Bug#817233: brotli: diff for NMU version 0.3.0+dfsg-2.1

[Raúl Benencia]

Control: tags 817233 + patch
Control: tags 817233 + pending

Hi Tomasz,

Attached is a patch with an NMU diff I've prepared for brotli. You can also
find the binary package in the following URL:

  http://mentors.debian.net/package/brotli

Alternatively, one can download the package with dget using this command:

  dget -x 
http://mentors.debian.net/debian/pool/main/b/brotli/brotli_0.3.0+dfsg-2.1.dsc

Cheers,
Rul

diff -Nru brotli-0.3.0+dfsg/debian/changelog brotli-0.3.0+dfsg/debian/changelog
--- brotli-0.3.0+dfsg/debian/changelog	2016-02-15 00:59:52.000000000 -0800
+++ brotli-0.3.0+dfsg/debian/changelog	2016-03-14 08:40:08.000000000 -0700
@@ -1,3 +1,10 @@
+brotli (0.3.0+dfsg-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fixes for CVE-2016-1968 and CVE-2016-1624 (Closes: #817233)
+
+ -- Raúl Benencia <r...@kalgan.cc>  Mon, 14 Mar 2016 08:36:44 -0700
+
 brotli (0.3.0+dfsg-2) unstable; urgency=medium
 
   * d/copyright: update to MIT
diff -Nru brotli-0.3.0+dfsg/debian/patches/fix-integer-underflow.patch brotli-0.3.0+dfsg/debian/patches/fix-integer-underflow.patch
--- brotli-0.3.0+dfsg/debian/patches/fix-integer-underflow.patch	1969-12-31 16:00:00.000000000 -0800
+++ brotli-0.3.0+dfsg/debian/patches/fix-integer-underflow.patch	2016-03-14 08:58:36.000000000 -0700
@@ -0,0 +1,19 @@
+Description: Fix integer underflow
+ Fixes for CVE-2016-1968 and CVE-2016-1624
+Origin: https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
+Bug-Debian: https://bugs.debian.org/817233
+Index: brotli-0.3.0+dfsg/dec/decode.c
+===================================================================
+--- brotli-0.3.0+dfsg.orig/dec/decode.c	2015-12-22 08:28:21.000000000 -0800
++++ brotli-0.3.0+dfsg/dec/decode.c	2016-03-14 08:46:10.635050201 -0700
+@@ -1688,6 +1688,10 @@
+   } else {
+     const uint8_t *ringbuffer_end_minus_copy_length =
+         s->ringbuffer_end - i;
++    /* Check for possible underflow and clamp the pointer to 0. */
++    if (PREDICT_FALSE(s->ringbuffer_end < (const uint8_t*)0 + i)) {
++        ringbuffer_end_minus_copy_length = 0;
++    }
+     uint8_t* copy_src = &s->ringbuffer[
+         (pos - s->distance_code) & s->ringbuffer_mask];
+     uint8_t* copy_dst = &s->ringbuffer[pos];
diff -Nru brotli-0.3.0+dfsg/debian/patches/series brotli-0.3.0+dfsg/debian/patches/series
--- brotli-0.3.0+dfsg/debian/patches/series	1969-12-31 16:00:00.000000000 -0800
+++ brotli-0.3.0+dfsg/debian/patches/series	2016-03-14 08:50:37.000000000 -0700
@@ -0,0 +1 @@
+fix-integer-underflow.patch

signature.asc
Description: PGP signature