tags 665225 + pending thanks Dear maintainer,
I've prepared an NMU for libzip (versioned as 0.10.1-1.1) and will have it uploaded soon. Cheers Luk
diff -Nru libzip-0.10.1/debian/changelog libzip-0.10.1/debian/changelog --- libzip-0.10.1/debian/changelog 2012-05-21 14:18:18.000000000 +0200 +++ libzip-0.10.1/debian/changelog 2012-07-07 04:04:45.000000000 +0200 @@ -1,3 +1,11 @@ +libzip (0.10.1-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Re-enable tests + * Fix broken decrypt on amd64 (Closes: 665225). + + -- Luk Claes <l...@debian.org> Sat, 07 Jul 2012 02:03:46 +0000 + libzip (0.10.1-1) unstable; urgency=low * New upstream release: fix CVE-2012-1162 and CVE-2012-1163 diff -Nru libzip-0.10.1/debian/patches/fix_broken_decrypt.patch libzip-0.10.1/debian/patches/fix_broken_decrypt.patch --- libzip-0.10.1/debian/patches/fix_broken_decrypt.patch 1970-01-01 01:00:00.000000000 +0100 +++ libzip-0.10.1/debian/patches/fix_broken_decrypt.patch 2012-07-07 04:03:34.000000000 +0200 @@ -0,0 +1,38 @@ +Index: libzip-0.10.1/lib/zip_source_pkware.c +=================================================================== +--- libzip-0.10.1.orig/lib/zip_source_pkware.c 2012-03-15 09:27:50.000000000 +0000 ++++ libzip-0.10.1/lib/zip_source_pkware.c 2012-07-07 02:03:29.000000000 +0000 +@@ -49,10 +49,6 @@ + #define KEY1 591751049 + #define KEY2 878082192 + +-static const uLongf *crc = NULL; +- +-#define CRC32(c, b) (crc[((c) ^ (b)) & 0xff] ^ ((c) >> 8)) +- + + + static void decrypt(struct trad_pkware *, zip_uint8_t *, +@@ -80,9 +76,6 @@ + return NULL; + } + +- if (crc == NULL) +- crc = get_crc_table(); +- + if ((ctx=(struct trad_pkware *)malloc(sizeof(*ctx))) == NULL) { + _zip_error_set(&za->error, ZIP_ER_MEMORY, 0); + return NULL; +@@ -128,10 +121,10 @@ + out[i] = b; + + /* update keys */ +- ctx->key[0] = CRC32(ctx->key[0], b); ++ ctx->key[0] = crc32(ctx->key[0] ^ 0xffffffffUL, &b, 1) ^ 0xffffffffUL; + ctx->key[1] = (ctx->key[1] + (ctx->key[0] & 0xff)) * 134775813 + 1; + b = ctx->key[1] >> 24; +- ctx->key[2] = CRC32(ctx->key[2], b); ++ ctx->key[2] = crc32(ctx->key[2] ^ 0xffffffffUL, &b, 1) ^ 0xffffffffUL; + } + } + diff -Nru libzip-0.10.1/debian/patches/series libzip-0.10.1/debian/patches/series --- libzip-0.10.1/debian/patches/series 2011-05-01 16:50:49.000000000 +0200 +++ libzip-0.10.1/debian/patches/series 2012-07-07 04:00:38.000000000 +0200 @@ -1,2 +1,3 @@ fix_open_nonarchive_test.patch fix_zipconf_path.patch +fix_broken_decrypt.patch diff -Nru libzip-0.10.1/debian/rules libzip-0.10.1/debian/rules --- libzip-0.10.1/debian/rules 2012-05-21 14:24:13.000000000 +0200 +++ libzip-0.10.1/debian/rules 2012-07-07 03:59:33.000000000 +0200 @@ -5,5 +5,3 @@ %: dh $@ --parallel --list-missing --with autoreconf - -.PHONY: override_dh_auto_test