Bug#774820: wheezy-pu: clamav/0.98.5+dfsg-0+deb7u3

2015-01-15 Thread Sebastian Andrzej Siewior 
On 2015-01-14 19:45:18 [+], Adam D. Barratt wrote:
 Please go ahead; thanks.
thanks, uploaded. Its been my first upload so if something went wrong
please let me know (the upload has been accepted however).

 Regards,
 
 Adam

Sebastian


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150115180322.ga25...@breakpoint.cc

Bug#774820: wheezy-pu: clamav/0.98.5+dfsg-0+deb7u3

2015-01-15 Thread Adam D. Barratt 
Control: tags -1 + pending

On Thu, 2015-01-15 at 19:03 +0100, Sebastian Andrzej Siewior wrote:
 On 2015-01-14 19:45:18 [+], Adam D. Barratt wrote:
  Please go ahead; thanks.
 thanks, uploaded. Its been my first upload so if something went wrong
 please let me know (the upload has been accepted however).

It looks fine to me. :-)

Flagged for acceptance.

Regards,

Adam


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1421353338.29297.19.ca...@adam-barratt.org.uk

Processed: Re: Bug#774820: wheezy-pu: clamav/0.98.5+dfsg-0+deb7u3

2015-01-15 Thread Debian Bug Tracking System 
Processing control commands:

 tags -1 + pending
Bug #774820 [release.debian.org] wheezy-pu: clamav/0.98.5+dfsg-0+deb7u3
Added tag(s) pending.

-- 
774820: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774820
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/handler.s.b774820.142135334823078.transcr...@bugs.debian.org

Bug#774820: wheezy-pu: clamav/0.98.5+dfsg-0+deb7u3

2015-01-14 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Thu, 2015-01-08 at 00:42 +0100, Sebastian Andrzej Siewior wrote:
 I'd like to update the clamav package in Wheezy with the following change:
 |   * add mspack-fix-division-by-zero-in-chm-format-handling to fix divide
 | by zero in the chm unpacked. Found  patch by Jakub Wilk (Closes: 
 #774766).
 |   * add mspack-fix-overflow-in-pointer-arithmetic-on-32bit to avoid 
 overflow
 | in pointer arithmetic causing a segfault on 32bit (Closes: #774767).

Please go ahead; thanks.

Regards,

Adam


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1421264718.29297.8.ca...@adam-barratt.org.uk

Processed: Re: Bug#774820: wheezy-pu: clamav/0.98.5+dfsg-0+deb7u3

2015-01-14 Thread Debian Bug Tracking System 
Processing control commands:

 tags -1 + confirmed
Bug #774820 [release.debian.org] wheezy-pu: clamav/0.98.5+dfsg-0+deb7u3
Added tag(s) confirmed.

-- 
774820: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774820
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/handler.s.b774820.142126472818145.transcr...@bugs.debian.org

Bug#774820: wheezy-pu: clamav/0.98.5+dfsg-0+deb7u3

2015-01-07 Thread Sebastian Andrzej Siewior 
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian@packages.debian.org
Usertags: pu

Dear release team:

I'd like to update the clamav package in Wheezy with the following change:
|   * add mspack-fix-division-by-zero-in-chm-format-handling to fix divide
| by zero in the chm unpacked. Found  patch by Jakub Wilk (Closes: 
#774766).
|   * add mspack-fix-overflow-in-pointer-arithmetic-on-32bit to avoid overflow
| in pointer arithmetic causing a segfault on 32bit (Closes: #774767).

There are two equivalent bugs open against libmspack which is Jessie+
only.
Attaching a slightly edited .debdiff (the pointless index changes have
been removed).

Sebastian
diff -Nru clamav-0.98.5+dfsg/debian/changelog 
clamav-0.98.5+dfsg/debian/changelog
--- clamav-0.98.5+dfsg/debian/changelog 2015-01-04 00:41:33.0 +0100
+++ clamav-0.98.5+dfsg/debian/changelog 2015-01-07 21:59:47.0 +0100
@@ -1,3 +1,12 @@
+clamav (0.98.5+dfsg-0+deb7u3) stable; urgency=medium
+
+  * add mspack-fix-division-by-zero-in-chm-format-handling to fix divide
+by zero in the chm unpacked. Found  patch by Jakub Wilk (Closes: #774766).
+  * add mspack-fix-overflow-in-pointer-arithmetic-on-32bit to avoid overflow
+in pointer arithmetic causing a segfault on 32bit (Closes: #774767).
+
+ -- Sebastian Andrzej Siewior sebast...@breakpoint.cc  Wed, 07 Jan 2015 
21:56:21 +0100
+
 clamav (0.98.5+dfsg-0+deb7u2) stable; urgency=medium
 
