ -300,6 +300,9 @@
string = NULL;
result = NULL;
+ if (!range || !range[0])
+ goto end;
+
for (i = 0; eval_range_chars[i][0]; i++)
{
if (strcmp (range, eval_range_chars[i][0]) == 0)
@@ -309,11 +312,15 @@
char1 = utf8_char_int (range);
/* next char must be '-' */
+ if (!range[0])
+ goto end;
ptr_char = utf8_next_char (range);
if (!ptr_char || !ptr_char[0] || (ptr_char[0] != '-'))
goto end;
/* next char is the char2 */
+ if (!range[0])
+ goto end;
ptr_char = utf8_next_char (ptr_char);
if (!ptr_char || !ptr_char[0])
goto end;
@@ -894,7 +901,7 @@
ptr_string++;
length = strlen (ptr_string);
- result = malloc ((length * 4) + 1);
+ result = malloc ((length * 4) + 8 + 1);
if (!result)
goto end;
@@ -1572,7 +1579,8 @@
else if (ptr_value[0] == '-')
color--;
}
- ptr_value++;
+ if (ptr_value[0])
+ ptr_value++;
if (config_num_eval_syntax_colors > 0)
{
string_dyn_concat (
diff -Nru weechat-4.6.1/src/core/core-log.c weechat-4.6.3/src/core/core-log.c
--- weechat-4.6.1/src/core/core-log.c 2025-04-09 13:33:19.000000000 +0200
+++ weechat-4.6.3/src/core/core-log.c 2025-05-11 11:22:11.000000000 +0200
@@ -70,21 +70,22 @@
{
weechat_log_file = stdout;
}
- else if (filename)
- {
- weechat_log_filename = strdup (filename);
- }
else
{
- string_asprintf (&weechat_log_filename,
- "%s/%s", weechat_state_dir, WEECHAT_LOG_NAME);
+ if (filename)
+ {
+ weechat_log_filename = strdup (filename);
+ }
+ else
+ {
+ string_asprintf (&weechat_log_filename,
+ "%s/%s", weechat_state_dir, WEECHAT_LOG_NAME);
+ }
+ if (!weechat_log_filename)
+ return 0;
+ weechat_log_file = fopen (weechat_log_filename, mode);
}
- if (!weechat_log_filename)
- return 0;
-
- weechat_log_file = fopen (weechat_log_filename, mode);
-
if (!weechat_log_file)
{
if (weechat_log_filename)
diff -Nru weechat-4.6.1/src/core/core-string.c
weechat-4.6.3/src/core/core-string.c
--- weechat-4.6.1/src/core/core-string.c 2025-04-09 13:33:19.000000000
+0200
+++ weechat-4.6.3/src/core/core-string.c 2025-05-11 11:22:11.000000000
+0200
@@ -3570,7 +3570,8 @@
string_base32_encode (const char *from, int length, char *to)
{
unsigned char base32_table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
- int count, value, next, bits_left, pad, index;
+ unsigned int value;
+ int count, next, bits_left, pad, index;
int length_padding[8] = { 0, 0, 6, 0, 4, 3, 0, 2 };
if (!from || !to)
@@ -3648,7 +3649,8 @@
string_base32_decode (const char *from, char *to)
{
const char *ptr_from;
- int value, bits_left, count;
+ int bits_left, count;
+ unsigned int value;
unsigned char c;
if (!from || !to)
diff -Nru weechat-4.6.1/src/core/core-util.c weechat-4.6.3/src/core/core-util.c
--- weechat-4.6.1/src/core/core-util.c 2025-04-09 13:33:19.000000000 +0200
+++ weechat-4.6.3/src/core/core-util.c 2025-05-11 11:22:11.000000000 +0200
@@ -285,7 +285,8 @@
int
util_parse_time (const char *datetime, struct timeval *tv)
{
- char *string, *pos, *pos2, str_usec[16], *error, str_date[128];
+ char *string, *pos, *pos2, str_usec[16], *error;
+ char str_date[128], str_date2[256];
struct tm tm_date, tm_date_gm, tm_date_local, *local_time;
time_t time_now, time_gm, time_local;
long long value;
@@ -445,10 +446,10 @@
local_time = localtime (&time_now);
strftime (str_date, sizeof (str_date),
"%Y-%m-%dT", local_time);
- strcat (str_date, string);
+ snprintf (str_date2, sizeof (str_date2), "%s%s", str_date, string);
/* initialize structure, because strptime does not do it */
memset (&tm_date, 0, sizeof (struct tm));
- pos = strptime (str_date, "%Y-%m-%dT%H:%M:%S", &tm_date);
+ pos = strptime (str_date2, "%Y-%m-%dT%H:%M:%S", &tm_date);
if (pos)
{
if (use_local_time)
@@ -571,7 +572,6 @@
if ((pos > string_delay) && pos[0])
{
- str_number = string_strndup (string_delay, pos - string_delay);
if (strcmp (pos, "us") == 0)
factor = 1ULL;
else if (strcmp (pos, "ms") == 0)
@@ -584,6 +584,7 @@
factor = 1000ULL * 1000ULL * 60ULL * 60ULL;
else
return 0;
+ str_number = string_strndup (string_delay, pos - string_delay);
}
else
{
@@ -670,7 +671,9 @@
{
if (number < 0)
number = 0;
- else if (number > 0xFF)
+ else if ((i == 0) && (number > 0x7F))
