Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal
This is an update to Stretch with a patch from git which fixes
CVE-2012-6706. The final clamav release is planned for the end of July,
this is the only commit in the libclamunrar part so far.
Sebastian
diff -Nru libclamunrar-0.99/debian/changelog libclamunrar-0.99/debian/changelog
--- libclamunrar-0.99/debian/changelog 2016-12-17 22:00:03.0 +0100
+++ libclamunrar-0.99/debian/changelog 2017-07-05 08:30:54.0 +0200
@@ -1,3 +1,10 @@
+libclamunrar (0.99-3+deb9u1) stable; urgency=medium
+
+ * Cherry pick fix for arbitrary memory write. CVE-2012-6706
+(Closes: #867223).
+
+ -- Sebastian Andrzej Siewior Wed, 05 Jul 2017 08:30:54 +0200
+
libclamunrar (0.99-3) unstable; urgency=medium
* Add a fixup for bb11601.
diff -Nru libclamunrar-0.99/debian/.git-dpm libclamunrar-0.99/debian/.git-dpm
--- libclamunrar-0.99/debian/.git-dpm 2016-12-16 21:56:07.0 +0100
+++ libclamunrar-0.99/debian/.git-dpm 2017-07-05 08:27:35.0 +0200
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-0b977ab3aaecd1e2e434474f30288eea3c029fe0
-0b977ab3aaecd1e2e434474f30288eea3c029fe0
+890a88f7d593eb6f3a13200103c6e49313eca3f1
+890a88f7d593eb6f3a13200103c6e49313eca3f1
87f93791ab6959fd522bdf0b1211ff0480cff4c7
87f93791ab6959fd522bdf0b1211ff0480cff4c7
libclamunrar_0.99.orig.tar.xz
diff -Nru libclamunrar-0.99/debian/patches/series libclamunrar-0.99/debian/patches/series
--- libclamunrar-0.99/debian/patches/series 2016-12-16 21:56:07.0 +0100
+++ libclamunrar-0.99/debian/patches/series 2017-07-05 08:27:35.0 +0200
@@ -3,3 +3,4 @@
bb11601.patch
drop_openssl_check.patch
bb11601_pt2.patch
+unrar-adding-proposed-changes-to-fix-RAR-VMSF_DELTA-.patch
diff -Nru libclamunrar-0.99/debian/patches/unrar-adding-proposed-changes-to-fix-RAR-VMSF_DELTA-.patch libclamunrar-0.99/debian/patches/unrar-adding-proposed-changes-to-fix-RAR-VMSF_DELTA-.patch
--- libclamunrar-0.99/debian/patches/unrar-adding-proposed-changes-to-fix-RAR-VMSF_DELTA-.patch 1970-01-01 01:00:00.0 +0100
+++ libclamunrar-0.99/debian/patches/unrar-adding-proposed-changes-to-fix-RAR-VMSF_DELTA-.patch 2017-07-05 08:27:35.0 +0200
@@ -0,0 +1,173 @@
+From 890a88f7d593eb6f3a13200103c6e49313eca3f1 Mon Sep 17 00:00:00 2001
+From: Mickey Sola
+Date: Thu, 29 Jun 2017 14:02:03 -0400
+Subject: unrar - adding proposed changes to fix RAR VMSF_DELTA Filter
+ Signedness error
+
+CVE: CVE-2012-6706: arbitrary memory write
+BTS: #867223
+Patch-Name: unrar-adding-proposed-changes-to-fix-RAR-VMSF_DELTA-.patch
+---
+ libclamunrar/unrarvm.c | 55 ++
+ 1 file changed, 29 insertions(+), 26 deletions(-)
+
+diff --git a/libclamunrar/unrarvm.c b/libclamunrar/unrarvm.c
+index 102fe2ebf044..b21e242fa72b 100644
+--- a/libclamunrar/unrarvm.c
b/libclamunrar/unrarvm.c
+@@ -213,9 +213,9 @@ void rarvm_addbits(rarvm_input_t *rarvm_input, int bits)
+
+ unsigned int rarvm_getbits(rarvm_input_t *rarvm_input)
+ {
+- unsigned int bit_field = 0;
++unsigned int bit_field = 0;
+
+- if (rarvm_input->in_addr < rarvm_input->buf_size) {
++if (rarvm_input->in_addr < rarvm_input->buf_size) {
+ bit_field = (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr] << 16;
+ if (rarvm_input->in_addr+1 < rarvm_input->buf_size) {
+ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8;
+@@ -314,10 +314,10 @@ static unsigned int *rarvm_get_operand(rarvm_data_t *rarvm_data,
+ }
+ }
+
+-static unsigned int filter_itanium_getbits(unsigned char *data, int bit_pos, int bit_count)
++static unsigned int filter_itanium_getbits(unsigned char *data, unsigned int bit_pos, unsigned int bit_count)
+ {
+- int in_addr=bit_pos/8;
+- int in_bit=bit_pos&7;
++ unsigned int in_addr=bit_pos/8;
++ unsigned int in_bit=bit_pos&7;
+ unsigned int bit_field=(unsigned int)data[in_addr++];
+ bit_field|=(unsigned int)data[in_addr++] << 8;
+ bit_field|=(unsigned int)data[in_addr++] << 16;
+@@ -326,10 +326,10 @@ static unsigned int filter_itanium_getbits(unsigned char *data, int bit_pos, int
+ return(bit_field & (0x>>(32-bit_count)));
+ }
+
+-static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field, int bit_pos, int bit_count)
++static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field, unsigned int bit_pos, unsigned int bit_count)
+ {
+- int i, in_addr=bit_pos/8;
+- int in_bit=bit_pos&7;
++ unsigned int i, in_addr=bit_pos/8;
++ unsigned int in_bit=bit_pos&7;
+ unsigned int and_mask=0x>>(32-bit_count);
+ and_mask=~(and_mask<