   * Add libmspack-qtmd-fix-frame_end-overflow to avoid endless-loop on
diff -Nru clamav-0.98.5+dfsg/debian/.git-dpm clamav-0.98.5+dfsg/debian/.git-dpm
--- clamav-0.98.5+dfsg/debian/.git-dpm  2015-01-04 00:41:33.0 +0100
+++ clamav-0.98.5+dfsg/debian/.git-dpm  2015-01-07 21:59:47.0 +0100
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-a0449d2079c4ba5822e6567ad7094c10108f16cd
-a0449d2079c4ba5822e6567ad7094c10108f16cd
+1a5b9b3aba6e15f6c7371aa23adbc0600a0cf830
+1a5b9b3aba6e15f6c7371aa23adbc0600a0cf830
 14c3d5ca803fd6baa5ab413e87ca6d6bb2e26a3d
 14c3d5ca803fd6baa5ab413e87ca6d6bb2e26a3d
 clamav_0.98.5+dfsg.orig.tar.xz
diff -Nru 
clamav-0.98.5+dfsg/debian/patches/0019-mspack-fix-division-by-zero-in-chm-format-handling.patch
 
clamav-0.98.5+dfsg/debian/patches/0019-mspack-fix-division-by-zero-in-chm-format-handling.patch
--- 
clamav-0.98.5+dfsg/debian/patches/0019-mspack-fix-division-by-zero-in-chm-format-handling.patch
 1970-01-01 01:00:00.0 +0100
+++ 
clamav-0.98.5+dfsg/debian/patches/0019-mspack-fix-division-by-zero-in-chm-format-handling.patch
 2015-01-07 21:59:48.0 +0100
@@ -0,0 +1,30 @@
+From c673c5b4aabdd1d71fe9cc2df67f394e6038404d Mon Sep 17 00:00:00 2001
+From: Jakub Wilk jw...@debian.org
+Date: Wed, 7 Jan 2015 14:05:38 +0100
+Subject: mspack: fix division by zero in chm format handling
+
+Fix division by 0 error found by special crated .chm by AFL.
+
+BTS:
+   https://bugs.debian.org/774725
+   https://bugs.debian.org/774766
+
+[bigeasy: patch description]
+Signed-off-by: Sebastian Andrzej Siewior sebast...@breakpoint.cc
+---
+ libclamav/libmspack-0.4alpha/mspack/chmd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libclamav/libmspack-0.4alpha/mspack/chmd.c 
b/libclamav/libmspack-0.4alpha/mspack/chmd.c
+index 19dc47b..005c930 100644
+--- a/libclamav/libmspack-0.4alpha/mspack/chmd.c
 b/libclamav/libmspack-0.4alpha/mspack/chmd.c
+@@ -1123,7 +1123,7 @@ static int chmd_init_decomp(struct mschm_decompressor_p 
*self,
+   }
+ 
+   /* validate reset_interval */
+-  if (reset_interval % LZX_FRAME_SIZE) {
++  if (reset_interval % LZX_FRAME_SIZE || !reset_interval) {
+ D((bad controldata reset interval))
+ return self-error = MSPACK_ERR_DATAFORMAT;
+   }
diff -Nru 
clamav-0.98.5+dfsg/debian/patches/0020-mspack-fix-overflow-in-pointer-arithmetic-on-32bit.patch
 
clamav-0.98.5+dfsg/debian/patches/0020-mspack-fix-overflow-in-pointer-arithmetic-on-32bit.patch
--- 
clamav-0.98.5+dfsg/debian/patches/0020-mspack-fix-overflow-in-pointer-arithmetic-on-32bit.patch
 1970-01-01 01:00:00.0 +0100
+++ 
clamav-0.98.5+dfsg/debian/patches/0020-mspack-fix-overflow-in-pointer-arithmetic-on-32bit.patch
 2015-01-07 21:59:48.0 +0100
@@ -0,0 +1,63 @@
+From 1a5b9b3aba6e15f6c7371aa23adbc0600a0cf830 Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior sebast...@breakpoint.cc
+Date: Wed, 7 Jan 2015 21:31:36 +0100
+Subject: mspack: fix overflow in pointer arithmetic on 32bit
+
+There are two checks to ensure that the encoded length of the file name does 
not
+exceed the length of the memory where it is stored. That check is written as
+   p + name_len  end
+
+in general it works. On 32bit architectures it is possible that a large 
name_len
+overflows and p + name_len is less than p and therefore also less than end and
+the check does not catch it.
+Jakub rewrote the check as
+   name_len  end - p
+
+so name_len is compared against the remaining space in the memory chunk.
+