--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package libarchive
Fixes CVE-2017-5601 by cherry-picking a single upstream commit.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853278
unblock libarchive/3.2.1-6
-- System Information:
Debian Release: 9.0
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog
index e1386ce6..289df2d0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+libarchive (3.2.1-6) unstable; urgency=medium
+
+ * Add debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
+ - Cherry-pick upstream commit 98dcbbf0bf4854bf987557
+ "Fail with negative lha->compsize in lha_read_file_header_1()"
+ Secunia SA74169, CVE-2017-5601 (Closes: #853278)
+
+ -- Andreas Henriksson <andreas@fatal.se> Tue, 31 Jan 2017 10:25:56 +0100
+
libarchive (3.2.1-5) unstable; urgency=medium
* Cherry-pick upstream commits 7f17c791, eec077f5, e37b620f
diff --git a/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch b/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
new file mode 100644
index 00000000..3b35e267
--- /dev/null
+++ b/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
@@ -0,0 +1,23 @@
+From: Martin Matuska <martin@matuska.org>
+Date: Thu, 19 Jan 2017 22:00:18 +0100
+Subject: Fail with negative lha->compsize in lha_read_file_header_1() Fixes a
+ heap buffer overflow reported in Secunia SA74169
+
+---
+ libarchive/archive_read_support_format_lha.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
+index c359d83e..1a5617fa 100644
+--- a/libarchive/archive_read_support_format_lha.c
++++ b/libarchive/archive_read_support_format_lha.c
+@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha)
+ /* Get a real compressed file size. */
+ lha->compsize -= extdsize - 2;
+
++ if (lha->compsize < 0)
++ goto invalid; /* Invalid compressed file size */
++
+ if (sum_calculated != headersum) {
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+ "LHa header sum error");
diff --git a/debian/patches/series b/debian/patches/series
index 24a6b0a7..68f4950f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@ Correct-the-usage-of-PATH_MAX-as-reported-in-Issue-744.patch
Issue-761-Heap-overflow-reading-corrupted-7Zip-files.patch
Issue-747-and-others-Avoid-OOB-read-when-parsing-multiple.patch
Issue-767-Buffer-overflow-printing-a-filename.patch
+Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
--- End Message ---