Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: jessie
Severity: normal
This is an update to Jessie with a patch from git which fixes
CVE-2012-6706. The final clamav release is planned for the end of July,
this is the only commit in the libclamunrar part so far.
Sebastian
diff -Nru libclamunrar-0.99/debian/changelog libclamunrar-0.99/debian/changelog
--- libclamunrar-0.99/debian/changelog 2016-12-16 21:38:26.0 +0100
+++ libclamunrar-0.99/debian/changelog 2017-07-05 21:20:40.0 +0200
@@ -1,3 +1,10 @@
+libclamunrar (0.99-0+deb8u3) oldstable; urgency=medium
+
+ * Cherry pick fix for arbitrary memory write. CVE-2012-6706
+(Closes: #867223).
+
+ -- Sebastian Andrzej Siewior Wed, 05 Jul 2017 21:20:40 +0200
+
libclamunrar (0.99-0+deb8u2) stable; urgency=medium
* Add patches from upstream bugzilla bb11600 and bb11601 to fix out of band
diff -Nru libclamunrar-0.99/debian/.git-dpm libclamunrar-0.99/debian/.git-dpm
--- libclamunrar-0.99/debian/.git-dpm 2016-12-16 21:38:26.0 +0100
+++ libclamunrar-0.99/debian/.git-dpm 2017-07-05 21:19:45.0 +0200
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-e677e64787390c59bdb925be08113ebf47aed869
-e677e64787390c59bdb925be08113ebf47aed869
+bced92bf269023e533fa3433f57205aa77c40eec
+bced92bf269023e533fa3433f57205aa77c40eec
87f93791ab6959fd522bdf0b1211ff0480cff4c7
87f93791ab6959fd522bdf0b1211ff0480cff4c7
libclamunrar_0.99.orig.tar.xz
diff -Nru libclamunrar-0.99/debian/patches/series libclamunrar-0.99/debian/patches/series
--- libclamunrar-0.99/debian/patches/series 2016-12-16 21:38:26.0 +0100
+++ libclamunrar-0.99/debian/patches/series 2017-07-05 21:19:45.0 +0200
@@ -2,3 +2,4 @@
bb11600_pt2.patch
bb11601.patch
bb11601_pt2.patch
+unrar-adding-proposed-changes-to-fix-RAR-VMSF_DELTA-.patch
diff -Nru libclamunrar-0.99/debian/patches/unrar-adding-proposed-changes-to-fix-RAR-VMSF_DELTA-.patch libclamunrar-0.99/debian/patches/unrar-adding-proposed-changes-to-fix-RAR-VMSF_DELTA-.patch
--- libclamunrar-0.99/debian/patches/unrar-adding-proposed-changes-to-fix-RAR-VMSF_DELTA-.patch 1970-01-01 01:00:00.0 +0100
+++ libclamunrar-0.99/debian/patches/unrar-adding-proposed-changes-to-fix-RAR-VMSF_DELTA-.patch 2017-07-05 21:19:45.0 +0200
@@ -0,0 +1,173 @@
+From bced92bf269023e533fa3433f57205aa77c40eec Mon Sep 17 00:00:00 2001
+From: Mickey Sola
+Date: Thu, 29 Jun 2017 14:02:03 -0400
+Subject: unrar - adding proposed changes to fix RAR VMSF_DELTA Filter
+ Signedness error
+
+CVE: CVE-2012-6706: arbitrary memory write
+BTS: #867223
+Patch-Name: unrar-adding-proposed-changes-to-fix-RAR-VMSF_DELTA-.patch
+---
+ libclamunrar/unrarvm.c | 55 ++
+ 1 file changed, 29 insertions(+), 26 deletions(-)
+
+diff --git a/libclamunrar/unrarvm.c b/libclamunrar/unrarvm.c
+index 102fe2ebf044..b21e242fa72b 100644
+--- a/libclamunrar/unrarvm.c
b/libclamunrar/unrarvm.c
+@@ -213,9 +213,9 @@ void rarvm_addbits(rarvm_input_t *rarvm_input, int bits)
+
+ unsigned int rarvm_getbits(rarvm_input_t *rarvm_input)
+ {
+- unsigned int bit_field = 0;
++unsigned int bit_field = 0;
+
+- if (rarvm_input->in_addr < rarvm_input->buf_size) {
++if (rarvm_input->in_addr < rarvm_input->buf_size) {
+ bit_field = (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr] << 16;
+ if (rarvm_input->in_addr+1 < rarvm_input->buf_size) {
+ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8;
+@@ -314,10 +314,10 @@ static unsigned int *rarvm_get_operand(rarvm_data_t *rarvm_data,
+ }
+ }
+
+-static unsigned int filter_itanium_getbits(unsigned char *data, int bit_pos, int bit_count)
++static unsigned int filter_itanium_getbits(unsigned char *data, unsigned int bit_pos, unsigned int bit_count)
+ {
+- int in_addr=bit_pos/8;
+- int in_bit=bit_pos&7;
++ unsigned int in_addr=bit_pos/8;
++ unsigned int in_bit=bit_pos&7;
+ unsigned int bit_field=(unsigned int)data[in_addr++];
+ bit_field|=(unsigned int)data[in_addr++] << 8;
+ bit_field|=(unsigned int)data[in_addr++] << 16;
+@@ -326,10 +326,10 @@ static unsigned int filter_itanium_getbits(unsigned char *data, int bit_pos, int
+ return(bit_field & (0x>>(32-bit_count)));
+ }
+
+-static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field, int bit_pos, int bit_count)
++static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field, unsigned int bit_pos, unsigned int bit_count)
+ {
+- int i, in_addr=bit_pos/8;
+- int in_bit=bit_pos&7;
++ unsigned int i, in_addr=bit_pos/8;
++ unsigned int in_bit=bit_pos&7;
+ unsigned int and_mask=0x>>(32-bit_count);
+ and_mask=~(and_mask<