+ number = 0x7F;
+ else if ((i > 0) && (number > 0xFF))
number = 0xFF;
version_int[i] = number;
}
diff -Nru weechat-4.6.1/src/gui/curses/gui-curses-main.c
weechat-4.6.3/src/gui/curses/gui-curses-main.c
--- weechat-4.6.1/src/gui/curses/gui-curses-main.c 2025-04-09
13:33:19.000000000 +0200
+++ weechat-4.6.3/src/gui/curses/gui-curses-main.c 2025-05-11
11:22:11.000000000 +0200
@@ -231,12 +231,7 @@
gui_term_cols, gui_term_lines, 100, 100))
{
gui_current_window = gui_windows;
-
- if (CONFIG_STRING(config_look_window_title)
- && CONFIG_STRING(config_look_window_title)[0])
- {
- gui_window_set_title (CONFIG_STRING(config_look_window_title));
- }
+ gui_window_set_title (CONFIG_STRING(config_look_window_title));
}
/* switch to buffer */
@@ -526,13 +521,6 @@
/* delete global history */
gui_history_global_free ();
- /* reset title */
- if (CONFIG_STRING(config_look_window_title)
- && CONFIG_STRING(config_look_window_title)[0])
- {
- gui_window_set_title (NULL);
- }
-
/* end color */
gui_color_end ();
diff -Nru weechat-4.6.1/src/gui/curses/gui-curses-window.c
weechat-4.6.3/src/gui/curses/gui-curses-window.c
--- weechat-4.6.1/src/gui/curses/gui-curses-window.c 2025-04-09
13:33:19.000000000 +0200
+++ weechat-4.6.3/src/gui/curses/gui-curses-window.c 2025-05-11
11:22:11.000000000 +0200
@@ -2479,13 +2479,11 @@
refresh ();
gui_window_read_terminal_size ();
refresh ();
- gui_window_set_title (
- (CONFIG_STRING(config_look_window_title)
- && CONFIG_STRING(config_look_window_title)[0]) ?
- CONFIG_STRING(config_look_window_title) : NULL);
}
gui_window_refresh_windows ();
+
+ gui_window_set_title (CONFIG_STRING(config_look_window_title));
}
/*
@@ -2573,15 +2571,17 @@
{
char *new_title, *envterm, *envshell, *shell, *shellname;
- envterm = getenv ("TERM");
- if (!envterm)
+ if (!title || !title[0])
return;
- new_title = (title && title[0]) ?
- eval_expression (title, NULL, NULL, NULL) : NULL;
+ new_title = eval_expression (title, NULL, NULL, NULL);
if (!new_title)
return;
+ envterm = getenv ("TERM");
+ if (!envterm)
+ return;
+
if (strcmp (envterm, "sun-cmd") == 0)
{
printf ("\033]l%s\033\\", new_title);
diff -Nru weechat-4.6.1/tests/unit/core/test-core-util.cpp
weechat-4.6.3/tests/unit/core/test-core-util.cpp
--- weechat-4.6.1/tests/unit/core/test-core-util.cpp 2025-04-09
13:33:19.000000000 +0200
+++ weechat-4.6.3/tests/unit/core/test-core-util.cpp 2025-05-11
11:22:11.000000000 +0200
@@ -537,4 +537,9 @@
LONGS_EQUAL(0x01010100, util_version_number ("1.1.1"));
LONGS_EQUAL(0x01010200, util_version_number ("1.1.2"));
LONGS_EQUAL(0x01020304, util_version_number ("1.2.3.4"));
+ LONGS_EQUAL(0x7EFFFFFF, util_version_number ("126.255.255.255"));
+ LONGS_EQUAL(0x7FFFFFFF, util_version_number ("127.255.255.255"));
+ LONGS_EQUAL(0x7FFFFFFF, util_version_number ("128.255.255.255"));
+ LONGS_EQUAL(0x7FFFFFFF, util_version_number ("255.255.255.255"));
+ LONGS_EQUAL(0x7FFFFFFF, util_version_number
("999999999.999999999.999999999.999999999"));;
}
diff -Nru weechat-4.6.1/UPGRADING.md weechat-4.6.3/UPGRADING.md
--- weechat-4.6.1/UPGRADING.md 2025-04-09 13:33:19.000000000 +0200
+++ weechat-4.6.3/UPGRADING.md 2025-05-11 11:22:11.000000000 +0200
@@ -7,6 +7,14 @@
For a list of all changes in each version, please see
[CHANGELOG.md](CHANGELOG.md).
+## Version 4.6.3
+
+### API function util_version_number
+
+An integer overflow has been fixed in the function
+[util_version_number](https://weechat.org/doc/weechat/plugin/#_util_version_number)
+which now returns a version up to "127.255.255.255" (0x7FFFFFFF).
+
## Version 4.6.0
### Relay remote commands
diff -Nru weechat-4.6.1/version.sh weechat-4.6.3/version.sh
--- weechat-4.6.1/version.sh 2025-04-09 13:33:19.000000000 +0200
+++ weechat-4.6.3/version.sh 2025-05-11 11:22:11.000000000 +0200
@@ -39,8 +39,8 @@
# devel-number the devel version as hex number ("0x04010000" for
"4.1.0-dev")
#
-weechat_stable="4.6.1"
-weechat_devel="4.6.1"
+weechat_stable="4.6.3"
+weechat_devel="4.6.3"
stable_major=$(echo "${weechat_stable}" | cut -d"." -f1)
stable_minor=$(echo "${weechat_stable}" | cut -d"." -f2)
--- End Message ---
